[ 3.5.y.z extended stable ] Patch "ext4: fix data offset overflow in ext4_xattr_fiemap() on" has been added to staging queue

Luis Henriques luis.henriques at canonical.com
Wed Jul 10 15:33:57 UTC 2013 

This is a note to let you know that I have just added a patch titled

    ext4: fix data offset overflow in ext4_xattr_fiemap() on

to the linux-3.5.y-queue branch of the 3.5.y.z extended stable tree 
which can be found at:

 http://kernel.ubuntu.com/git?p=ubuntu/linux.git;a=shortlog;h=refs/heads/linux-3.5.y-queue

If you, or anyone else, feels it should not be added to this tree, please 
reply to this email.

For more information about the 3.5.y.z tree, see
https://wiki.ubuntu.com/Kernel/Dev/ExtendedStable

Thanks.
-Luis

------

>From 44bb545b5ab777f5c60d91def26ceac22b6f590d Mon Sep 17 00:00:00 2001
From: Jan Kara <jack at suse.cz>
Date: Fri, 31 May 2013 19:38:56 -0400
Subject: [PATCH] ext4: fix data offset overflow in ext4_xattr_fiemap() on
 32-bit archs

commit a60697f411eb365fb09e639e6f183fe33d1eb796 upstream.

On 32-bit architectures with 32-bit sector_t computation of data offset
in ext4_xattr_fiemap() can overflow resulting in reporting bogus data
location. Fix the problem by typing block number to proper type before
shifting.

Signed-off-by: Jan Kara <jack at suse.cz>
Signed-off-by: Theodore Ts'o <tytso at mit.edu>
Signed-off-by: Luis Henriques <luis.henriques at canonical.com>
---
 fs/ext4/extents.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/fs/ext4/extents.c b/fs/ext4/extents.c
index 5101df2..177f655 100644
--- a/fs/ext4/extents.c
+++ b/fs/ext4/extents.c
@@ -4783,7 +4783,7 @@ static int ext4_xattr_fiemap(struct inode *inode,
 		error = ext4_get_inode_loc(inode, &iloc);
 		if (error)
 			return error;
-		physical = iloc.bh->b_blocknr << blockbits;
+		physical = (__u64)iloc.bh->b_blocknr << blockbits;
 		offset = EXT4_GOOD_OLD_INODE_SIZE +
 				EXT4_I(inode)->i_extra_isize;
 		physical += offset;
@@ -4791,7 +4791,7 @@ static int ext4_xattr_fiemap(struct inode *inode,
 		flags |= FIEMAP_EXTENT_DATA_INLINE;
 		brelse(iloc.bh);
 	} else { /* external block */
-		physical = EXT4_I(inode)->i_file_acl << blockbits;
+		physical = (__u64)EXT4_I(inode)->i_file_acl << blockbits;
 		length = inode->i_sb->s_blocksize;
 	}

--
1.8.1.2

More information about the kernel-team mailing list