From mboxrd@z Thu Jan  1 00:00:00 1970
From: npiggin@suse.de
Subject: [patch 4/8] mm: write_cache_pages type overflow fix
Date: Fri, 10 Oct 2008 02:50:43 +1100
Message-ID: <20081009174822.516911376@suse.de>
References: <20081009155039.139856823@suse.de>
Cc: Mikulas Patocka <mpatocka@redhat.com>, linux-mm@kvack.org,
	linux-fsdevel@vger.kernel.org
To: Andrew Morton <akpm@linux-foundation.org>
Return-path: <linux-fsdevel-owner@vger.kernel.org>
Received: from cantor.suse.de ([195.135.220.2]:46825 "EHLO mx1.suse.de"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1754868AbYJIH6m (ORCPT <rfc822;linux-fsdevel@vger.kernel.org>);
	Thu, 9 Oct 2008 03:58:42 -0400
Content-Disposition: inline; filename=mm-wcp-type-overflow-fix.patch
Sender: linux-fsdevel-owner@vger.kernel.org
List-ID: <linux-fsdevel.vger.kernel.org>

In the range_cont case, range_start is set to index << PAGE_CACHE_SHIFT, but
index is a pgoff_t and range_start is loff_t, so we can get truncation of the
value on 32-bit platforms. Fix this by adding the standard loff_t cast.

This is a data interity bug (depending on how range_cont is used).

Signed-off-by: Nick Piggin <npiggin@suse.de>
---
Index: linux-2.6/mm/page-writeback.c
===================================================================
--- linux-2.6.orig/mm/page-writeback.c
+++ linux-2.6/mm/page-writeback.c
@@ -976,7 +976,7 @@ again:
 		mapping->writeback_index = index;
 
 	if (wbc->range_cont)
-		wbc->range_start = index << PAGE_CACHE_SHIFT;
+		wbc->range_start = (loff_t)index << PAGE_CACHE_SHIFT;
 	return ret;
 }
 EXPORT_SYMBOL(write_cache_pages);

--