From: Al Viro Date: Fri, 18 Oct 2024 07:25:29 +0000 (-0400) Subject: ufs_free_fragments(): fix the braino in sanity check X-Git-Tag: v6.13-rc1~216^2~10 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=426f07ad3e2c9b51bfd93b870a3a9b04644130d0;p=thirdparty%2Flinux.git ufs_free_fragments(): fix the braino in sanity check The function expects that all fragments it's been asked to free will be within the same block. And it even has a sanity check verifying that - it takes the fragment number modulo the number of fragments per block, adds the count and checks if that's too high. Unfortunately, it misspells the upper limit - instead of ->s_fpb (fragments per block) it says ->s_fpg (fragments per cylinder group). So "too high" ends up being insanely lenient. Had been that way since 2.1.112, when UFS write support had been added. 27 years to spot a typo... Signed-off-by: Al Viro --- diff --git a/fs/ufs/balloc.c b/fs/ufs/balloc.c index 1793ce48df0a3..82f1a4a128a2d 100644 --- a/fs/ufs/balloc.c +++ b/fs/ufs/balloc.c @@ -50,7 +50,7 @@ void ufs_free_fragments(struct inode *inode, u64 fragment, unsigned count) UFSD("ENTER, fragment %llu, count %u\n", (unsigned long long)fragment, count); - if (ufs_fragnum(fragment) + count > uspi->s_fpg) + if (ufs_fragnum(fragment) + count > uspi->s_fpb) ufs_error (sb, "ufs_free_fragments", "internal error"); mutex_lock(&UFS_SB(sb)->s_lock);