xfs: overflow in xfs_iomap_eof_align_last_fsb
authorPeter Watkins <treestem@gmail.com>
Wed, 3 Dec 2014 22:30:51 +0000 (09:30 +1100)
committerDave Chinner <david@fromorbit.com>
Wed, 3 Dec 2014 22:30:51 +0000 (09:30 +1100)
If extsize is set and new_last_fsb is larger than 32 bits, the
roundup to extsize will overflow the align variable. Instead,
combine alignments by rounding stripe size up to extsize.

Signed-off-by: Peter Watkins <treestem@gmail.com>
Reviewed-by: Nathaniel W. Turner <nate@houseofnate.net>
Reviewed-by: Brian Foster <bfoster@redhat.com>
Signed-off-by: Dave Chinner <david@fromorbit.com>
fs/xfs/xfs_iomap.c

index afcf3c926565f940e2986093e7e3491296466d9b..3fad07136c5de62ca4626532638be1e9d976e46b 100644 (file)
@@ -52,7 +52,6 @@ xfs_iomap_eof_align_last_fsb(
        xfs_extlen_t    extsize,
        xfs_fileoff_t   *last_fsb)
 {
-       xfs_fileoff_t   new_last_fsb = 0;
        xfs_extlen_t    align = 0;
        int             eof, error;
 
@@ -70,8 +69,8 @@ xfs_iomap_eof_align_last_fsb(
                else if (mp->m_dalign)
                        align = mp->m_dalign;
 
-               if (align && XFS_ISIZE(ip) >= XFS_FSB_TO_B(mp, align))
-                       new_last_fsb = roundup_64(*last_fsb, align);
+               if (align && XFS_ISIZE(ip) < XFS_FSB_TO_B(mp, align))
+                       align = 0;
        }
 
        /*
@@ -79,14 +78,14 @@ xfs_iomap_eof_align_last_fsb(
         * (when file on a real-time subvolume or has di_extsize hint).
         */
        if (extsize) {
-               if (new_last_fsb)
-                       align = roundup_64(new_last_fsb, extsize);
+               if (align)
+                       align = roundup_64(align, extsize);
                else
                        align = extsize;
-               new_last_fsb = roundup_64(*last_fsb, align);
        }
 
-       if (new_last_fsb) {
+       if (align) {
+               xfs_fileoff_t   new_last_fsb = roundup_64(*last_fsb, align);
                error = xfs_bmap_eof(ip, new_last_fsb, XFS_DATA_FORK, &eof);
                if (error)
                        return error;