From: Kent Overstreet Date: Sun, 17 Jan 2021 18:19:16 +0000 (-0500) Subject: bcachefs: Fix integer overflow in bch2_disk_reservation_get() X-Git-Tag: v6.7-rc1~201^2~1841 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=cd9f3dfe58709c7b0793a706d0dd0292a66237d5;p=thirdparty%2Fkernel%2Flinux.git bcachefs: Fix integer overflow in bch2_disk_reservation_get() The sectors argument shouldn't have been a u32 - it can be up to U32_MAX (i.e. fallocate creating persistent reservations), and if replication is enabled we'll overflow when we calculate the real number of sectors to reserve. Oops. Signed-off-by: Kent Overstreet Signed-off-by: Kent Overstreet --- diff --git a/fs/bcachefs/buckets.c b/fs/bcachefs/buckets.c index 1bbd1ee080ecb..11907abd9b4c8 100644 --- a/fs/bcachefs/buckets.c +++ b/fs/bcachefs/buckets.c @@ -2109,7 +2109,7 @@ int bch2_trans_mark_update(struct btree_trans *trans, #define SECTORS_CACHE 1024 int bch2_disk_reservation_add(struct bch_fs *c, struct disk_reservation *res, - unsigned sectors, int flags) + u64 sectors, int flags) { struct bch_fs_pcpu *pcpu; u64 old, v, get; diff --git a/fs/bcachefs/buckets.h b/fs/bcachefs/buckets.h index 2e9c4e46c61c0..a0ef9c041d5c6 100644 --- a/fs/bcachefs/buckets.h +++ b/fs/bcachefs/buckets.h @@ -282,8 +282,8 @@ static inline void bch2_disk_reservation_put(struct bch_fs *c, #define BCH_DISK_RESERVATION_NOFAIL (1 << 0) int bch2_disk_reservation_add(struct bch_fs *, - struct disk_reservation *, - unsigned, int); + struct disk_reservation *, + u64, int); static inline struct disk_reservation bch2_disk_reservation_init(struct bch_fs *c, unsigned nr_replicas) @@ -300,8 +300,7 @@ bch2_disk_reservation_init(struct bch_fs *c, unsigned nr_replicas) static inline int bch2_disk_reservation_get(struct bch_fs *c, struct disk_reservation *res, - unsigned sectors, - unsigned nr_replicas, + u64 sectors, unsigned nr_replicas, int flags) { *res = bch2_disk_reservation_init(c, nr_replicas);