[PATCH 6.15 074/263] ceph: fix possible integer overflow in ceph_zero_objects()

3 Jul 2025

6.15-stable review patch.  If anyone has any objections, please let me know.
------------------
From: Dmitry Kandybka d.kandybka@gmail.com
[ Upstream commit 0abd87942e0c93964e93224836944712feba1d91 ]
In 'ceph_zero_objects', promote 'object_size' to 'u64' to avoid possible
integer overflow.
Compile tested only.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Signed-off-by: Dmitry Kandybka d.kandybka@gmail.com
Reviewed-by: Viacheslav Dubeyko Slava.Dubeyko@ibm.com
Signed-off-by: Ilya Dryomov idryomov@gmail.com
Signed-off-by: Sasha Levin sashal@kernel.org
---
 fs/ceph/file.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fs/ceph/file.c b/fs/ceph/file.c
index 851d70200c6b8..a7254cab44cc2 100644
--- a/fs/ceph/file.c
+++ b/fs/ceph/file.c
@@ -2616,7 +2616,7 @@ static int ceph_zero_objects(struct inode *inode, loff_t offset, loff_t length)
    s32 stripe_unit = ci->i_layout.stripe_unit;
    s32 stripe_count = ci->i_layout.stripe_count;
    s32 object_size = ci->i_layout.object_size;
-	u64 object_set_size = object_size * stripe_count;
+	u64 object_set_size = (u64) object_size * stripe_count;
    u64 nearly, t;
/* round offset up to next period boundary */
-- 
2.39.5





    

2025

2024

2023

2022

2021

2020

2019

2018

2017

[PATCH 6.15 074/263] ceph: fix possible integer overflow in ceph_zero_objects()