erofs: fix offset truncation when shifting pgoff on 32-bit platforms

On 32-bit platforms, pgoff_t is 32 bits wide, so left-shifting
large arbitrary pgoff_t values by PAGE_SHIFT performs 32-bit arithmetic
and silently truncates the result for pages beyond the 4 GiB boundary.

Cast the page index to loff_t before shifting to produce a correct
64-bit byte offset.

Fixes: 386292919c25 ("erofs: introduce readmore decompression strategy")
Fixes: 307210c262a2 ("erofs: verify metadata accesses for file-backed mounts")
Reviewed-by: Chao Yu <chao@kernel.org>
Signed-off-by: Gao Xiang <hsiangkao@linux.alibaba.com>

diff --git a/fs/erofs/data.c b/fs/erofs/data.c
index 132a27deb2f3beb1f3ba7ee96c0d13b4c6d9578b..b2c12c5856accd9482343341898da44d36a980bb 100644 (file)
--- a/fs/erofs/data.c
+++ b/fs/erofs/data.c
@@ -39,7 +39,7 @@ void *erofs_bread(struct erofs_buf *buf, erofs_off_t offset, bool need_kmap)
         * However, the data access range must be verified here in advance.
         */
        if (buf->file) {
-               fpos = index << PAGE_SHIFT;
+               fpos = (loff_t)index << PAGE_SHIFT;
                err = rw_verify_area(READ, buf->file, &fpos, PAGE_SIZE);
                if (err < 0)
                        return ERR_PTR(err);

diff --git a/fs/erofs/zdata.c b/fs/erofs/zdata.c
index 8a0b1551193120f933a64491c6971eabf031a577..43bb5a6a9924b3f9997f23f4be48e4dbd7dd59a3 100644 (file)
--- a/fs/erofs/zdata.c
+++ b/fs/erofs/zdata.c
@@ -1872,7 +1872,7 @@ static void z_erofs_pcluster_readmore(struct z_erofs_frontend *f,
 
                if (cur < PAGE_SIZE)
                        break;
-               cur = (index << PAGE_SHIFT) - 1;
+               cur = ((loff_t)index << PAGE_SHIFT) - 1;
        }
 }