From: Mikhail Pershin <mike.pershin@intel.com>
Date: Wed, 30 Sep 2015 18:11:04 +0000 (+0300)
Subject: LU-6584 osd: prevent int type overflow in osd_read_prep()
X-Git-Tag: 2.7.62~36
X-Git-Url: https://git.whamcloud.com/?p=fs%2Flustre-release.git;a=commitdiff_plain;h=efe3842c76b8041a048457779554ffa5ba76567d

LU-6584 osd: prevent int type overflow in osd_read_prep()

There is possible type overflow in osd_read_prep() that may
cause too big value in lnb_rc followed by assertion.

Signed-off-by: Mikhail Pershin <mike.pershin@intel.com>
Change-Id: If17b533e7d0dcae7db57eefc0e5981821f628c56
Reviewed-on: http://review.whamcloud.com/16685
Tested-by: Jenkins
Reviewed-by: Alex Zhuravlev <alexey.zhuravlev@intel.com>
Reviewed-by: Andreas Dilger <andreas.dilger@intel.com>
Tested-by: Cliff White <cliff.white@intel.com>
Tested-by: Maloo <hpdd-maloo@intel.com>
Reviewed-by: Oleg Drokin <oleg.drokin@intel.com>
---

diff --git a/lustre/osd-zfs/osd_io.c b/lustre/osd-zfs/osd_io.c
index 004cccf..036e780 100644
--- a/lustre/osd-zfs/osd_io.c
+++ b/lustre/osd-zfs/osd_io.c
@@ -862,7 +862,6 @@ static int osd_read_prep(const struct lu_env *env, struct dt_object *dt,
 {
 	struct osd_object *obj  = osd_dt_obj(dt);
 	int                i;
-	unsigned long	   size = 0;
 	loff_t		   eof;
 
 	LASSERT(dt_object_exists(dt));
@@ -877,12 +876,12 @@ static int osd_read_prep(const struct lu_env *env, struct dt_object *dt,
 			continue;
 
 		lnb[i].lnb_rc = lnb[i].lnb_len;
-		size += lnb[i].lnb_rc;
 
-		if (lnb[i].lnb_file_offset + lnb[i].lnb_len > eof) {
-			lnb[i].lnb_rc = eof - lnb[i].lnb_file_offset;
-			if (lnb[i].lnb_rc < 0)
+		if (lnb[i].lnb_file_offset + lnb[i].lnb_len >= eof) {
+			if (eof <= lnb[i].lnb_file_offset)
 				lnb[i].lnb_rc = 0;
+			else
+				lnb[i].lnb_rc = eof - lnb[i].lnb_file_offset;
 
 			/* all subsequent rc should be 0 */
 			while (++i < npages)