gfs2: Fix invalid metadata access in punch_hole

[ Upstream commit c95346ac918c5badf51b9a7ac58a26d3bd5bb224 ]

In punch_hole(), when the offset lies in the final block for a given
height, there is no hole to punch, but the maximum size check fails to
detect that.  Consequently, punch_hole() will try to punch a hole beyond
the end of the metadata and fail.  Fix the maximum size check.

Signed-off-by: Andrew Price <anprice@redhat.com>
Signed-off-by: Andreas Gruenbacher <agruenba@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>

diff --git a/fs/gfs2/bmap.c b/fs/gfs2/bmap.c
index 63e925aa12a7564cc4b8c45f3c31e7b9964a6d9e..1dc0f0bca3ab31ddd446f050ba556b4689ed2e17 100644 (file)
--- a/fs/gfs2/bmap.c
+++ b/fs/gfs2/bmap.c
@@ -1760,7 +1760,8 @@ static int punch_hole(struct gfs2_inode *ip, u64 offset, u64 length)
        struct buffer_head *dibh, *bh;
        struct gfs2_holder rd_gh;
        unsigned int bsize_shift = sdp->sd_sb.sb_bsize_shift;
-       u64 lblock = (offset + (1 << bsize_shift) - 1) >> bsize_shift;
+       unsigned int bsize = 1 << bsize_shift;
+       u64 lblock = (offset + bsize - 1) >> bsize_shift;
        __u16 start_list[GFS2_MAX_META_HEIGHT];
        __u16 __end_list[GFS2_MAX_META_HEIGHT], *end_list = NULL;
        unsigned int start_aligned, end_aligned;
@@ -1771,7 +1772,7 @@ static int punch_hole(struct gfs2_inode *ip, u64 offset, u64 length)
        u64 prev_bnr = 0;
        __be64 *start, *end;
 
-       if (offset >= maxsize) {
+       if (offset + bsize - 1 >= maxsize) {
                /*
                 * The starting point lies beyond the allocated meta-data;
                 * there are no blocks do deallocate.