queue/fs-ufs-avoid-potential-u32-multiplication-overflow.patch - pub/scm/linux/kernel/git/paulg/longterm-queue-5.2 - Git at Google

 From a3467fbb66e7833f6b772044a7579ef9bdf2dc14 Mon Sep 17 00:00:00 2001
 From: Colin Ian King <colin.king@canonical.com>
 Date: Tue, 11 Aug 2020 18:35:53 -0700
 Subject: [PATCH] fs/ufs: avoid potential u32 multiplication overflow

 commit 88b2e9b06381551b707d980627ad0591191f7a2d upstream.

 The 64 bit ino is being compared to the product of two u32 values,
 however, the multiplication is being performed using a 32 bit multiply so
 there is a potential of an overflow.  To be fully safe, cast uspi->s_ncg
 to a u64 to ensure a 64 bit multiplication occurs to avoid any chance of
 overflow.

 Fixes: f3e2a520f5fb ("ufs: NFS support")
 Signed-off-by: Colin Ian King <colin.king@canonical.com>
 Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
 Cc: Evgeniy Dushistov <dushistov@mail.ru>
 Cc: Alexey Dobriyan <adobriyan@gmail.com>
 Link: http://lkml.kernel.org/r/20200715170355.1081713-1-colin.king@canonical.com
 Addresses-Coverity: ("Unintentional integer overflow")
 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
 Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>

 diff --git a/fs/ufs/super.c b/fs/ufs/super.c
 index 3d247c0d92aa..15677eebef4c 100644
 --- a/fs/ufs/super.c
 +++ b/fs/ufs/super.c
 @@ -101,7 +101,7 @@ static struct inode *ufs_nfs_get_inode(struct super_block *sb, u64 ino, u32 gene
  	struct ufs_sb_private_info *uspi = UFS_SB(sb)->s_uspi;
  	struct inode *inode;

 -	if (ino < UFS_ROOTINO || ino > uspi->s_ncg * uspi->s_ipg)
 +	if (ino < UFS_ROOTINO || ino > (u64)uspi->s_ncg * uspi->s_ipg)
  		return ERR_PTR(-ESTALE);

  	inode = ufs_iget(sb, ino);
 --
 2.27.0
	From a3467fbb66e7833f6b772044a7579ef9bdf2dc14 Mon Sep 17 00:00:00 2001
	From: Colin Ian King <colin.king@canonical.com>
	Date: Tue, 11 Aug 2020 18:35:53 -0700
	Subject: [PATCH] fs/ufs: avoid potential u32 multiplication overflow

	commit 88b2e9b06381551b707d980627ad0591191f7a2d upstream.

	The 64 bit ino is being compared to the product of two u32 values,
	however, the multiplication is being performed using a 32 bit multiply so
	there is a potential of an overflow. To be fully safe, cast uspi->s_ncg
	to a u64 to ensure a 64 bit multiplication occurs to avoid any chance of
	overflow.

	Fixes: f3e2a520f5fb ("ufs: NFS support")
	Signed-off-by: Colin Ian King <colin.king@canonical.com>
	Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
	Cc: Evgeniy Dushistov <dushistov@mail.ru>
	Cc: Alexey Dobriyan <adobriyan@gmail.com>
	Link: http://lkml.kernel.org/r/20200715170355.1081713-1-colin.king@canonical.com
	Addresses-Coverity: ("Unintentional integer overflow")
	Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
	Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>

	diff --git a/fs/ufs/super.c b/fs/ufs/super.c
	index 3d247c0d92aa..15677eebef4c 100644
	--- a/fs/ufs/super.c
	+++ b/fs/ufs/super.c
	@@ -101,7 +101,7 @@ static struct inode ufs_nfs_get_inode(struct super_block sb, u64 ino, u32 gene
	struct ufs_sb_private_info *uspi = UFS_SB(sb)->s_uspi;
	struct inode *inode;

	- if (ino < UFS_ROOTINO \|\| ino > uspi->s_ncg * uspi->s_ipg)
	+ if (ino < UFS_ROOTINO \|\| ino > (u64)uspi->s_ncg * uspi->s_ipg)
	return ERR_PTR(-ESTALE);

	inode = ufs_iget(sb, ino);
	--
	2.27.0