bcachefs: BCH_SB_LAYOUT_SIZE_BITS_MAX

Define a constant for the max superblock size, to avoid a too-large
shift.

Reported-by: syzbot+a8b0fb419355c91dda7f@syzkaller.appspotmail.com
Signed-off-by: Kent Overstreet <kent.overstreet@linux.dev>

diff --git a/fs/bcachefs/bcachefs_format.h b/fs/bcachefs/bcachefs_format.h
index 8345a2b2d05be0c1fe4a3707bfb192c30f8f9dc0..2e8b1a489c2092be316aa08217477a9f3389337e 100644 (file)
--- a/fs/bcachefs/bcachefs_format.h
+++ b/fs/bcachefs/bcachefs_format.h
@@ -903,6 +903,8 @@ unsigned bcachefs_metadata_required_upgrade_below = bcachefs_metadata_version_re
 #define BCH_SB_SECTOR                  8
 #define BCH_SB_MEMBERS_MAX             64 /* XXX kill */
 
+#define BCH_SB_LAYOUT_SIZE_BITS_MAX    16 /* 32 MB */
+
 struct bch_sb_layout {
        __uuid_t                magic;  /* bcachefs superblock UUID */
        __u8                    layout_type;

diff --git a/fs/bcachefs/super-io.c b/fs/bcachefs/super-io.c
index e7527d551e3c87903a71a9c7e8bbc20ba9994e4c..989d16bba8f08d932bc754ef1ceb2a457ac2528d 100644 (file)
--- a/fs/bcachefs/super-io.c
+++ b/fs/bcachefs/super-io.c
@@ -649,7 +649,7 @@ reread:
 
        bytes = vstruct_bytes(sb->sb);
 
-       if (bytes > 512 << sb->sb->layout.sb_max_size_bits) {
+       if (bytes > 512ULL << min(BCH_SB_LAYOUT_SIZE_BITS_MAX, sb->sb->layout.sb_max_size_bits)) {
                prt_printf(err, "Invalid superblock: too big (got %zu bytes, layout max %lu)",
                       bytes, 512UL << sb->sb->layout.sb_max_size_bits);
                return -BCH_ERR_invalid_sb_too_big;