From: Dmitry Kandybka <d.kandybka@gmail.com>
Date: Tue, 22 Apr 2025 09:32:04 +0000 (+0300)
Subject: ceph: fix possible integer overflow in ceph_zero_objects()
X-Git-Tag: v6.16-rc1~21^2~3
X-Git-Url: https://git.kernel.dk/?a=commitdiff_plain;h=0abd87942e0c93964e93224836944712feba1d91;p=linux-block.git

ceph: fix possible integer overflow in ceph_zero_objects()

In 'ceph_zero_objects', promote 'object_size' to 'u64' to avoid possible
integer overflow.

Compile tested only.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Signed-off-by: Dmitry Kandybka <d.kandybka@gmail.com>
Reviewed-by: Viacheslav Dubeyko <Slava.Dubeyko@ibm.com>
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
---

diff --git a/fs/ceph/file.c b/fs/ceph/file.c
index 851d70200c6b..a7254cab44cc 100644
--- a/fs/ceph/file.c
+++ b/fs/ceph/file.c
@@ -2616,7 +2616,7 @@ static int ceph_zero_objects(struct inode *inode, loff_t offset, loff_t length)
 	s32 stripe_unit = ci->i_layout.stripe_unit;
 	s32 stripe_count = ci->i_layout.stripe_count;
 	s32 object_size = ci->i_layout.object_size;
-	u64 object_set_size = object_size * stripe_count;
+	u64 object_set_size = (u64) object_size * stripe_count;
 	u64 nearly, t;
 
 	/* round offset up to next period boundary */