vfs: explicitly cast s_maxbytes in fiemap_check_ranges

If fiemap_check_ranges is passed a large enough value, then it's
possible that the value would be cast to a signed value for comparison
against s_maxbytes when we change it to loff_t. Make sure that doesn't
happen by explicitly casting s_maxbytes to an unsigned value for the
purposes of comparison.

Signed-off-by: Jeff Layton <jlayton@redhat.com>
Cc: Christoph Hellwig <hch@lst.de>
Cc: Robert Love <rlove@google.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Johannes Weiner <hannes@cmpxchg.org>
Cc: Mandeep Singh Baines <msb@google.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>

1 files changed, 5 insertions, 4 deletions

diff --git a/fs/ioctl.c b/fs/ioctl.c
index 5612880fcbe7..7b17a14396ff 100644
--- a/fs/ioctl.c
+++ b/fs/ioctl.c
@@ -162,20 +162,21 @@ EXPORT_SYMBOL(fiemap_check_flags);
 static int fiemap_check_ranges(struct super_block *sb,
                                u64 start, u64 len, u64 *new_len)
 {
+        u64 maxbytes = (u64) sb->s_maxbytes;
+
         *new_len = len;
 
         if (len == 0)
                 return -EINVAL;
 
-        if (start > sb->s_maxbytes)
+        if (start > maxbytes)
                 return -EFBIG;
 
         /*
          * Shrink request scope to what the fs can actually handle.
          */
-        if ((len > sb->s_maxbytes) ||
-            (sb->s_maxbytes - len) < start)
-                *new_len = sb->s_maxbytes - start;
+        if (len > maxbytes || (maxbytes - len) < start)
+                *new_len = maxbytes - start;
 
         return 0;
 }