| From d0b040f5f2557b2f507c01e88ad8cff424fdc6a9 Mon Sep 17 00:00:00 2001 |
| From: Jan Kara <jack@suse.cz> |
| Date: Mon, 12 Apr 2021 12:23:33 +0200 |
| Subject: ext4: fix overflow in ext4_iomap_alloc() |
| |
| From: Jan Kara <jack@suse.cz> |
| |
| commit d0b040f5f2557b2f507c01e88ad8cff424fdc6a9 upstream. |
| |
| A code in iomap alloc may overflow block number when converting it to |
| byte offset. Luckily this is mostly harmless as we will just use more |
| expensive method of writing using unwritten extents even though we are |
| writing beyond i_size. |
| |
| Cc: stable@kernel.org |
| Fixes: 378f32bab371 ("ext4: introduce direct I/O write using iomap infrastructure") |
| Signed-off-by: Jan Kara <jack@suse.cz> |
| Link: https://lore.kernel.org/r/20210412102333.2676-4-jack@suse.cz |
| Signed-off-by: Theodore Ts'o <tytso@mit.edu> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| |
| --- |
| fs/ext4/inode.c | 2 +- |
| 1 file changed, 1 insertion(+), 1 deletion(-) |
| |
| --- a/fs/ext4/inode.c |
| +++ b/fs/ext4/inode.c |
| @@ -3419,7 +3419,7 @@ retry: |
| * i_disksize out to i_size. This could be beyond where direct I/O is |
| * happening and thus expose allocated blocks to direct I/O reads. |
| */ |
| - else if ((map->m_lblk * (1 << blkbits)) >= i_size_read(inode)) |
| + else if (((loff_t)map->m_lblk << blkbits) >= i_size_read(inode)) |
| m_flags = EXT4_GET_BLOCKS_CREATE; |
| else if (ext4_test_inode_flag(inode, EXT4_INODE_EXTENTS)) |
| m_flags = EXT4_GET_BLOCKS_IO_CREATE_EXT; |