[PATCH] vfs: calculate seek offsets using unsigned variables

[PATCH] vfs: calculate seek offsets using unsigned variables

[Sasha Levin]

Adding two loff_ts means adding two signed integers. Adding two such integers
when they are unchecked might cause an overflow which is undefined for
signed integers.

Avoid it by doing the math using unsigned cast and casting it back implicitly
into loff_t.

Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
 fs/read_write.c |    4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/fs/read_write.c b/fs/read_write.c
index c0805c9..54311f4 100644
--- a/fs/read_write.c
+++ b/fs/read_write.c
@@ -91,7 +91,7 @@ generic_file_llseek_size(struct file *file, loff_t offset, int whence,
 {
 	switch (whence) {
 	case SEEK_END:
-		offset += eof;
+		offset += (u64)eof;
 		break;
 	case SEEK_CUR:
 		/*
@@ -108,7 +108,7 @@ generic_file_llseek_size(struct file *file, loff_t offset, int whence,
 		 * like SEEK_SET.
 		 */
 		spin_lock(&file->f_lock);
-		offset = vfs_setpos(file, file->f_pos + offset, maxsize);
+		offset = vfs_setpos(file, (u64)file->f_pos + offset, maxsize);
 		spin_unlock(&file->f_lock);
 		return offset;
 	case SEEK_DATA:
-- 
1.7.10.4

[PATCH] fs: sync_file_range: avoid overflowing signed calculation

[Sasha Levin]

When calculating the end byte for the sync we preform an addition which might
result in an overflow, which is undefined. Avoid it by doing unsigned
addition.

Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
---
 fs/sync.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fs/sync.c b/fs/sync.c
index 6ccfc38..f9cb38f 100644
--- a/fs/sync.c
+++ b/fs/sync.c
@@ -286,7 +286,7 @@ SYSCALL_DEFINE4(sync_file_range, int, fd, loff_t, offset, loff_t, nbytes,
 	if (flags & ~VALID_FLAGS)
 		goto out;
 
-	endbyte = offset + nbytes;
+	endbyte = offset + (u64)nbytes;
 
 	if ((s64)offset < 0)
 		goto out;
-- 
1.7.10.4