xref: /OK3568_Linux_fs/buildroot/boot/grub2/0068-zfs-Fix-possible-negative-shift-operation.patch (revision 4882a59341e53eb6f0b4789bf948001014eff981) 
1*4882a593SmuzhiyunFrom a02091834d3e167320d8a262ff04b8e83c5e616d Mon Sep 17 00:00:00 2001
2*4882a593SmuzhiyunFrom: Darren Kenny <darren.kenny@oracle.com>
3*4882a593SmuzhiyunDate: Tue, 24 Nov 2020 16:41:49 +0000
4*4882a593SmuzhiyunSubject: [PATCH] zfs: Fix possible negative shift operation
5*4882a593Smuzhiyun
6*4882a593SmuzhiyunWhile it is possible for the return value from zfs_log2() to be zero
7*4882a593Smuzhiyun(0), it is quite unlikely, given that the previous assignment to blksz
8*4882a593Smuzhiyunis shifted up by SPA_MINBLOCKSHIFT (9) before 9 is subtracted at the
9*4882a593Smuzhiyunassignment to epbs.
10*4882a593Smuzhiyun
11*4882a593SmuzhiyunBut, while unlikely during a normal operation, it may be that a carefully
12*4882a593Smuzhiyuncrafted ZFS filesystem could result in a zero (0) value to the
13*4882a593Smuzhiyundn_datalbkszsec field, which means that the shift left does nothing
14*4882a593Smuzhiyunand assigns zero (0) to blksz, resulting in a negative epbs value.
15*4882a593Smuzhiyun
16*4882a593SmuzhiyunFixes: CID 73608
17*4882a593Smuzhiyun
18*4882a593SmuzhiyunSigned-off-by: Darren Kenny <darren.kenny@oracle.com>
19*4882a593SmuzhiyunReviewed-by: Daniel Kiper <daniel.kiper@oracle.com>
20*4882a593SmuzhiyunSigned-off-by: Stefan Sørensen <stefan.sorensen@spectralink.com>
21*4882a593Smuzhiyun---
22*4882a593Smuzhiyun grub-core/fs/zfs/zfs.c | 5 +++++
23*4882a593Smuzhiyun 1 file changed, 5 insertions(+)
24*4882a593Smuzhiyun
25*4882a593Smuzhiyundiff --git a/grub-core/fs/zfs/zfs.c b/grub-core/fs/zfs/zfs.c
26*4882a593Smuzhiyunindex 36d0373..0c42cba 100644
27*4882a593Smuzhiyun--- a/grub-core/fs/zfs/zfs.c
28*4882a593Smuzhiyun+++ b/grub-core/fs/zfs/zfs.c
29*4882a593Smuzhiyun@@ -2667,6 +2667,11 @@ dnode_get (dnode_end_t * mdn, grub_uint64_t objnum, grub_uint8_t type,
30*4882a593Smuzhiyun   blksz = grub_zfs_to_cpu16 (mdn->dn.dn_datablkszsec,
31*4882a593Smuzhiyun 			     mdn->endian) << SPA_MINBLOCKSHIFT;
32*4882a593Smuzhiyun   epbs = zfs_log2 (blksz) - DNODE_SHIFT;
33*4882a593Smuzhiyun+
34*4882a593Smuzhiyun+  /* While this should never happen, we should check that epbs is not negative. */
35*4882a593Smuzhiyun+  if (epbs < 0)
36*4882a593Smuzhiyun+    epbs = 0;
37*4882a593Smuzhiyun+
38*4882a593Smuzhiyun   blkid = objnum >> epbs;
39*4882a593Smuzhiyun   idx = objnum & ((1 << epbs) - 1);
40*4882a593Smuzhiyun
41*4882a593Smuzhiyun--
42*4882a593Smuzhiyun2.14.2
43*4882a593Smuzhiyun
44