From 0550870b1c590be6beb09b57762ec43b5516f7d1 Mon Sep 17 00:00:00 2001 From: Ma Haijun Date: Wed, 8 Jan 2014 08:15:33 +0800 Subject: fs/ext4: fix calling put_ext4 with truncated offset Curently, we are using 32 bit multiplication to calculate the offset, so the result will always be 32 bit. This can silently cause file system corruption when performing a write operation on partition larger than 4 GiB. This patch address the issue by simply promoting the terms to 64 bit, and let compilers decide how to do the multiplication efficiently. Signed-off-by: Ma Haijun --- fs/ext4/ext4_write.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) (limited to 'fs/ext4/ext4_write.c') diff --git a/fs/ext4/ext4_write.c b/fs/ext4/ext4_write.c index 1e1924c..b674b6f 100644 --- a/fs/ext4/ext4_write.c +++ b/fs/ext4/ext4_write.c @@ -40,18 +40,18 @@ static void ext4fs_update(void) /* update block groups */ for (i = 0; i < fs->no_blkgrp; i++) { fs->bgd[i].bg_checksum = ext4fs_checksum_update(i); - put_ext4((uint64_t)(fs->bgd[i].block_id * fs->blksz), + put_ext4((uint64_t)((uint64_t)fs->bgd[i].block_id * (uint64_t)fs->blksz), fs->blk_bmaps[i], fs->blksz); } /* update inode table groups */ for (i = 0; i < fs->no_blkgrp; i++) { - put_ext4((uint64_t) (fs->bgd[i].inode_id * fs->blksz), + put_ext4((uint64_t) ((uint64_t)fs->bgd[i].inode_id * (uint64_t)fs->blksz), fs->inode_bmaps[i], fs->blksz); } /* update the block group descriptor table */ - put_ext4((uint64_t)(fs->gdtable_blkno * fs->blksz), + put_ext4((uint64_t)((uint64_t)fs->gdtable_blkno * (uint64_t)fs->blksz), (struct ext2_block_group *)fs->gdtable, (fs->blksz * fs->no_blk_pergdt)); @@ -709,7 +709,7 @@ void ext4fs_deinit(void) temp_buff); jsb = (struct journal_superblock_t *)temp_buff; jsb->s_start = cpu_to_be32(0); - put_ext4((uint64_t) (blknr * fs->blksz), + put_ext4((uint64_t) ((uint64_t)blknr * (uint64_t)fs->blksz), (struct journal_superblock_t *)temp_buff, fs->blksz); free(temp_buff); } @@ -793,7 +793,7 @@ static int ext4fs_write_file(struct ext2_inode *file_inode, delayed_next += blockend >> log2blksz; } else { /* spill */ put_ext4((uint64_t) - (delayed_start << log2blksz), + ((uint64_t)delayed_start << log2blksz), delayed_buf, (uint32_t) delayed_extent); previous_block_number = blknr; @@ -814,7 +814,7 @@ static int ext4fs_write_file(struct ext2_inode *file_inode, } else { if (previous_block_number != -1) { /* spill */ - put_ext4((uint64_t) (delayed_start << + put_ext4((uint64_t) ((uint64_t)delayed_start << log2blksz), delayed_buf, (uint32_t) delayed_extent); @@ -826,7 +826,7 @@ static int ext4fs_write_file(struct ext2_inode *file_inode, } if (previous_block_number != -1) { /* spill */ - put_ext4((uint64_t) (delayed_start << log2blksz), + put_ext4((uint64_t) ((uint64_t)delayed_start << log2blksz), delayed_buf, (uint32_t) delayed_extent); previous_block_number = -1; } -- cgit v1.1