From nobody Thu Dec 18 06:01:26 2025 Received: from exchange.fintech.ru (exchange.fintech.ru [195.54.195.159]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2D77F282FA; Wed, 24 Jul 2024 17:07:01 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=195.54.195.159 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1721840826; cv=none; b=C9pSN2Zijl/xgGrAcNAGNH9Y0sRgm26nBc+80arp4ukSwOc3vvhtPFLloA93x8I9rDKvwMc9zNNCa6/OLbnMd5Js4zVSh/f+Z0Dci9WLg+wbpqpoCYsSjTVCAapskovD5+AY7FfmEs6JTWnZ++MvlZllRzThtf+EWgNDkCPuW/c= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1721840826; c=relaxed/simple; bh=3th69gBbPgFalXrCo4XH+UQNEpvpCp1LS7DzfzPmVRY=; h=From:To:CC:Subject:Date:Message-ID:MIME-Version:Content-Type; b=eNPEkHX4E4Djw/pSLfq6ZRPLBv0wOKTT8GN7gnNPUDtWGwvkRKBv/CU9PTaPc9ADaA4J66cdyh1wcwH+gpARv2a9zp2uNkx4747+33euLkXJqvVKMM2Eev9iHYx+jsW9FrRBcZYU/ap4O0NfS9gWURnM+e5irgG7ioVPK2dT+l4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=fintech.ru; spf=pass smtp.mailfrom=fintech.ru; arc=none smtp.client-ip=195.54.195.159 Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=fintech.ru Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=fintech.ru Received: from Ex16-01.fintech.ru (10.0.10.18) by exchange.fintech.ru (195.54.195.169) with Microsoft SMTP Server (TLS) id 14.3.498.0; Wed, 24 Jul 2024 20:05:49 +0300 Received: from localhost (10.0.253.138) by Ex16-01.fintech.ru (10.0.10.18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.4; Wed, 24 Jul 2024 20:05:48 +0300 From: Nikita Zhandarovich To: Jaegeuk Kim , Chao Yu CC: Nikita Zhandarovich , , , , Subject: [PATCH] f2fs: prevent possible int overflow in dir_block_index() Date: Wed, 24 Jul 2024 10:05:44 -0700 Message-ID: <20240724170544.11372-1-n.zhandarovich@fintech.ru> X-Mailer: git-send-email 2.25.1 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable X-ClientProxiedBy: Ex16-02.fintech.ru (10.0.10.19) To Ex16-01.fintech.ru (10.0.10.18) Content-Type: text/plain; charset="utf-8" The result of multiplication between values derived from functions dir_buckets() and bucket_blocks() *could* technically reach 2^30 * 2^2 =3D 2^32. While unlikely to happen, it is prudent to ensure that it will not lead to integer overflow. Thus, use mul_u32_u32() as it's more appropriate to mitigate the issue. Found by Linux Verification Center (linuxtesting.org) with static analysis tool SVACE. Fixes: 3843154598a0 ("f2fs: introduce large directory support") Cc: stable@vger.kernel.org Signed-off-by: Nikita Zhandarovich Reviewed-by: Chao Yu --- fs/f2fs/dir.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/fs/f2fs/dir.c b/fs/f2fs/dir.c index cbd7a5e96a37..14900ca8a9ff 100644 --- a/fs/f2fs/dir.c +++ b/fs/f2fs/dir.c @@ -166,7 +166,8 @@ static unsigned long dir_block_index(unsigned int level, unsigned long bidx =3D 0; =20 for (i =3D 0; i < level; i++) - bidx +=3D dir_buckets(i, dir_level) * bucket_blocks(i); + bidx +=3D mul_u32_u32(dir_buckets(i, dir_level), + bucket_blocks(i)); bidx +=3D idx * bucket_blocks(level); return bidx; }