aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJeff Layton <jlayton@redhat.com>2009-09-18 16:05:50 -0400
committerAl Viro <viro@zeniv.linux.org.uk>2009-09-24 07:47:31 -0400
commit5aa98b706e83da4cde4172c890d6e815915536a0 (patch)
treece7a52cb4d019110076ef0d3791a947ce343abc6
parent05cc0cee6948fc11985d11557fb130645a7f69a6 (diff)
vfs: explicitly cast s_maxbytes in fiemap_check_ranges
If fiemap_check_ranges is passed a large enough value, then it's possible that the value would be cast to a signed value for comparison against s_maxbytes when we change it to loff_t. Make sure that doesn't happen by explicitly casting s_maxbytes to an unsigned value for the purposes of comparison. Signed-off-by: Jeff Layton <jlayton@redhat.com> Cc: Christoph Hellwig <hch@lst.de> Cc: Robert Love <rlove@google.com> Cc: Al Viro <viro@zeniv.linux.org.uk> Cc: Johannes Weiner <hannes@cmpxchg.org> Cc: Mandeep Singh Baines <msb@google.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
-rw-r--r--fs/ioctl.c9
1 files changed, 5 insertions, 4 deletions
diff --git a/fs/ioctl.c b/fs/ioctl.c
index 5612880fcbe7..7b17a14396ff 100644
--- a/fs/ioctl.c
+++ b/fs/ioctl.c
@@ -162,20 +162,21 @@ EXPORT_SYMBOL(fiemap_check_flags);
162static int fiemap_check_ranges(struct super_block *sb, 162static int fiemap_check_ranges(struct super_block *sb,
163 u64 start, u64 len, u64 *new_len) 163 u64 start, u64 len, u64 *new_len)
164{ 164{
165 u64 maxbytes = (u64) sb->s_maxbytes;
166
165 *new_len = len; 167 *new_len = len;
166 168
167 if (len == 0) 169 if (len == 0)
168 return -EINVAL; 170 return -EINVAL;
169 171
170 if (start > sb->s_maxbytes) 172 if (start > maxbytes)
171 return -EFBIG; 173 return -EFBIG;
172 174
173 /* 175 /*
174 * Shrink request scope to what the fs can actually handle. 176 * Shrink request scope to what the fs can actually handle.
175 */ 177 */
176 if ((len > sb->s_maxbytes) || 178 if (len > maxbytes || (maxbytes - len) < start)
177 (sb->s_maxbytes - len) < start) 179 *new_len = maxbytes - start;
178 *new_len = sb->s_maxbytes - start;
179 180
180 return 0; 181 return 0;
181} 182}