This is a note to let you know that I've just added the patch titled
iomap: Fix possible overflow condition in iomap_write_delalloc_scan
to the 6.5-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
iomap-fix-possible-overflow-condition-in-iomap_write.patch
and it can be found in the queue-6.5 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
commit 569ce80392aab7dff975ebb74e7e8fd5fabe69bf
Author: Ritesh Harjani (IBM) <ritesh.list@xxxxxxxxx>
Date: Mon Jul 10 14:12:22 2023 -0700
iomap: Fix possible overflow condition in iomap_write_delalloc_scan
[ Upstream commit eee2d2e6ea5550118170dbd5bb1316ceb38455fb ]
folio_next_index() returns an unsigned long value which left shifted
by PAGE_SHIFT could possibly cause an overflow on 32-bit system. Instead
use folio_pos(folio) + folio_size(folio), which does this correctly.
Suggested-by: Matthew Wilcox <willy@xxxxxxxxxxxxx>
Signed-off-by: Ritesh Harjani (IBM) <ritesh.list@xxxxxxxxx>
Reviewed-by: Darrick J. Wong <djwong@xxxxxxxxxx>
Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>
diff --git a/fs/iomap/buffered-io.c b/fs/iomap/buffered-io.c
index 7d2f70708f37d..794fda5bd9bc6 100644
--- a/fs/iomap/buffered-io.c
+++ b/fs/iomap/buffered-io.c
@@ -927,7 +927,7 @@ static int iomap_write_delalloc_scan(struct inode *inode,
* the end of this data range, not the end of the folio.
*/
*punch_start_byte = min_t(loff_t, end_byte,
- folio_next_index(folio) << PAGE_SHIFT);
+ folio_pos(folio) + folio_size(folio));
}
/* move offset to start of next folio in range */
