diff options
| author | Nikita Zhandarovich <n.zhandarovich@fintech.ru> | 2024-07-24 10:05:44 -0700 |
|---|---|---|
| committer | Jaegeuk Kim <jaegeuk@kernel.org> | 2024-08-05 20:18:35 +0000 |
| commit | 47f268f33dff4a5e31541a990dc09f116f80e61c (patch) | |
| tree | c03a329ce2d10256ee76842d623e9ba8348c8b6a /fs | |
| parent | 2cf66b9de406dadbe7598618aa4541261d7bf536 (diff) | |
| download | linux-47f268f33dff4a5e31541a990dc09f116f80e61c.tar.gz linux-47f268f33dff4a5e31541a990dc09f116f80e61c.tar.bz2 linux-47f268f33dff4a5e31541a990dc09f116f80e61c.zip | |
f2fs: prevent possible int overflow in dir_block_index()
The result of multiplication between values derived from functions
dir_buckets() and bucket_blocks() *could* technically reach
2^30 * 2^2 = 2^32.
While unlikely to happen, it is prudent to ensure that it will not
lead to integer overflow. Thus, use mul_u32_u32() as it's more
appropriate to mitigate the issue.
Found by Linux Verification Center (linuxtesting.org) with static
analysis tool SVACE.
Fixes: 3843154598a0 ("f2fs: introduce large directory support")
Cc: stable@vger.kernel.org
Signed-off-by: Nikita Zhandarovich <n.zhandarovich@fintech.ru>
Reviewed-by: Chao Yu <chao@kernel.org>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Diffstat (limited to 'fs')
| -rw-r--r-- | fs/f2fs/dir.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/fs/f2fs/dir.c b/fs/f2fs/dir.c index cbd7a5e96a37..14900ca8a9ff 100644 --- a/fs/f2fs/dir.c +++ b/fs/f2fs/dir.c @@ -166,7 +166,8 @@ static unsigned long dir_block_index(unsigned int level, unsigned long bidx = 0; for (i = 0; i < level; i++) - bidx += dir_buckets(i, dir_level) * bucket_blocks(i); + bidx += mul_u32_u32(dir_buckets(i, dir_level), + bucket_blocks(i)); bidx += idx * bucket_blocks(level); return bidx; } |