On Wed, Jan 08, 2025 at 08:11:50PM -0800, Marco Nelissen wrote:
> on 32-bit kernels, iomap_write_delalloc_scan() was inadvertently using a
> 32-bit position due to folio_next_index() returning an unsigned long.
> This could lead to an infinite loop when writing to an xfs filesystem.
>
> Signed-off-by: Marco Nelissen <marco.nelissen@xxxxxxxxx>
> ---
> fs/iomap/buffered-io.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/fs/iomap/buffered-io.c b/fs/iomap/buffered-io.c
> index 54dc27d92781..d303e6c8900c 100644
> --- a/fs/iomap/buffered-io.c
> +++ b/fs/iomap/buffered-io.c
> @@ -1138,7 +1138,7 @@ static void iomap_write_delalloc_scan(struct inode *inode,
> start_byte, end_byte, iomap, punch);
>
> /* move offset to start of next folio in range */
> - start_byte = folio_next_index(folio) << PAGE_SHIFT;
> + start_byte = folio_pos(folio) + folio_size(folio);
eeek. Yeah, I guess that would happen towards the upper end of the 16T
range on 32-bit.
I wonder if perhaps pagemap.h should have:
static inline loff_t folio_next_pos(struct folio *folio)
{
return folio_pos(folio) + folio_size(folio);
}
But I think this is the only place in the kernel that uses this
construction? So maybe not worth the fuss.
Reviewed-by: "Darrick J. Wong" <djwong@xxxxxxxxxx>
--D
> folio_unlock(folio);
> folio_put(folio);
> }
> --
> 2.39.5
>
