Commit c99493ce authored Apr 20, 2026 by Gao Xiang

erofs: fix offset truncation when shifting pgoff on 32-bit platforms



On 32-bit platforms, pgoff_t is 32 bits wide, so left-shifting
large arbitrary pgoff_t values by PAGE_SHIFT performs 32-bit arithmetic
and silently truncates the result for pages beyond the 4 GiB boundary.

Cast the page index to loff_t before shifting to produce a correct
64-bit byte offset.

Fixes: 38629291 ("erofs: introduce readmore decompression strategy")
Fixes: 307210c2 ("erofs: verify metadata accesses for file-backed mounts")
Reviewed-by: Chao Yu <chao@kernel.org>
Signed-off-by: Gao Xiang <hsiangkao@linux.alibaba.com>

parent d18a3b5d

fs/erofs/data.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -39,7 +39,7 @@ void erofs_bread(struct erofs_buf buf, erofs_off_t offset, bool need_kmap)
		* However, the data access range must be verified here in advance.
		*/
		if (buf->file) {
		fpos = index << PAGE_SHIFT;
		fpos = (loff_t)index << PAGE_SHIFT;
		err = rw_verify_area(READ, buf->file, &fpos, PAGE_SIZE);
		if (err < 0)
		return ERR_PTR(err);

fs/erofs/zdata.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -1872,7 +1872,7 @@ static void z_erofs_pcluster_readmore(struct z_erofs_frontend *f,

		if (cur < PAGE_SIZE)
		break;
		cur = (index << PAGE_SHIFT) - 1;
		cur = ((loff_t)index << PAGE_SHIFT) - 1;
		}
		}