xfs: fix integer overflow in busy extent sort comparator

xfs_extent_busy_ag_cmp() subtracts two uint32_t values (group
numbers and block numbers) and returns the result as s32. When
the difference exceeds INT_MAX, the result overflows and the sort
order is corrupted.

Use cmp_int() instead, as was done in commit 362c49098086 ("xfs:
fix integer overflow in bmap intent sort comparator").

Fixes: 4a137e09151e ("xfs: keep a reference to the pag for busy extents")
Signed-off-by: Yuto Ohnuki <ytohnuki@amazon.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Carlos Maiolino <cmaiolino@redhat.com>
Signed-off-by: Carlos Maiolino <cem@kernel.org>

diff --git a/fs/xfs/xfs_extent_busy.c b/fs/xfs/xfs_extent_busy.c
index 3efdca3d675bf60d2676604d61ce9b2b6c5b889d..41cf0605ec22e5ef26306f063edfc19ba730a316 100644 (file)
--- a/fs/xfs/xfs_extent_busy.c
+++ b/fs/xfs/xfs_extent_busy.c
@@ -690,9 +690,9 @@ xfs_extent_busy_ag_cmp(
                container_of(l2, struct xfs_extent_busy, list);
        s32 diff;
 
-       diff = b1->group->xg_gno - b2->group->xg_gno;
+       diff = cmp_int(b1->group->xg_gno, b2->group->xg_gno);
        if (!diff)
-               diff = b1->bno - b2->bno;
+               diff = cmp_int(b1->bno, b2->bno);
        return diff;
 }