bcachefs: Fix shift overflow in read_one_super()

Reported-by: syzbot+9f74cb4006b83e2a3df1@syzkaller.appspotmail.com
Signed-off-by: Kent Overstreet <kent.overstreet@linux.dev>

diff --git a/fs/bcachefs/super-io.c b/fs/bcachefs/super-io.c
index 055478d21e9ef86a7cacc99067099412c16ac115..b156fc85b8a3eb9b93283ec9187412f503ca9183 100644 (file)
--- a/fs/bcachefs/super-io.c
+++ b/fs/bcachefs/super-io.c
@@ -649,9 +649,10 @@ reread:
 
        bytes = vstruct_bytes(sb->sb);
 
-       if (bytes > 512ULL << min(BCH_SB_LAYOUT_SIZE_BITS_MAX, sb->sb->layout.sb_max_size_bits)) {
-               prt_printf(err, "Invalid superblock: too big (got %zu bytes, layout max %lu)",
-                      bytes, 512UL << sb->sb->layout.sb_max_size_bits);
+       u64 sb_size = 512ULL << min(BCH_SB_LAYOUT_SIZE_BITS_MAX, sb->sb->layout.sb_max_size_bits);
+       if (bytes > sb_size) {
+               prt_printf(err, "Invalid superblock: too big (got %zu bytes, layout max %llu)",
+                          bytes, sb_size);
                return -BCH_ERR_invalid_sb_too_big;
        }