On 2019/3/19 下午2:48, Nikolay Borisov wrote:
>
>
> On 19.03.19 г. 6:46 ч., Qu Wenruo wrote:
>>
>>
>> On 2019/3/18 下午11:45, Nikolay Borisov wrote:
>>> qgroup_rsv_size is calculated as the product of
>>> outstanding_extent * fs_info->nodesize. The product is calculated with
>>> 32 bith precision since both variables are defined as u32. Yet
>>> qgroup_rsv_size expects a 64 bit result.
>>>
>>> Avoid possible multiplication overflow by casting outstanding_extent to
>>> u64.
>>>
>>> Fixes-coverity-id: 1435101
>>> ff6bc37eb7f6 ("btrfs: qgroup: Use independent and accurate per inode qgroup rsv")
>>>
>>> Signed-off-by: Nikolay Borisov <nborisov@xxxxxxxx>
>>> ---
>>> fs/btrfs/extent-tree.c | 2 +-
>>> 1 file changed, 1 insertion(+), 1 deletion(-)
>>>
>>> diff --git a/fs/btrfs/extent-tree.c b/fs/btrfs/extent-tree.c
>>> index b085d8215f0e..beddf9eef4a2 100644
>>> --- a/fs/btrfs/extent-tree.c
>>> +++ b/fs/btrfs/extent-tree.c
>>> @@ -6173,7 +6173,7 @@ static void btrfs_calculate_inode_block_rsv_size(struct btrfs_fs_info *fs_info,
>>> *
>>> * This is overestimating in most cases.
>>> */
>>> - qgroup_rsv_size = outstanding_extents * fs_info->nodesize;
>>> + qgroup_rsv_size = (u64) outstanding_extents * fs_info->nodesize;
>>
>> I'm a little uncertain about what's the proper way to do a u32 * u32 and
>> get a u64 in C.
>>
>> For division we have DIV macro but not for multiple.
>
> You should definitely read this:
>
> https://wiki.sei.cmu.edu/confluence/display/c/INT18-C.+Evaluate+integer+expressions+in+a+larger+size+before+comparing+or+assigning+to+that+size
>
> In particular the 2nd "Noncompliant Code Example
> " described there is exactly the case you have in this code.
Reviewed-by: Qu Wenruo <wqu@xxxxxxxx>
Thanks,
Qu
>
>>
>> Thanks,
>> Qu
>>
>>>
>>> spin_lock(&block_rsv->lock);
>>> block_rsv->size = reserve_size;
>>>
>>
