[PATCH 4.9 50/78] iomap: fix integer truncation issues in the zeroing and dirtying helpers

From: Greg Kroah-Hartman
Date: Mon Sep 18 2017 - 05:16:53 EST


4.9-stable review patch. If anyone has any objections, please let me know.

------------------

From: Christoph Hellwig <hch@xxxxxx>

commit e28ae8e428fefe2facd72cea9f29906ecb9c861d upstream.

Fix the min_t calls in the zeroing and dirtying helpers to perform the
comparisms on 64-bit types, which prevents them from incorrectly
being truncated, and larger zeroing operations being stuck in a never
ending loop.

Special thanks to Markus Stockhausen for spotting the bug.

Reported-by: Paul Menzel <pmenzel@xxxxxxxxxxxxx>
Tested-by: Paul Menzel <pmenzel@xxxxxxxxxxxxx>
Signed-off-by: Christoph Hellwig <hch@xxxxxx>
Reviewed-by: Darrick J. Wong <darrick.wong@xxxxxxxxxx>
Signed-off-by: Darrick J. Wong <darrick.wong@xxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
fs/iomap.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

--- a/fs/iomap.c
+++ b/fs/iomap.c
@@ -281,7 +281,7 @@ iomap_dirty_actor(struct inode *inode, l
unsigned long bytes; /* Bytes to write to page */

offset = (pos & (PAGE_SIZE - 1));
- bytes = min_t(unsigned long, PAGE_SIZE - offset, length);
+ bytes = min_t(loff_t, PAGE_SIZE - offset, length);

rpage = __iomap_read_page(inode, pos);
if (IS_ERR(rpage))
@@ -376,7 +376,7 @@ iomap_zero_range_actor(struct inode *ino
unsigned offset, bytes;

offset = pos & (PAGE_SIZE - 1); /* Within page */
- bytes = min_t(unsigned, PAGE_SIZE - offset, count);
+ bytes = min_t(loff_t, PAGE_SIZE - offset, count);

if (IS_DAX(inode))
status = iomap_dax_zero(pos, offset, bytes, iomap);