From 09713a6053bf4b6d0329431e037969a1c8e1ab7c Mon Sep 17 00:00:00 2001
From: Marco Nelissen <marco.nelissen@gmail.com>
Date: Mon, 10 Feb 2025 14:55:38 +0800
Subject: [PATCH] iomap: avoid avoid truncating 64-bit offset to 32 bits

mainline inclusion
from mainline-v6.10-rc2
commit c13094b894de289514d84b8db56d1f2931a0bade
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/IBJXF0
CVE: CVE-2025-21667

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=c13094b894de289514d84b8db56d1f2931a0bade

--------------------------------

on 32-bit kernels, iomap_write_delalloc_scan() was inadvertently using a
32-bit position due to folio_next_index() returning an unsigned long.
This could lead to an infinite loop when writing to an xfs filesystem.

Signed-off-by: Marco Nelissen <marco.nelissen@gmail.com>
Link: https://lore.kernel.org/r/20250109041253.2494374-1-marco.nelissen@gmail.com
Reviewed-by: Darrick J. Wong <djwong@kernel.org>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Christian Brauner <brauner@kernel.org>
Conflicts:
	fs/xfs/xfs_iomap.c
	fs/iomap/buffered-io.c
[Conflicts due to not merged 492f53758fad ("iomap: pass the iomap to the
punch callback")]
Signed-off-by: Long Li <leo.lilong@huawei.com>
---
 fs/xfs/xfs_iomap.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fs/xfs/xfs_iomap.c b/fs/xfs/xfs_iomap.c
index dc01689988ab..496d8950d5bf 100644
--- a/fs/xfs/xfs_iomap.c
+++ b/fs/xfs/xfs_iomap.c
@@ -1195,7 +1195,7 @@ xfs_iomap_write_delalloc_scan(
 		}
 
 		/* move offset to start of next folio in range */
-		start_byte = (page->index + 1) << PAGE_SHIFT;
+		start_byte = page_offset(page) + PAGE_SIZE;
 		unlock_page(page);
 		put_page(page);
 	}
-- 
Gitee