From patchwork Tue Aug 26 06:47:25 2014
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Brian Norris <computersforpeace@gmail.com>
X-Patchwork-Id: 4778531
Return-Path: <linux-btrfs-owner@kernel.org>
X-Original-To: patchwork-linux-btrfs@patchwork.kernel.org
Delivered-To: patchwork-parsemail@patchwork2.web.kernel.org
Received: from mail.kernel.org (mail.kernel.org [198.145.19.201])
	by patchwork2.web.kernel.org (Postfix) with ESMTP id DEBA4C0338
	for <patchwork-linux-btrfs@patchwork.kernel.org>;
	Tue, 26 Aug 2014 06:47:45 +0000 (UTC)
Received: from mail.kernel.org (localhost [127.0.0.1])
	by mail.kernel.org (Postfix) with ESMTP id 144FF20131
	for <patchwork-linux-btrfs@patchwork.kernel.org>;
	Tue, 26 Aug 2014 06:47:45 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.kernel.org (Postfix) with ESMTP id 3E6D72012E
	for <patchwork-linux-btrfs@patchwork.kernel.org>;
	Tue, 26 Aug 2014 06:47:44 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1757326AbaHZGrb (ORCPT
	<rfc822;patchwork-linux-btrfs@patchwork.kernel.org>);
	Tue, 26 Aug 2014 02:47:31 -0400
Received: from mail-pa0-f50.google.com ([209.85.220.50]:63742 "EHLO
	mail-pa0-f50.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1757228AbaHZGr3 (ORCPT
	<rfc822;linux-btrfs@vger.kernel.org>);
	Tue, 26 Aug 2014 02:47:29 -0400
Received: by mail-pa0-f50.google.com with SMTP id et14so23024784pad.9
	for <multiple recipients>; Mon, 25 Aug 2014 23:47:28 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gmail.com; s=20120113;
	h=date:from:to:cc:subject:message-id:references:mime-version
	:content-type:content-disposition:in-reply-to:user-agent;
	bh=w9NDF+rKX+lEjyDuIp1MMjZFgJx6EnmmWYH87hGjNrc=;
	b=W19CsFB26j7lE9905APb92gvC9ZUZIRMATjBsIveLFHMcAirL4xxtox99Tgs4GNm4F
	zDWN3uLOMOk95CeND+o/GaYkeHga1an6jSMQfiR+qU5gOBKo/0eK43CrL22DeJr5yiIp
	HMijgAtfGRGlPM25xIm6lSJxPaJ1ZjVl15zNLZioGgaGDpaicY1JLOdzbAzqZD1SEkMS
	U4ATKXJQSMzN+CEzRgmN/GPYnqROEMcJ1GHDq+bpDtxaJNFkD10vguJ+KlO3inOhbSSk
	4e7e0LYaFuSfu5slKRwhOKW/fYXuK8778iOR3t0kC2IqQSLAIP1iYC2JhtSaXhrMiIlu
	o4Gw==
X-Received: by 10.66.142.166 with SMTP id rx6mr16738649pab.128.1409035648870;
	Mon, 25 Aug 2014 23:47:28 -0700 (PDT)
Received: from norris-Latitude-E6410 (cpe-98-154-223-43.socal.res.rr.com.
	[98.154.223.43]) by mx.google.com with ESMTPSA id
	ha10sm1862302pbd.49.2014.08.25.23.47.27 for <multiple recipients>
	(version=TLSv1.2 cipher=RC4-SHA bits=128/128);
	Mon, 25 Aug 2014 23:47:28 -0700 (PDT)
Date: Mon, 25 Aug 2014 23:47:25 -0700
From: Brian Norris <computersforpeace@gmail.com>
To: Chris Mason <clm@fb.com>
Cc: Josef Bacik <jbacik@fb.com>, linux-btrfs@vger.kernel.org,
	Linux Kernel <linux-kernel@vger.kernel.org>,
	Timofey Titovets <nefelim4ag@gmail.com>
Subject: [PATCH v2] fs: btrfs: fix potential overflow
Message-ID: <20140826064725.GE3246@norris-Latitude-E6410>
References: <1408858881-30497-1-git-send-email-computersforpeace@gmail.com>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <1408858881-30497-1-git-send-email-computersforpeace@gmail.com>
User-Agent: Mutt/1.5.21 (2010-09-15)
Sender: linux-btrfs-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-btrfs.vger.kernel.org>
X-Mailing-List: linux-btrfs@vger.kernel.org
X-Spam-Status: No, score=-6.8 required=5.0 tests=BAYES_00,
	DKIM_ADSP_CUSTOM_MED,
	DKIM_SIGNED, FREEMAIL_FROM, RCVD_IN_DNSWL_HI, RP_MATCHES_RCVD,
	T_DKIM_INVALID, UNPARSEABLE_RELAY autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

It looks like this intended to be 64-bit arithmetic, but it's actually
performed as 32-bit. Fix that. (Note that 'increment' was being
initialized twice, so this patch removes one of those.)

Caught by Coverity Scan (CID 1201422).

Signed-off-by: Brian Norris <computersforpeace@gmail.com>
---
v2: remove useless multiplication-by-one

Untested

 fs/btrfs/scrub.c | 9 +++------
 1 file changed, 3 insertions(+), 6 deletions(-)

diff --git a/fs/btrfs/scrub.c b/fs/btrfs/scrub.c
index b6d198f5181e..e38933ebf97f 100644
--- a/fs/btrfs/scrub.c
+++ b/fs/btrfs/scrub.c
@@ -2320,26 +2320,23 @@ static noinline_for_stack int scrub_stripe(struct scrub_ctx *sctx,
 	do_div(nstripes, map->stripe_len);
 	if (map->type & BTRFS_BLOCK_GROUP_RAID0) {
 		offset = map->stripe_len * num;
-		increment = map->stripe_len * map->num_stripes;
+		increment *= map->num_stripes;
 		mirror_num = 1;
 	} else if (map->type & BTRFS_BLOCK_GROUP_RAID10) {
 		int factor = map->num_stripes / map->sub_stripes;
 		offset = map->stripe_len * (num / map->sub_stripes);
-		increment = map->stripe_len * factor;
+		increment *= factor;
 		mirror_num = num % map->sub_stripes + 1;
 	} else if (map->type & BTRFS_BLOCK_GROUP_RAID1) {
-		increment = map->stripe_len;
 		mirror_num = num % map->num_stripes + 1;
 	} else if (map->type & BTRFS_BLOCK_GROUP_DUP) {
-		increment = map->stripe_len;
 		mirror_num = num % map->num_stripes + 1;
 	} else if (map->type & (BTRFS_BLOCK_GROUP_RAID5 |
 				BTRFS_BLOCK_GROUP_RAID6)) {
 		get_raid56_logic_offset(physical, num, map, &offset);
-		increment = map->stripe_len * nr_data_stripes(map);
+		increment *= nr_data_stripes(map);
 		mirror_num = 1;
 	} else {
-		increment = map->stripe_len;
 		mirror_num = 1;
 	}