iomap: fix integer truncation issues in the zeroing and dirtying helpers

commit e28ae8e428fefe2facd72cea9f29906ecb9c861d upstream.

Fix the min_t calls in the zeroing and dirtying helpers to perform the
comparisms on 64-bit types, which prevents them from incorrectly
being truncated, and larger zeroing operations being stuck in a never
ending loop.

Special thanks to Markus Stockhausen for spotting the bug.

Reported-by: Paul Menzel <pmenzel@molgen.mpg.de>
Tested-by: Paul Menzel <pmenzel@molgen.mpg.de>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Darrick J. Wong <darrick.wong@oracle.com>
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/fs/iomap.c b/fs/iomap.c
index 798c291..a49db88 100644 (file)
--- a/fs/iomap.c
+++ b/fs/iomap.c
@@ -281,7 +281,7 @@ iomap_dirty_actor(struct inode *inode, loff_t pos, loff_t length, void *data,
                unsigned long bytes;    /* Bytes to write to page */
 
                offset = (pos & (PAGE_SIZE - 1));
-               bytes = min_t(unsigned long, PAGE_SIZE - offset, length);
+               bytes = min_t(loff_t, PAGE_SIZE - offset, length);
 
                rpage = __iomap_read_page(inode, pos);
                if (IS_ERR(rpage))
@@ -376,7 +376,7 @@ iomap_zero_range_actor(struct inode *inode, loff_t pos, loff_t count,
                unsigned offset, bytes;
 
                offset = pos & (PAGE_SIZE - 1); /* Within page */
-               bytes = min_t(unsigned, PAGE_SIZE - offset, count);
+               bytes = min_t(loff_t, PAGE_SIZE - offset, count);
 
                if (IS_DAX(inode))
                        status = iomap_dax_zero(pos, offset, bytes, iomap);