From 7bc3dfa37ba6f6ea81c362eb1993bd20c0828eae Mon Sep 17 00:00:00 2001
From: Vitaly Osipov <vitaly.osipov@gmail.com>
Date: Sun, 27 Apr 2014 01:08:21 +1000
Subject: [PATCH] staging: lustre: check for integer overflow

In ll_ioctl_fiemap(), a user-supplied value is used to calculate a
length of a buffer which is later allocated with user data.

Signed-off-by: Vitaly Osipov <vitaly.osipov@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/staging/lustre/lustre/llite/file.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/drivers/staging/lustre/lustre/llite/file.c b/drivers/staging/lustre/lustre/llite/file.c
index 562e33751197..d87f96d9e0fa 100644
--- a/drivers/staging/lustre/lustre/llite/file.c
+++ b/drivers/staging/lustre/lustre/llite/file.c
@@ -1829,6 +1829,10 @@ static int ll_ioctl_fiemap(struct inode *inode, unsigned long arg)
 	if (get_user(extent_count,
 	    &((struct ll_user_fiemap __user *)arg)->fm_extent_count))
 		return -EFAULT;
+
+	if (extent_count >=
+	    (SIZE_MAX - sizeof(*fiemap_s)) / sizeof(struct ll_fiemap_extent))
+		return -EINVAL;
 	num_bytes = sizeof(*fiemap_s) + (extent_count *
 					 sizeof(struct ll_fiemap_extent));
 
-- 
2.34.1