bkey sizes are stored in sectors as u32, while fiemap reports byte lengths as u64. Shifting k.k->size before widening performs the conversion in 32 bits, so an extent of 4 GiB or larger can wrap before it is passed to fiemap_fill_next_extent().
Compute the byte length after casting the sector count to u64 and reuse it for all bch2_fill_extent() cases. Found by Linux Verification Center (linuxtesting.org) with SVACE. Signed-off-by: Mikhail Dmitrichenko <[email protected]> --- fs/bcachefs/vfs/fiemap.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/fs/bcachefs/vfs/fiemap.c b/fs/bcachefs/vfs/fiemap.c index 067e191cf8d0..18a44622a7b0 100644 --- a/fs/bcachefs/vfs/fiemap.c +++ b/fs/bcachefs/vfs/fiemap.c @@ -23,6 +23,7 @@ static int bch2_fill_extent(struct bch_fs *c, struct bch_fiemap_extent *fe) { struct bkey_s_c k = bkey_i_to_s_c(fe->kbuf.k); + u64 len = (u64) k.k->size << 9; unsigned flags = fe->flags; BUG_ON(!k.k->size); @@ -54,20 +55,20 @@ static int bch2_fill_extent(struct bch_fs *c, try(fiemap_fill_next_extent(info, bkey_start_offset(k.k) << 9, offset << 9, - k.k->size << 9, flags|flags2)); + len, flags|flags2)); } return 0; } else if (bkey_extent_is_inline_data(k.k)) { return fiemap_fill_next_extent(info, bkey_start_offset(k.k) << 9, - 0, k.k->size << 9, + 0, len, flags| FIEMAP_EXTENT_DATA_INLINE); } else if (k.k->type == KEY_TYPE_reservation) { return fiemap_fill_next_extent(info, bkey_start_offset(k.k) << 9, - 0, k.k->size << 9, + 0, len, flags| FIEMAP_EXTENT_DELALLOC| FIEMAP_EXTENT_UNWRITTEN); -- 2.54.0.windows.1
