From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <stable-owner@vger.kernel.org>
Received: from mail-sn1nam01on0125.outbound.protection.outlook.com ([104.47.32.125]:4176
        "EHLO NAM01-SN1-obe.outbound.protection.outlook.com"
        rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP
        id S1753956AbeARVGN (ORCPT <rfc822;stable@vger.kernel.org>);
        Thu, 18 Jan 2018 16:06:13 -0500
From: Sasha Levin <Alexander.Levin@microsoft.com>
To: "stable@vger.kernel.org" <stable@vger.kernel.org>,
        "stable-commits@vger.kernel.org" <stable-commits@vger.kernel.org>
CC: David Howells <dhowells@redhat.com>,
        Sasha Levin <Alexander.Levin@microsoft.com>
Subject: [added to the 4.1 stable tree] afs: Fix the maths in
 afs_fs_store_data()
Date: Thu, 18 Jan 2018 21:01:34 +0000
Message-ID: <20180118205908.3220-244-alexander.levin@microsoft.com>
References: <20180118205908.3220-1-alexander.levin@microsoft.com>
In-Reply-To: <20180118205908.3220-1-alexander.levin@microsoft.com>
Content-Language: en-US
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Sender: stable-owner@vger.kernel.org
List-ID: <stable.vger.kernel.org>

From: David Howells <dhowells@redhat.com>

This patch has been added to the  stable tree. If you have any
objections, please let us know.

=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D

[ Upstream commit 146a1192783697810b63a1e41c4d59fc93387340 ]

afs_fs_store_data() works out of the size of the write it's going to make,
but it uses 32-bit unsigned subtraction in one place that gets
automatically cast to loff_t.

However, if to < offset, then the number goes negative, but as the result
isn't signed, this doesn't get sign-extended to 64-bits when placed in a
loff_t.

Fix by casting the operands to loff_t.

Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
---
 fs/afs/fsclient.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fs/afs/fsclient.c b/fs/afs/fsclient.c
index c775fefe3ffe..0c8399e0fdac 100644
--- a/fs/afs/fsclient.c
+++ b/fs/afs/fsclient.c
@@ -1225,7 +1225,7 @@ int afs_fs_store_data(struct afs_server *server, stru=
ct afs_writeback *wb,
 	_enter(",%x,{%x:%u},,",
 	       key_serial(wb->key), vnode->fid.vid, vnode->fid.vnode);
=20
-	size =3D to - offset;
+	size =3D (loff_t)to - (loff_t)offset;
 	if (first !=3D last)
 		size +=3D (loff_t)(last - first) << PAGE_SHIFT;
 	pos =3D (loff_t)first << PAGE_SHIFT;
--=20
2.11.0