| From a3467fbb66e7833f6b772044a7579ef9bdf2dc14 Mon Sep 17 00:00:00 2001 |
| From: Colin Ian King <colin.king@canonical.com> |
| Date: Tue, 11 Aug 2020 18:35:53 -0700 |
| Subject: [PATCH] fs/ufs: avoid potential u32 multiplication overflow |
| |
| commit 88b2e9b06381551b707d980627ad0591191f7a2d upstream. |
| |
| The 64 bit ino is being compared to the product of two u32 values, |
| however, the multiplication is being performed using a 32 bit multiply so |
| there is a potential of an overflow. To be fully safe, cast uspi->s_ncg |
| to a u64 to ensure a 64 bit multiplication occurs to avoid any chance of |
| overflow. |
| |
| Fixes: f3e2a520f5fb ("ufs: NFS support") |
| Signed-off-by: Colin Ian King <colin.king@canonical.com> |
| Signed-off-by: Andrew Morton <akpm@linux-foundation.org> |
| Cc: Evgeniy Dushistov <dushistov@mail.ru> |
| Cc: Alexey Dobriyan <adobriyan@gmail.com> |
| Link: http://lkml.kernel.org/r/20200715170355.1081713-1-colin.king@canonical.com |
| Addresses-Coverity: ("Unintentional integer overflow") |
| Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> |
| Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com> |
| |
| diff --git a/fs/ufs/super.c b/fs/ufs/super.c |
| index 3d247c0d92aa..15677eebef4c 100644 |
| --- a/fs/ufs/super.c |
| +++ b/fs/ufs/super.c |
| @@ -101,7 +101,7 @@ static struct inode *ufs_nfs_get_inode(struct super_block *sb, u64 ino, u32 gene |
| struct ufs_sb_private_info *uspi = UFS_SB(sb)->s_uspi; |
| struct inode *inode; |
| |
| - if (ino < UFS_ROOTINO || ino > uspi->s_ncg * uspi->s_ipg) |
| + if (ino < UFS_ROOTINO || ino > (u64)uspi->s_ncg * uspi->s_ipg) |
| return ERR_PTR(-ESTALE); |
| |
| inode = ufs_iget(sb, ino); |
| -- |
| 2.27.0 |
| |