This is a note to let you know that I've just added the patch titled btrfs: fix int32 overflow in shrink_delalloc(). to the 4.5-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: btrfs-fix-int32-overflow-in-shrink_delalloc.patch and it can be found in the queue-4.5 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable@xxxxxxxxxxxxxxx> know about it. >From 8eb0dfdbda3f56bf7d248ed87fcc383df114ecbb Mon Sep 17 00:00:00 2001 From: Adam Borowski <kilobyte@xxxxxxxxxx> Date: Sun, 8 May 2016 15:08:00 +0200 Subject: btrfs: fix int32 overflow in shrink_delalloc(). From: Adam Borowski <kilobyte@xxxxxxxxxx> commit 8eb0dfdbda3f56bf7d248ed87fcc383df114ecbb upstream. UBSAN: Undefined behaviour in fs/btrfs/extent-tree.c:4623:21 signed integer overflow: 10808 * 262144 cannot be represented in type 'int [8]' If 8192<=items<16384, we request a writeback of an insane number of pages which is benign (everything will be written). But if items>=16384, the space reservation won't be enough. Signed-off-by: Adam Borowski <kilobyte@xxxxxxxxxx> Reviewed-by: David Sterba <dsterba@xxxxxxxx> Signed-off-by: David Sterba <dsterba@xxxxxxxx> Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> --- fs/btrfs/extent-tree.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/fs/btrfs/extent-tree.c +++ b/fs/btrfs/extent-tree.c @@ -4620,7 +4620,7 @@ static void shrink_delalloc(struct btrfs /* Calc the number of the pages we need flush for space reservation */ items = calc_reclaim_items_nr(root, to_reclaim); - to_reclaim = items * EXTENT_SIZE_PER_ITEM; + to_reclaim = (u64)items * EXTENT_SIZE_PER_ITEM; trans = (struct btrfs_trans_handle *)current->journal_info; block_rsv = &root->fs_info->delalloc_block_rsv; Patches currently in stable-queue which might be from kilobyte@xxxxxxxxxx are queue-4.5/btrfs-fix-int32-overflow-in-shrink_delalloc.patch -- To unsubscribe from this list: send the line "unsubscribe stable" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html