Skip to content

Commit

Permalink
afs: Fix the maths in afs_fs_store_data()
Browse files Browse the repository at this point in the history 
[ Upstream commit 146a119 ]

afs_fs_store_data() works out of the size of the write it's going to make,
but it uses 32-bit unsigned subtraction in one place that gets
automatically cast to loff_t.

However, if to < offset, then the number goes negative, but as the result
isn't signed, this doesn't get sign-extended to 64-bits when placed in a
loff_t.

Fix by casting the operands to loff_t.

Signed-off-by: David Howells <[email protected]>
Signed-off-by: Sasha Levin <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
  • Loading branch information
@dhowells @gregkh
dhowells authored and gregkh committed Dec 20, 2017
1 parent 1efae6c commit fa03453
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion fs/afs/fsclient.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1225,7 +1225,7 @@ int afs_fs_store_data(struct afs_server *server, struct afs_writeback *wb,
_enter(",%x,{%x:%u},,",
key_serial(wb->key), vnode->fid.vid, vnode->fid.vnode);

size = to - offset;
size = (loff_t)to - (loff_t)offset;
if (first != last)
size += (loff_t)(last - first) << PAGE_SHIFT;
pos = (loff_t)first << PAGE_SHIFT;
Expand Down

0 comments on commit fa03453

Please sign in to comment.