git.ipfire.org Git - thirdparty/kernel/linux.git/commit

author	Arpith Kalaginanavoor <arpithk@nvidia.com>
	Tue, 26 May 2026 12:38:58 +0000 (05:38 -0700)
committer	Christian Brauner <brauner@kernel.org>
	Thu, 28 May 2026 12:16:33 +0000 (14:16 +0200)
commit	89c4a1167f3a0a0efd2ec3e1801036d2eb65ae1a
tree	bcb4bf5fe0ccccbd343eb7fe7d9cb100989d8ac7	tree \| snapshot
parent	e824bbd4d224cce4b5fb59cc9dcd3447fe0b7e44	commit \| diff

fs/qnx6: fix pointer arithmetic in directory iteration

The conversion to qnx6_get_folio() in commit b2aa61556fcf
("qnx6: Convert qnx6_get_page() to qnx6_get_folio()")
introduced a regression in directory iteration. The pointer 'de'
and the 'limit' address were calculated using byte offsets from
a char pointer without scaling by the size of a QNX6 directory
entry.

This causes the driver to read from incorrect memory offsets,
leading to "invalid direntry size" errors and premature
termination of directory scans.

Fix this by casting 'kaddr' to 'struct qnx6_dir_entry *' before
applying the offset and last_entry(...) increments. This allows the
compiler to correctly scale the pointer arithmetic by the 32-byte
stride of the directory entry structure.

Fixes: b2aa61556fcf ("qnx6: Convert qnx6_get_page() to qnx6_get_folio()")
Cc: stable@vger.kernel.org
Signed-off-by: Arpith Kalaginanavoor <arpithk@nvidia.com>
Link: https://patch.msgid.link/20260526123858.1683035-1-arpithk@nvidia.com
Signed-off-by: Christian Brauner (Amutable) <brauner@kernel.org>