[Devel] dm: ploop: arithemtic overflow in ploop

Fri May 10 15:54:28 MSK 2024

Images of size > 2TB are corrupted!

https://pmc.acronis.work/browse/TTASK-68430

Signed-off-by: Alexey Kuznetsov <kuznet at acronis.com>
---
 drivers/md/dm-ploop.h | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/md/dm-ploop.h b/drivers/md/dm-ploop.h
index db36687..e693d0e 100644
--- a/drivers/md/dm-ploop.h
+++ b/drivers/md/dm-ploop.h
@@ -317,7 +317,7 @@ static inline void ploop_remap_to_cluster(struct ploop *ploop,
 					  struct pio *pio, u32 clu)
 {
 	pio->bi_iter.bi_sector &= ((1 << ploop->cluster_log) - 1);
-	pio->bi_iter.bi_sector |= (clu << ploop->cluster_log);
+	pio->bi_iter.bi_sector |= ((u64)clu << ploop->cluster_log);
 }
 
 static inline bool ploop_whole_cluster(struct ploop *ploop, struct pio *pio)
-- 
1.8.3.1

