1. Patchew
  2. linux
  3. View series

[PATCH] erofs: fix offset truncation when shifting pgoff on 32-bit platforms

Gao Xiang posted 1 patch 1 month, 3 weeks ago 
fs/erofs/data.c  | 2 +-
fs/erofs/zdata.c | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
[PATCH] erofs: fix offset truncation when shifting pgoff on 32-bit platforms
Posted by Gao Xiang 1 month, 3 weeks ago 
On 32-bit platforms, pgoff_t is 32 bits wide, so left-shifting
large arbitrary pgoff_t values by PAGE_SHIFT performs 32-bit arithmetic
and silently truncates the result for pages beyond the 4 GiB boundary.

Cast the page index to loff_t before shifting to produce a correct
64-bit byte offset.

Fixes: 386292919c25 ("erofs: introduce readmore decompression strategy")
Fixes: 307210c262a2 ("erofs: verify metadata accesses for file-backed mounts")
Signed-off-by: Gao Xiang <hsiangkao@linux.alibaba.com>
---
 fs/erofs/data.c  | 2 +-
 fs/erofs/zdata.c | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/fs/erofs/data.c b/fs/erofs/data.c
index 132a27deb2f3..b2c12c5856ac 100644
--- a/fs/erofs/data.c
+++ b/fs/erofs/data.c
@@ -39,7 +39,7 @@ void *erofs_bread(struct erofs_buf *buf, erofs_off_t offset, bool need_kmap)
 	 * However, the data access range must be verified here in advance.
 	 */
 	if (buf->file) {
-		fpos = index << PAGE_SHIFT;
+		fpos = (loff_t)index << PAGE_SHIFT;
 		err = rw_verify_area(READ, buf->file, &fpos, PAGE_SIZE);
 		if (err < 0)
 			return ERR_PTR(err);
diff --git a/fs/erofs/zdata.c b/fs/erofs/zdata.c
index 8a0b15511931..43bb5a6a9924 100644
--- a/fs/erofs/zdata.c
+++ b/fs/erofs/zdata.c
@@ -1872,7 +1872,7 @@ static void z_erofs_pcluster_readmore(struct z_erofs_frontend *f,
 
 		if (cur < PAGE_SIZE)
 			break;
-		cur = (index << PAGE_SHIFT) - 1;
+		cur = ((loff_t)index << PAGE_SHIFT) - 1;
 	}
 }
 
-- 
2.43.5
Re: [PATCH] erofs: fix offset truncation when shifting pgoff on 32-bit platforms
Posted by Chao Yu 1 month, 3 weeks ago 
On 4/20/2026 11:46 AM, Gao Xiang wrote:
> On 32-bit platforms, pgoff_t is 32 bits wide, so left-shifting
> large arbitrary pgoff_t values by PAGE_SHIFT performs 32-bit arithmetic
> and silently truncates the result for pages beyond the 4 GiB boundary.
> 
> Cast the page index to loff_t before shifting to produce a correct
> 64-bit byte offset.
> 
> Fixes: 386292919c25 ("erofs: introduce readmore decompression strategy")
> Fixes: 307210c262a2 ("erofs: verify metadata accesses for file-backed mounts")
> Signed-off-by: Gao Xiang <hsiangkao@linux.alibaba.com>

Reviewed-by: Chao Yu <chao@kernel.org>

Thanks,

Patchew 2.1-devel-ea86937

© 2016 - 2026 Red Hat, Inc.