From patchwork Tue Jan 21 19:18:29 2014 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Justin Maggard X-Patchwork-Id: 3519271 Return-Path: X-Original-To: patchwork-linux-btrfs@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork2.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.19.201]) by patchwork2.web.kernel.org (Postfix) with ESMTP id 0082CC02DC for ; Tue, 21 Jan 2014 19:18:41 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id 2686B20125 for ; Tue, 21 Jan 2014 19:18:41 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 4CD5320109 for ; Tue, 21 Jan 2014 19:18:40 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751590AbaAUTSh (ORCPT ); Tue, 21 Jan 2014 14:18:37 -0500 Received: from mail-pd0-f173.google.com ([209.85.192.173]:36999 "EHLO mail-pd0-f173.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750773AbaAUTSg (ORCPT ); Tue, 21 Jan 2014 14:18:36 -0500 Received: by mail-pd0-f173.google.com with SMTP id y10so5034721pdj.32 for ; Tue, 21 Jan 2014 11:18:35 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:to:cc:subject:date:message-id; bh=xhIgv0hXvQfNk5xI26TXpLgy0oRTpxuZlwsogZhJWMI=; b=ISxMDo0Cy3plDUhkAadHm4h9nTOXThmsZ/VL/s48em61NWJxzjzNeS8+MJl4naEWsx ALamWeduoTZO8++P9E9dp+UnP3ncyrgM4tk3UlbYhSzF5vfQZFsrJpQiGfvSGJ1SODoL 5Wvodb/NjaC+cZ+c0fYLAd4LYbPCKwV0DzjiuRzsIIRqtSCJAPqyL67vecedo761kFRn n9pzdIWyjrVOkQtASxUpNMgFBpgn2Xpx79AeClBIspIOuJXrndyzpGkbqGNkhWUcR1TN 9PAPx2GZFT5nkfodSXcSV3j/CemoBQPpRt1Mi9GTyW69o9DyiOkCIN5s6K5Tt0KyMHcG KtAA== X-Received: by 10.68.231.35 with SMTP id td3mr11367046pbc.137.1390331915750; Tue, 21 Jan 2014 11:18:35 -0800 (PST) Received: from jmaggard-ThinkPad-W520.infrant-6.com ([209.249.181.1]) by mx.google.com with ESMTPSA id os1sm31295149pac.20.2014.01.21.11.18.33 for (version=TLSv1.1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Tue, 21 Jan 2014 11:18:34 -0800 (PST) From: Justin Maggard To: linux-btrfs@vger.kernel.org Cc: Justin Maggard Subject: [PATCH] btrfs: fix defrag 32-bit integer overflow Date: Tue, 21 Jan 2014 11:18:29 -0800 Message-Id: <1390331909-7476-1-git-send-email-jmaggard10@gmail.com> X-Mailer: git-send-email 1.7.9.5 Sender: linux-btrfs-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-btrfs@vger.kernel.org X-Spam-Status: No, score=-7.3 required=5.0 tests=BAYES_00, DKIM_ADSP_CUSTOM_MED, DKIM_SIGNED, FREEMAIL_FROM, RCVD_IN_DNSWL_HI, RP_MATCHES_RCVD, T_DKIM_INVALID, UNPARSEABLE_RELAY autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP When defragging a very large file, the cluster variable can wrap its 32-bit signed int type and become negative, which eventually gets passed to btrfs_force_ra() as a very large unsigned long value. On 32-bit platforms, this eventually results in an Oops from the SLAB allocator. Change the cluster and max_cluster signed int variables to unsigned long to match the readahead functions. This also allows the min() comparison in btrfs_defrag_file() to work as intended. --- fs/btrfs/ioctl.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c index 21da576..22e9837 100644 --- a/fs/btrfs/ioctl.c +++ b/fs/btrfs/ioctl.c @@ -1011,7 +1011,7 @@ out: static int cluster_pages_for_defrag(struct inode *inode, struct page **pages, unsigned long start_index, - int num_pages) + unsigned long num_pages) { unsigned long file_end; u64 isize = i_size_read(inode); @@ -1169,8 +1169,8 @@ int btrfs_defrag_file(struct inode *inode, struct file *file, int defrag_count = 0; int compress_type = BTRFS_COMPRESS_ZLIB; int extent_thresh = range->extent_thresh; - int max_cluster = (256 * 1024) >> PAGE_CACHE_SHIFT; - int cluster = max_cluster; + unsigned long max_cluster = (256 * 1024) >> PAGE_CACHE_SHIFT; + unsigned long cluster = max_cluster; u64 new_align = ~((u64)128 * 1024 - 1); struct page **pages = NULL;