[PATCH] xfs: fix possible overflow in xfs_ioc_trim()
Chandra Seetharaman
sekharan at us.ibm.com
Wed Sep 7 09:13:53 CDT 2011
On Mon, 2011-09-05 at 16:33 +0200, Lukas Czerner wrote:
> In xfs_ioc_trim it is possible that start+len might overflow. Fix it by
> decrementing the len so that start+len equals to the file system size in
> the worst case.
>
> Signed-off-by: Lukas Czerner <lczerner at redhat.com>
> ---
> fs/xfs/xfs_discard.c | 4 +++-
> 1 files changed, 3 insertions(+), 1 deletions(-)
>
> diff --git a/fs/xfs/xfs_discard.c b/fs/xfs/xfs_discard.c
> index 244e797..0fab107 100644
> --- a/fs/xfs/xfs_discard.c
> +++ b/fs/xfs/xfs_discard.c
> @@ -146,6 +146,7 @@ xfs_ioc_trim(
> unsigned int granularity = q->limits.discard_granularity;
> struct fstrim_range range;
> xfs_fsblock_t start, len, minlen;
> + xfs_fsblock_t max_blks = XFS_MAX_DBLOCKS(&(mp->m_sb));
> xfs_agnumber_t start_agno, end_agno, agno;
> __uint64_t blocks_trimmed = 0;
> int error, last_error = 0;
> @@ -171,7 +172,8 @@ xfs_ioc_trim(
> start_agno = XFS_FSB_TO_AGNO(mp, start);
> if (start_agno >= mp->m_sb.sb_agcount)
> return -XFS_ERROR(EINVAL);
> -
> + if (len > max_blks)
just wondering....
shouldn't this be ((start + len) > max_blks) ?
> + len = max_blks - start;
> end_agno = XFS_FSB_TO_AGNO(mp, start + len);
> if (end_agno >= mp->m_sb.sb_agcount)
> end_agno = mp->m_sb.sb_agcount - 1;
More information about the xfs
mailing list