diff mbox series

[3/7] ceph: Promote to unsigned long long before shifting

Message ID 20201004180428.14494-4-willy@infradead.org
State New
Headers show
Series [1/7] 9P: Cast to loff_t before multiplying | expand

Commit Message

Matthew Wilcox Oct. 4, 2020, 6:04 p.m. UTC
On 32-bit systems, this shift will overflow for files larger than 4GB.

Cc: stable@vger.kernel.org
Fixes: 61f68816211e ("ceph: check caps in filemap_fault and page_mkwrite")
Signed-off-by: Matthew Wilcox (Oracle) <willy@infradead.org>
---
 fs/ceph/addr.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Jeff Layton Oct. 6, 2020, 11:29 a.m. UTC | #1
On Sun, 2020-10-04 at 19:04 +0100, Matthew Wilcox (Oracle) wrote:
> On 32-bit systems, this shift will overflow for files larger than 4GB.

> 

> Cc: stable@vger.kernel.org

> Fixes: 61f68816211e ("ceph: check caps in filemap_fault and page_mkwrite")

> Signed-off-by: Matthew Wilcox (Oracle) <willy@infradead.org>

> ---

>  fs/ceph/addr.c | 2 +-

>  1 file changed, 1 insertion(+), 1 deletion(-)

> 

> diff --git a/fs/ceph/addr.c b/fs/ceph/addr.c

> index 6ea761c84494..970e5a094035 100644

> --- a/fs/ceph/addr.c

> +++ b/fs/ceph/addr.c

> @@ -1522,7 +1522,7 @@ static vm_fault_t ceph_filemap_fault(struct vm_fault *vmf)

>  	struct ceph_inode_info *ci = ceph_inode(inode);

>  	struct ceph_file_info *fi = vma->vm_file->private_data;

>  	struct page *pinned_page = NULL;

> -	loff_t off = vmf->pgoff << PAGE_SHIFT;

> +	loff_t off = (loff_t)vmf->pgoff << PAGE_SHIFT;

>  	int want, got, err;

>  	sigset_t oldset;

>  	vm_fault_t ret = VM_FAULT_SIGBUS;


Good catch! Would you like us to take this in via the ceph tree, or are
you planning to submit altogether upstream? Either way:

Reviewed-by: Jeff Layton <jlayton@kernel.org>
Jeff Layton Oct. 6, 2020, 5:20 p.m. UTC | #2
On Sun, 2020-10-04 at 19:04 +0100, Matthew Wilcox (Oracle) wrote:
> On 32-bit systems, this shift will overflow for files larger than 4GB.
> 
> Cc: stable@vger.kernel.org
> Fixes: 61f68816211e ("ceph: check caps in filemap_fault and page_mkwrite")
> Signed-off-by: Matthew Wilcox (Oracle) <willy@infradead.org>
> ---
>  fs/ceph/addr.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/fs/ceph/addr.c b/fs/ceph/addr.c
> index 6ea761c84494..970e5a094035 100644
> --- a/fs/ceph/addr.c
> +++ b/fs/ceph/addr.c
> @@ -1522,7 +1522,7 @@ static vm_fault_t ceph_filemap_fault(struct vm_fault *vmf)
>  	struct ceph_inode_info *ci = ceph_inode(inode);
>  	struct ceph_file_info *fi = vma->vm_file->private_data;
>  	struct page *pinned_page = NULL;
> -	loff_t off = vmf->pgoff << PAGE_SHIFT;
> +	loff_t off = (loff_t)vmf->pgoff << PAGE_SHIFT;
>  	int want, got, err;
>  	sigset_t oldset;
>  	vm_fault_t ret = VM_FAULT_SIGBUS;


I went ahead and merged this into the ceph-client/testing branch. Given
how old this bug is, I don't see a real need to rush this into v5.9, but
if we have any other patches going in before that ships, then it might
be good to send this one along too.
diff mbox series

Patch

diff --git a/fs/ceph/addr.c b/fs/ceph/addr.c
index 6ea761c84494..970e5a094035 100644
--- a/fs/ceph/addr.c
+++ b/fs/ceph/addr.c
@@ -1522,7 +1522,7 @@  static vm_fault_t ceph_filemap_fault(struct vm_fault *vmf)
 	struct ceph_inode_info *ci = ceph_inode(inode);
 	struct ceph_file_info *fi = vma->vm_file->private_data;
 	struct page *pinned_page = NULL;
-	loff_t off = vmf->pgoff << PAGE_SHIFT;
+	loff_t off = (loff_t)vmf->pgoff << PAGE_SHIFT;
 	int want, got, err;
 	sigset_t oldset;
 	vm_fault_t ret = VM_FAULT_SIGBUS;