From 35050ef39ec1cfeba08f18d4c209fc9a4d3ec041 Mon Sep 17 00:00:00 2001 From: Tom Caputi Date: Thu, 6 Jun 2019 15:59:39 -0400 Subject: [PATCH] Fix integer overflow of ZTOI(zp)->i_generation The ZFS on-disk format stores each inode's generation ID as a 64 bit number on disk and in-core. However, the Linux kernel's inode is only a 32 bit number. In most places, the code handles this correctly, but the cast is missing in zfs_rezget(). For many pools, this isn't an issue since the generation ID is computed as the current txg when the inode is created and many pools don't have more than 2^32 txgs. For the pools that have more txgs, this issue causes any inode with a high enough generation number to report IO errors after a call to "zfs rollback" while holding the file or directory open. This patch simply adds the missing cast. Reviewed-by: Alek Pinchuk Reviewed-by: George Melikov Reviewed-by: Brian Behlendorf Signed-off-by: Tom Caputi Closes #8858 --- module/zfs/zfs_znode.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/module/zfs/zfs_znode.c b/module/zfs/zfs_znode.c index 77eb8bb912..d5ed4af702 100644 --- a/module/zfs/zfs_znode.c +++ b/module/zfs/zfs_znode.c @@ -1255,7 +1255,7 @@ zfs_rezget(znode_t *zp) ZFS_TIME_DECODE(&ZTOI(zp)->i_mtime, mtime); ZFS_TIME_DECODE(&ZTOI(zp)->i_ctime, ctime); - if (gen != ZTOI(zp)->i_generation) { + if ((uint32_t)gen != ZTOI(zp)->i_generation) { zfs_znode_dmu_fini(zp); zfs_znode_hold_exit(zfsvfs, zh); return (SET_ERROR(EIO));