> I don't have a device large enough to test for signedness errors, since passing > huge values for start and len never make it past the i_size_read check. > However, I do see that I forgot to check the padding values, so I'll update that. Then do you want to at least consider converting end to be of type loff_t to match the type of value returned by i_get_size() and the type of the value passed to truncate_inode_pages_range()? Then you only need one additional check, something like: /* Check for an overflow when adding start+len into end */ if (start > (uint64_t)LLONG_MAX - len) return -EINVAL; Looking at the maximum values if we have start=0 and len=(uint64_t)LLONG_MAX we would still continue but len=(uint64_t)LLONG_MAX+1 would return -EINVAL. Similarly for start=(uint64_t)LLONG_MAX and len=0 it would continue but start=(uint64_t)LLONG_MAX+1 would return -EINVAL and that should allow start + len to be safely added and stored into an loff_t without overflow. With this check start+len can never be more than (uint64_t)LLONG_MAX which would make the other checks I suggested to ensure that neither start or end were more than (uint64_t)LLONG_MAX unnecessary. -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html