diff options
author | Ma Haijun <mahaijuns@gmail.com> | 2014-01-08 08:15:33 +0800 |
---|---|---|
committer | Tom Rini <trini@ti.com> | 2014-01-20 10:09:38 -0500 |
commit | 0550870b1c590be6beb09b57762ec43b5516f7d1 (patch) | |
tree | 60b432add71bb6c1603fce7f486267c34e099074 /fs/ext4/ext4_journal.c | |
parent | f17828830df0d83c680f1703e491ac12703a3d19 (diff) | |
download | u-boot-0550870b1c590be6beb09b57762ec43b5516f7d1.tar.gz |
fs/ext4: fix calling put_ext4 with truncated offset
Curently, we are using 32 bit multiplication to calculate the offset,
so the result will always be 32 bit.
This can silently cause file system corruption when performing a write
operation on partition larger than 4 GiB.
This patch address the issue by simply promoting the terms to 64 bit,
and let compilers decide how to do the multiplication efficiently.
Signed-off-by: Ma Haijun <mahaijuns@gmail.com>
Diffstat (limited to 'fs/ext4/ext4_journal.c')
-rw-r--r-- | fs/ext4/ext4_journal.c | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/fs/ext4/ext4_journal.c b/fs/ext4/ext4_journal.c index d4a46ed8b6..3f613351a4 100644 --- a/fs/ext4/ext4_journal.c +++ b/fs/ext4/ext4_journal.c @@ -371,7 +371,7 @@ void recover_transaction(int prev_desc_logical_no) blknr = read_allocated_block(&inode_journal, i); ext4fs_devread((lbaint_t)blknr * fs->sect_perblk, 0, fs->blksz, metadata_buff); - put_ext4((uint64_t)(be32_to_cpu(tag->block) * fs->blksz), + put_ext4((uint64_t)((uint64_t)be32_to_cpu(tag->block) * (uint64_t)fs->blksz), metadata_buff, (uint32_t) fs->blksz); } while (!(flags & EXT3_JOURNAL_FLAG_LAST_TAG)); fail: @@ -531,7 +531,7 @@ end: blknr = read_allocated_block(&inode_journal, EXT2_JOURNAL_SUPERBLOCK); - put_ext4((uint64_t) (blknr * fs->blksz), + put_ext4((uint64_t) ((uint64_t)blknr * (uint64_t)fs->blksz), (struct journal_superblock_t *)temp_buff, (uint32_t) fs->blksz); ext4fs_free_revoke_blks(); @@ -590,7 +590,7 @@ static void update_descriptor_block(long int blknr) tag.flags = cpu_to_be32(EXT3_JOURNAL_FLAG_LAST_TAG); memcpy(temp - sizeof(struct ext3_journal_block_tag), &tag, sizeof(struct ext3_journal_block_tag)); - put_ext4((uint64_t) (blknr * fs->blksz), buf, (uint32_t) fs->blksz); + put_ext4((uint64_t) ((uint64_t)blknr * (uint64_t)fs->blksz), buf, (uint32_t) fs->blksz); free(temp_buff); free(buf); @@ -625,7 +625,7 @@ static void update_commit_block(long int blknr) return; } memcpy(buf, &jdb, sizeof(struct journal_header_t)); - put_ext4((uint64_t) (blknr * fs->blksz), buf, (uint32_t) fs->blksz); + put_ext4((uint64_t) ((uint64_t)blknr * (uint64_t)fs->blksz), buf, (uint32_t) fs->blksz); free(temp_buff); free(buf); |