ocfs2: fix shift left operations overflow (7fa05c6e) · Commits · 戴 / test

ocfs2_inode_info->ip_clusters and ocfs2_dinode->id1.bitmap1.i_total are defined as type u32, so the shift left operations may overflow if volume size is large, for example, 2TB and cluster size is 1MB. Signed-off-by:

Joseph Qi <joseph.qi@huawei.com> Reviewed-by:

Alex Chen <alex.chen@huawei.com> Cc: Mark Fasheh <mfasheh@suse.com> Cc: Joel Becker <jlbec@evilplan.org> Signed-off-by:

Andrew Morton <akpm@linux-foundation.org> Signed-off-by:

Linus Torvalds <torvalds@linux-foundation.org>

fs/ocfs2/inode.h

+1 −1

Original line number	Diff line number	Diff line
		@@ -162,7 +162,7 @@ static inline blkcnt_t ocfs2_inode_sector_count(struct inode *inode)
		{
		int c_to_s_bits = OCFS2_SB(inode->i_sb)->s_clustersize_bits - 9;

		return (blkcnt_t)(OCFS2_I(inode)->ip_clusters << c_to_s_bits);
		return (blkcnt_t)OCFS2_I(inode)->ip_clusters << c_to_s_bits;
		}

		/* Validate that a bh contains a valid inode */

fs/ocfs2/move_extents.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -404,7 +404,7 @@ static int ocfs2_find_victim_alloc_group(struct inode *inode,
		* 'vict_blkno' was out of the valid range.
		*/
		if ((vict_blkno < le64_to_cpu(rec->c_blkno)) \|\|
		(vict_blkno >= (le32_to_cpu(ac_dinode->id1.bitmap1.i_total) <<
		(vict_blkno >= ((u64)le32_to_cpu(ac_dinode->id1.bitmap1.i_total) <<
		bits_per_unit))) {
		ret = -EINVAL;
		goto out;

Admin message