xfs: fix integer overflow in bmap intent sort comparator

commit 362c490980867930a098b99f421268fbd7ca05fd upstream. xfs_bmap_update_diff_items() sorts bmap intents by inode number using a subtraction of two xfs_ino_t (uint64_t) values, with the result truncated to int. This is incorrect when two inode numbers differ by more than INT_MAX (2^31 - 1), which is entirely possible on large XFS filesystems. Fix this by replacing the subtraction with cmp_int(). Cc: <stable@vger.kernel.org> # v4.9 Fixes: 9f3afb57d5f1 ("xfs: implement deferred bmbt map/unmap operations") Signed-off-by: Long Li <leo.lilong@huawei.com> Reviewed-by: Darrick J. Wong <djwong@kernel.org> Signed-off-by: Carlos Maiolino <cem@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
author: Long Li <leo.lilong@huawei.com> 2026-03-10 20:32:33 +0800
committer: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2026-03-19 16:08:42 +0100
commit: 2b4492d9ed0f2c4e71c0e70d9bffcb1aeab04a6e (patch)
tree: 26432c3a7d191c36e2080ed8badd314742c6bbf3
parent: 316cc7b63fd580f1a215e3f96769cdb70e577ea2 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/fs/xfs/xfs_bmap_item.c b/fs/xfs/xfs_bmap_item.c
index 80f0c4bcc483..bcc89d65de7f 100644
--- a/fs/xfs/xfs_bmap_item.c
+++ b/fs/xfs/xfs_bmap_item.c
@@ -247,7 +247,7 @@ xfs_bmap_update_diff_items(
 	struct xfs_bmap_intent		*ba = bi_entry(a);
 	struct xfs_bmap_intent		*bb = bi_entry(b);
 
-	return ba->bi_owner->i_ino - bb->bi_owner->i_ino;
+	return cmp_int(ba->bi_owner->i_ino, bb->bi_owner->i_ino);
 }
 
 /* Log bmap updates in the intent item. */
author	Long Li <leo.lilong@huawei.com>	2026-03-10 20:32:33 +0800
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2026-03-19 16:08:42 +0100
commit	2b4492d9ed0f2c4e71c0e70d9bffcb1aeab04a6e (patch)
tree	26432c3a7d191c36e2080ed8badd314742c6bbf3
parent	316cc7b63fd580f1a215e3f96769cdb70e577ea2 (diff)