Message ID | 20201004180428.14494-4-willy@infradead.org |
---|---|
State | New |
Headers | show |
Series | [1/7] 9P: Cast to loff_t before multiplying | expand |
On Sun, 2020-10-04 at 19:04 +0100, Matthew Wilcox (Oracle) wrote: > On 32-bit systems, this shift will overflow for files larger than 4GB. > > Cc: stable@vger.kernel.org > Fixes: 61f68816211e ("ceph: check caps in filemap_fault and page_mkwrite") > Signed-off-by: Matthew Wilcox (Oracle) <willy@infradead.org> > --- > fs/ceph/addr.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/fs/ceph/addr.c b/fs/ceph/addr.c > index 6ea761c84494..970e5a094035 100644 > --- a/fs/ceph/addr.c > +++ b/fs/ceph/addr.c > @@ -1522,7 +1522,7 @@ static vm_fault_t ceph_filemap_fault(struct vm_fault *vmf) > struct ceph_inode_info *ci = ceph_inode(inode); > struct ceph_file_info *fi = vma->vm_file->private_data; > struct page *pinned_page = NULL; > - loff_t off = vmf->pgoff << PAGE_SHIFT; > + loff_t off = (loff_t)vmf->pgoff << PAGE_SHIFT; > int want, got, err; > sigset_t oldset; > vm_fault_t ret = VM_FAULT_SIGBUS; Good catch! Would you like us to take this in via the ceph tree, or are you planning to submit altogether upstream? Either way: Reviewed-by: Jeff Layton <jlayton@kernel.org>
On Sun, 2020-10-04 at 19:04 +0100, Matthew Wilcox (Oracle) wrote: > On 32-bit systems, this shift will overflow for files larger than 4GB. > > Cc: stable@vger.kernel.org > Fixes: 61f68816211e ("ceph: check caps in filemap_fault and page_mkwrite") > Signed-off-by: Matthew Wilcox (Oracle) <willy@infradead.org> > --- > fs/ceph/addr.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/fs/ceph/addr.c b/fs/ceph/addr.c > index 6ea761c84494..970e5a094035 100644 > --- a/fs/ceph/addr.c > +++ b/fs/ceph/addr.c > @@ -1522,7 +1522,7 @@ static vm_fault_t ceph_filemap_fault(struct vm_fault *vmf) > struct ceph_inode_info *ci = ceph_inode(inode); > struct ceph_file_info *fi = vma->vm_file->private_data; > struct page *pinned_page = NULL; > - loff_t off = vmf->pgoff << PAGE_SHIFT; > + loff_t off = (loff_t)vmf->pgoff << PAGE_SHIFT; > int want, got, err; > sigset_t oldset; > vm_fault_t ret = VM_FAULT_SIGBUS; I went ahead and merged this into the ceph-client/testing branch. Given how old this bug is, I don't see a real need to rush this into v5.9, but if we have any other patches going in before that ships, then it might be good to send this one along too.
diff --git a/fs/ceph/addr.c b/fs/ceph/addr.c index 6ea761c84494..970e5a094035 100644 --- a/fs/ceph/addr.c +++ b/fs/ceph/addr.c @@ -1522,7 +1522,7 @@ static vm_fault_t ceph_filemap_fault(struct vm_fault *vmf) struct ceph_inode_info *ci = ceph_inode(inode); struct ceph_file_info *fi = vma->vm_file->private_data; struct page *pinned_page = NULL; - loff_t off = vmf->pgoff << PAGE_SHIFT; + loff_t off = (loff_t)vmf->pgoff << PAGE_SHIFT; int want, got, err; sigset_t oldset; vm_fault_t ret = VM_FAULT_SIGBUS;
On 32-bit systems, this shift will overflow for files larger than 4GB. Cc: stable@vger.kernel.org Fixes: 61f68816211e ("ceph: check caps in filemap_fault and page_mkwrite") Signed-off-by: Matthew Wilcox (Oracle) <willy@infradead.org> --- fs/ceph/addr.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)