[PATCH 2/2] xfs_refcount: Preventing integer overflow

From: Andrey Shumilin
Date: Sat Mar 23 2024 - 02:26:30 EST


Multiplying variables can overflow the "overhead" variable.
To fix this, the variable type has been increased.
Next, a subtraction operation occurs with it,
but before that it is checked.

Found by Linux Verification Center (linuxtesting.org) with SVACE.
Signed-off-by: Andrey Shumilin <shum.sdl@xxxxxxxx>
---
fs/xfs/libxfs/xfs_refcount.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fs/xfs/libxfs/xfs_refcount.c b/fs/xfs/libxfs/xfs_refcount.c
index 511c912d515c..cbf07552eaff 100644
--- a/fs/xfs/libxfs/xfs_refcount.c
+++ b/fs/xfs/libxfs/xfs_refcount.c
@@ -1070,7 +1070,7 @@ static bool
xfs_refcount_still_have_space(
struct xfs_btree_cur *cur)
{
- unsigned long overhead;
+ unsigned long long overhead;

/*
* Worst case estimate: full splits of the free space and rmap btrees
--
2.30.2