From 293c266e57d4cc14f4b96aaff7a088ef8f1d0878 Mon Sep 17 00:00:00 2001
From: Steve French <stfrench@microsoft.com>
Date: Wed, 11 Aug 2021 23:23:02 -0500
Subject: [PATCH] cifs: avoid signed integer overflow in calculating blocks
xfstest generic/525 can generate the following warning:
UBSAN: signed-integer-overflow in fs/cifs/file.c:2644:31
9223372036854775807 + 511 cannot be represented in type 'long long int'
Call Trace:
dump_stack+0x8d/0xb5
ubsan_epilogue+0x5/0x50
handle_overflow+0xa3/0xb0
cifs_write_end+0x424/0x440 [cifs]
generic_perform_write+0xef/0x190
due to overflowing loff_t (a signed 64 bit) when it is rounded up
to calculate number of 512 byte blocks in a file
Signed-off-by: Steve French <stfrench@microsoft.com>
---
fs/cifs/file.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
@@ -2641,7 +2641,8 @@ static int cifs_write_end(struct file *file, struct address_space *mapping,
spin_lock(&inode->i_lock);
if (pos > inode->i_size) {
i_size_write(inode, pos);
- inode->i_blocks = (512 - 1 + pos) >> 9;
+ /* round up to block boundary, avoid overflow loff_t */
+ inode->i_blocks = ((__u64)pos + (512 - 1)) >> 9;
}
spin_unlock(&inode->i_lock);
}
--
2.30.2
xfstest generic/525 can generate the following warning: UBSAN: signed-integer-overflow in fs/cifs/file.c:2644:31 9223372036854775807 + 511 cannot be represented in type 'long long int' Call Trace: dump_stack+0x8d/0xb5 ubsan_epilogue+0x5/0x50 handle_overflow+0xa3/0xb0 cifs_write_end+0x424/0x440 [cifs] generic_perform_write+0xef/0x190 due to overflowing loff_t (a signed 64 bit) when it is rounded up to calculate number of 512 byte blocks in a file Signed-off-by: Steve French <stfrench@microsoft.com> --- fs/cifs/file.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) }