[lvc-project] [PATCH] bcachefs: avoid truncating fiemap extent length

[Mikhail Dmitrichenko]

bkey sizes are stored in sectors as u32, while fiemap reports byte
lengths as u64. Shifting k.k->size before widening performs the
conversion in 32 bits, so an extent of 4 GiB or larger can wrap before
it is passed to fiemap_fill_next_extent().

Compute the byte length after casting the sector count to u64 and reuse
it for all bch2_fill_extent() cases.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Signed-off-by: Mikhail Dmitrichenko <mdmitrichenko at astralinux.ru>
---
 fs/bcachefs/vfs/fiemap.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/fs/bcachefs/vfs/fiemap.c b/fs/bcachefs/vfs/fiemap.c
index 067e191cf8d0..18a44622a7b0 100644
--- a/fs/bcachefs/vfs/fiemap.c
+++ b/fs/bcachefs/vfs/fiemap.c
@@ -23,6 +23,7 @@ static int bch2_fill_extent(struct bch_fs *c,
 			    struct bch_fiemap_extent *fe)
 {
 	struct bkey_s_c k = bkey_i_to_s_c(fe->kbuf.k);
+	u64 len = (u64) k.k->size << 9;
 	unsigned flags = fe->flags;
 
 	BUG_ON(!k.k->size);
@@ -54,20 +55,20 @@ static int bch2_fill_extent(struct bch_fs *c,
 			try(fiemap_fill_next_extent(info,
 						bkey_start_offset(k.k) << 9,
 						offset << 9,
-						k.k->size << 9, flags|flags2));
+						len, flags|flags2));
 		}
 
 		return 0;
 	} else if (bkey_extent_is_inline_data(k.k)) {
 		return fiemap_fill_next_extent(info,
 					       bkey_start_offset(k.k) << 9,
-					       0, k.k->size << 9,
+					       0, len,
 					       flags|
 					       FIEMAP_EXTENT_DATA_INLINE);
 	} else if (k.k->type == KEY_TYPE_reservation) {
 		return fiemap_fill_next_extent(info,
 					       bkey_start_offset(k.k) << 9,
-					       0, k.k->size << 9,
+					       0, len,
 					       flags|
 					       FIEMAP_EXTENT_DELALLOC|
 					       FIEMAP_EXTENT_UNWRITTEN);
-- 
2.54.0.windows.1