This patch defines maximum block number to 2^31.
It also converts bitmap_size and array_size to
unsigned int in omfs_get_imap.
Suggested-By: Linus Torvalds <[email protected]>
Suggested-By: Bob Copeland <[email protected]>
Cc: Linus Torvalds <[email protected]>
Cc: Bob Copeland <[email protected]>
Cc: Andrew Morton <[email protected]>
Signed-off-by: Fabian Frederick <[email protected]>
---
This is untested.
fs/omfs/inode.c | 10 +++++++---
fs/omfs/omfs_fs.h | 1 +
2 files changed, 8 insertions(+), 3 deletions(-)
diff --git a/fs/omfs/inode.c b/fs/omfs/inode.c
index ec58c76..70d1d93 100644
--- a/fs/omfs/inode.c
+++ b/fs/omfs/inode.c
@@ -306,9 +306,7 @@ static const struct super_operations omfs_sops = {
*/
static int omfs_get_imap(struct super_block *sb)
{
- int bitmap_size;
- int array_size;
- int count;
+ unsigned int bitmap_size, count, array_size;
struct omfs_sb_info *sbi = OMFS_SB(sb);
struct buffer_head *bh;
unsigned long **ptr;
@@ -473,6 +471,12 @@ static int omfs_fill_super(struct super_block *sb, void *data, int silent)
sbi->s_sys_blocksize = be32_to_cpu(omfs_sb->s_sys_blocksize);
mutex_init(&sbi->s_bitmap_lock);
+ if (sbi->s_num_blocks > OMFS_MAX_BLOCKS) {
+ printk(KERN_ERR "omfs: sysblock number (%llx) is out of range\n",
+ (unsigned long long)sbi->s_num_blocks);
+ goto out_brelse_bh;
+ }
+
if (sbi->s_sys_blocksize > PAGE_SIZE) {
printk(KERN_ERR "omfs: sysblock size (%d) is out of range\n",
sbi->s_sys_blocksize);
diff --git a/fs/omfs/omfs_fs.h b/fs/omfs/omfs_fs.h
index ee5e432..06563ba 100644
--- a/fs/omfs/omfs_fs.h
+++ b/fs/omfs/omfs_fs.h
@@ -18,6 +18,7 @@
#define OMFS_XOR_COUNT 19
#define OMFS_MAX_BLOCK_SIZE 8192
#define OMFS_MAX_CLUSTER_SIZE 8
+#define OMFS_MAX_BLOCKS (1 << 31)
struct omfs_super_block {
char s_fill1[256];
--
1.8.4.5
On Thu, 26 Jun 2014 10:08:04 -0700
Linus Torvalds <[email protected]> wrote:
> On Jun 26, 2014 10:05 AM, "Fabian Frederick" <[email protected]> wrote:
> >
> > +#define OMFS_MAX_BLOCKS (1 << 31)
>
> This is wrong. Think about the types, and what value this has...
>
Hello Linus,
Sorry but I don't see a problem with 2^31 value.
It's being compared to u64 value then used in DIV_ROUND_UP: divided by 8 to fit in unsigned int (maximum 2^32 - 1)... What value should I use ?
Thanks,
Fabian
> Linus
On Thu, 26 Jun 2014 11:35:57 -0700
Linus Torvalds <[email protected]> wrote:
> On Jun 26, 2014 11:28 AM, "Fabian Frederick" <[email protected]> wrote:
> >
> > Sorry but I don't see a problem with 2^31 value.
>
> It's not really 2^31.
>
> It's *negative* 2^31.
>
> 1 is "int", so it's a signed number. With the shift it ends up being a
> signed number with the high bit set. That's just a bad bad idea.
>
> Now, it just so happens that if you always compare it with unsigned
> numbers, C promotion rules will end up promoting it to unsigned and it
> happens to *work*, but that is more luck than design.
>
> So I'd suggest using 0x80000000 (which is unsigned) or use (1ul<<31) or
> similar explicit C typing.
Ok, I understand now. Thanks a lot for taking the time to explain Linus.
It really means a lot to me.
Fabian
>
> Linus