From patchwork Thu Aug 12 04:30:59 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steve French X-Patchwork-Id: 12432429 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-12.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 570E2C4338F for ; Thu, 12 Aug 2021 04:31:14 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 3146A60F57 for ; Thu, 12 Aug 2021 04:31:14 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230373AbhHLEbh (ORCPT ); Thu, 12 Aug 2021 00:31:37 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52014 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229531AbhHLEbg (ORCPT ); Thu, 12 Aug 2021 00:31:36 -0400 Received: from mail-lf1-x12a.google.com (mail-lf1-x12a.google.com [IPv6:2a00:1450:4864:20::12a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id CEDD7C061765 for ; Wed, 11 Aug 2021 21:31:11 -0700 (PDT) Received: by mail-lf1-x12a.google.com with SMTP id y34so10858365lfa.8 for ; Wed, 11 Aug 2021 21:31:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=p86OCZib7XVi9FE2ttEidowrz65EVobZnuQ1aOIavik=; b=llRkO0Hvh4Uty9oL8moZnXPl0rqNK1I9xTrFJ3RMTuVJBzRa0nR9iVO4tuY8DksoNO fGUuVjFfVOAhoYE7SMEVEGTTrb4qkB6zN1hcacybNwxtSp4VISbBf8uel8JY3BgODDbH IcygCe0+XZNsFv3z6jQn6FEIjUpFaJb7/pwgf1Xo34yT9gTXzyg2oar0Nv2BlYTT0flE oGjXsgSn41/XhwYTwPGdFXQUiEF55Bq3tGrP9ZiMbozQFyv4aNUHGlQiC8whcv306NJq is20F9ic9YD4FN9nOtMqNEsriHQiBcqv/Tzh+P21iUB7ry8zjrDMQ46JG4U/dc7r94YF gvUA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=p86OCZib7XVi9FE2ttEidowrz65EVobZnuQ1aOIavik=; b=MvLO7VhRPvmCyBeByDpBJX9Ig417LhsMxlNIFWYHJFB0fJtG6wNiRuu5R2KwjfJPw4 tx8ZeTK2ojERrB8WduvoHvUKW78mft6JwRH90gI/jzOYiNJ6sHcxkutQK5jQk/eUO3ol WKyBPnUyf6P1iBU7jLYaPTnFaveOSQM2boYfjCNWpplpLOuAgdqqUAgMteywod8qb5jo 2hWCG7TstCJly7qQrRvQr9Ywq6bQKkwUgmFKXRArHwbxU4+zcFnwCI0aILgQYDiY6qFH fvhuceuoQK/6Bndw+zVihADw4lOFA+dopUX9UDQhP/DF3ol2BxEaW8BnWlbrgQbDwQp9 rmLQ== X-Gm-Message-State: AOAM532wxcNZ6bYf5AasDGO2q67KctizlAVjt8SeDVPE7FhIeSpeNgMS enJ+Yjq/8iTfwcyF3XPxfdvRgh3353eTu82xgsIg2k+XuG+bjg== X-Google-Smtp-Source: ABdhPJwHY/hPOs5yOOaHSjxmhP1QhKhFZ8Pjz885S/vVBHX22PODU7xzc5iCiVbs9076Vjpc4PHTXbuIF4GnIt6A1wg= X-Received: by 2002:ac2:4350:: with SMTP id o16mr1232970lfl.184.1628742669874; Wed, 11 Aug 2021 21:31:09 -0700 (PDT) MIME-Version: 1.0 From: Steve French Date: Wed, 11 Aug 2021 23:30:59 -0500 Message-ID: Subject: [PATCH][CIFS] avoid signed integer overflow in calculating blocks To: CIFS Precedence: bulk List-ID: X-Mailing-List: linux-cifs@vger.kernel.org xfstest generic/525 can generate the following warning: UBSAN: signed-integer-overflow in fs/cifs/file.c:2644:31 9223372036854775807 + 511 cannot be represented in type 'long long int' Call Trace: dump_stack+0x8d/0xb5 ubsan_epilogue+0x5/0x50 handle_overflow+0xa3/0xb0 cifs_write_end+0x424/0x440 [cifs] generic_perform_write+0xef/0x190 due to overflowing loff_t (a signed 64 bit) when it is rounded up to calculate number of 512 byte blocks in a file Signed-off-by: Steve French --- fs/cifs/file.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) } From 293c266e57d4cc14f4b96aaff7a088ef8f1d0878 Mon Sep 17 00:00:00 2001 From: Steve French Date: Wed, 11 Aug 2021 23:23:02 -0500 Subject: [PATCH] cifs: avoid signed integer overflow in calculating blocks xfstest generic/525 can generate the following warning: UBSAN: signed-integer-overflow in fs/cifs/file.c:2644:31 9223372036854775807 + 511 cannot be represented in type 'long long int' Call Trace: dump_stack+0x8d/0xb5 ubsan_epilogue+0x5/0x50 handle_overflow+0xa3/0xb0 cifs_write_end+0x424/0x440 [cifs] generic_perform_write+0xef/0x190 due to overflowing loff_t (a signed 64 bit) when it is rounded up to calculate number of 512 byte blocks in a file Signed-off-by: Steve French --- fs/cifs/file.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/fs/cifs/file.c b/fs/cifs/file.c index 0166f39f1888..3cc17871471a 100644 --- a/fs/cifs/file.c +++ b/fs/cifs/file.c @@ -2641,7 +2641,8 @@ static int cifs_write_end(struct file *file, struct address_space *mapping, spin_lock(&inode->i_lock); if (pos > inode->i_size) { i_size_write(inode, pos); - inode->i_blocks = (512 - 1 + pos) >> 9; + /* round up to block boundary, avoid overflow loff_t */ + inode->i_blocks = ((__u64)pos + (512 - 1)) >> 9; } spin_unlock(&inode->i_lock); } -- 2.30.2