3 files changed, 11 insertions, 4 deletions
diff --git a/fs/xfs/libxfs/xfs_attr_leaf.c b/fs/xfs/libxfs/xfs_attr_leaf.c
index 6fc5425b1474..2652d00842d6 100644
--- a/fs/xfs/libxfs/xfs_attr_leaf.c
+++ b/fs/xfs/libxfs/xfs_attr_leaf.c
@@ -243,7 +243,7 @@ xfs_attr3_leaf_verify(
        struct xfs_mount                *mp = bp->b_target->bt_mount;
        struct xfs_attr_leafblock       *leaf = bp->b_addr;
        struct xfs_attr_leaf_entry      *entries;
-        uint16_t                        end;
+        uint32_t                        end;    /* must be 32bit - see below */
        int                             i;
        xfs_attr3_leaf_hdr_from_disk(mp->m_attr_geo, &ichdr, leaf);
@@ -293,6 +293,11 @@ xfs_attr3_leaf_verify(
        /*
         * Quickly check the freemap information.  Attribute data has to be
         * aligned to 4-byte boundaries, and likewise for the free space.
+         *
+         * Note that for 64k block size filesystems, the freemap entries cannot
+         * overflow as they are only be16 fields. However, when checking end
+         * pointer of the freemap, we have to be careful to detect overflows and
+         * so use uint32_t for those checks.
         */
        for (i = 0; i < XFS_ATTR_LEAF_MAPSIZE; i++) {
                if (ichdr.freemap[i].base > mp->m_attr_geo->blksize)
@@ -303,7 +308,9 @@ xfs_attr3_leaf_verify(
                        return __this_address;
                if (ichdr.freemap[i].size & 0x3)
                        return __this_address;
-                end = ichdr.freemap[i].base + ichdr.freemap[i].size;
+                /* be care of 16 bit overflows here */
+                end = (uint32_t)ichdr.freemap[i].base + ichdr.freemap[i].size;
                if (end < ichdr.freemap[i].base)
                        return __this_address;
                if (end > mp->m_attr_geo->blksize)
diff --git a/fs/xfs/xfs_ioctl.c b/fs/xfs/xfs_ioctl.c
index 6e2c08f30f60..6ecdbb3af7de 100644
--- a/fs/xfs/xfs_ioctl.c
+++ b/fs/xfs/xfs_ioctl.c
@@ -1608,7 +1608,7 @@ xfs_ioc_getbmap(
        error = 0;
 out_free_buf:
        kmem_free(buf);
-        return 0;
+        return error;
 }
 struct getfsmap_info {
diff --git a/fs/xfs/xfs_message.c b/fs/xfs/xfs_message.c
index 576c375ce12a..6b736ea58d35 100644
--- a/fs/xfs/xfs_message.c
+++ b/fs/xfs/xfs_message.c
@@ -107,5 +107,5 @@ assfail(char *expr, char *file, int line)
 void
 xfs_hex_dump(void *p, int length)
 {
-        print_hex_dump(KERN_ALERT, "", DUMP_PREFIX_ADDRESS, 16, 1, p, length, 1);
+        print_hex_dump(KERN_ALERT, "", DUMP_PREFIX_OFFSET, 16, 1, p, length, 1);
 }

diff --git a/fs/xfs/libxfs/xfs_attr_leaf.c b/fs/xfs/libxfs/xfs_attr_leaf.c index 6fc5425b1474..2652d00842d6 100644 --- a/fs/xfs/libxfs/xfs_attr_leaf.c +++ b/fs/xfs/libxfs/xfs_attr_leaf.c
@@ -243,7 +243,7 @@ xfs_attr3_leaf_verify(
243	struct xfs_mount *mp = bp->b_target->bt_mount;	243	struct xfs_mount *mp = bp->b_target->bt_mount;
244	struct xfs_attr_leafblock *leaf = bp->b_addr;	244	struct xfs_attr_leafblock *leaf = bp->b_addr;
245	struct xfs_attr_leaf_entry *entries;	245	struct xfs_attr_leaf_entry *entries;
246	uint16_t end;	246	uint32_t end; /* must be 32bit - see below */
247	int i;	247	int i;
248		248
249	xfs_attr3_leaf_hdr_from_disk(mp->m_attr_geo, &ichdr, leaf);	249	xfs_attr3_leaf_hdr_from_disk(mp->m_attr_geo, &ichdr, leaf);
@@ -293,6 +293,11 @@ xfs_attr3_leaf_verify(
293	/*	293	/*
294	* Quickly check the freemap information. Attribute data has to be	294	* Quickly check the freemap information. Attribute data has to be
295	* aligned to 4-byte boundaries, and likewise for the free space.	295	* aligned to 4-byte boundaries, and likewise for the free space.
		296	*
		297	* Note that for 64k block size filesystems, the freemap entries cannot
		298	* overflow as they are only be16 fields. However, when checking end
		299	* pointer of the freemap, we have to be careful to detect overflows and
		300	* so use uint32_t for those checks.
296	*/	301	*/
297	for (i = 0; i < XFS_ATTR_LEAF_MAPSIZE; i++) {	302	for (i = 0; i < XFS_ATTR_LEAF_MAPSIZE; i++) {
298	if (ichdr.freemap[i].base > mp->m_attr_geo->blksize)	303	if (ichdr.freemap[i].base > mp->m_attr_geo->blksize)
@@ -303,7 +308,9 @@ xfs_attr3_leaf_verify(
303	return __this_address;	308	return __this_address;
304	if (ichdr.freemap[i].size & 0x3)	309	if (ichdr.freemap[i].size & 0x3)
305	return __this_address;	310	return __this_address;
306	end = ichdr.freemap[i].base + ichdr.freemap[i].size;	311
		312	/* be care of 16 bit overflows here */
		313	end = (uint32_t)ichdr.freemap[i].base + ichdr.freemap[i].size;
307	if (end < ichdr.freemap[i].base)	314	if (end < ichdr.freemap[i].base)
308	return __this_address;	315	return __this_address;
309	if (end > mp->m_attr_geo->blksize)	316	if (end > mp->m_attr_geo->blksize)


diff --git a/fs/xfs/xfs_ioctl.c b/fs/xfs/xfs_ioctl.c index 6e2c08f30f60..6ecdbb3af7de 100644 --- a/fs/xfs/xfs_ioctl.c +++ b/fs/xfs/xfs_ioctl.c
@@ -1608,7 +1608,7 @@ xfs_ioc_getbmap(
1608	error = 0;	1608	error = 0;
1609	out_free_buf:	1609	out_free_buf:
1610	kmem_free(buf);	1610	kmem_free(buf);
1611	return 0;	1611	return error;
1612	}	1612	}
1613		1613
1614	struct getfsmap_info {	1614	struct getfsmap_info {


diff --git a/fs/xfs/xfs_message.c b/fs/xfs/xfs_message.c index 576c375ce12a..6b736ea58d35 100644 --- a/fs/xfs/xfs_message.c +++ b/fs/xfs/xfs_message.c
@@ -107,5 +107,5 @@ assfail(char expr, char file, int line)
107	void	107	void
108	xfs_hex_dump(void *p, int length)	108	xfs_hex_dump(void *p, int length)
109	{	109	{
110	print_hex_dump(KERN_ALERT, "", DUMP_PREFIX_ADDRESS, 16, 1, p, length, 1);	110	print_hex_dump(KERN_ALERT, "", DUMP_PREFIX_OFFSET, 16, 1, p, length, 1);
111	}	111	}