ext4: Fix overflow caused by missing cast in ext4_fallocate()

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

The logical block number in map.l_blk is a __u32, and so before we
shift it left, by the block size, we neeed cast it to a 64-bit size.

Otherwise i_size can be corrupted on an ENOSPC.

# df -T /mnt/mp1
Filesystem Type 1K-blocks Used Available Use% Mounted on
/dev/sda6 ext4 9843276 153056 9190200 2% /mnt/mp1
# fallocate -o 0 -l 2199023251456 /mnt/mp1/testfile
fallocate: /mnt/mp1/testfile: fallocate failed: No space left on device
# stat /mnt/mp1/testfile
File: `/mnt/mp1/testfile'
Size: 4293656576 Blocks: 19380440 IO Block: 4096 regular file
Device: 806h/2054d Inode: 12 Links: 1
Access: (0644/-rw-r--r--) Uid: ( 0/ root) Gid: ( 0/ root)
Access: 2011-07-25 13:01:31.414490496 +0900
Modify: 2011-07-25 13:01:31.414490496 +0900
Change: 2011-07-25 13:01:31.454490495 +0900

Signed-off-by: Utako Kusaka <u-kusaka@wm.jp.nec.com>
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
--
fs/ext4/extents.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)

authored by

Utako Kusaka and committed by

Theodore Ts'o 14 years ago 29ae07b7 0e1147b0

+1 -1

1 changed file

expand all

ext4

extents.c

+1 -1

fs/ext4/extents.c

··· 3824 3824 blkbits) >> blkbits)) 3825 3825 new_size = offset + len; 3826 3826 else 3827 - new_size = (map.m_lblk + ret) << blkbits; 3827 + new_size = ((loff_t) map.m_lblk + ret) << blkbits; 3828 3828 3829 3829 ext4_falloc_update_inode(inode, mode, new_size, 3830 3830 (map.m_flags & EXT4_MAP_NEW));