[PATCH] ext4: check if offset+length is within a valid range in fallocate
4 views
Skip to first unread message
Tadeusz Struk
Mar 15, 2022, 3:26:57 PM3/15/22
to syzbot+fcc629...@syzkaller.appspotmail.com, syzkall...@googlegroups.com, tadeus...@linaro.org
#syz test: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
==============================================
diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c
index 01c9e4f743ba..dd9c35113efe 100644
--- a/fs/ext4/inode.c
+++ b/fs/ext4/inode.c
@@ -3924,7 +3924,8 @@ int ext4_punch_hole(struct inode *inode, loff_t offset, loff_t length)
struct super_block *sb = inode->i_sb;
ext4_lblk_t first_block, stop_block;
struct address_space *mapping = inode->i_mapping;
- loff_t first_block_offset, last_block_offset;
+ loff_t first_block_offset, last_block_offset, max_length;
+ struct ext4_sb_info *sbi = EXT4_SB(inode->i_sb);
handle_t *handle;
unsigned int credits;
int ret = 0, ret2 = 0;
@@ -3967,6 +3968,16 @@ int ext4_punch_hole(struct inode *inode, loff_t offset, loff_t length)
offset;
}
+ /*
+ * For punch hole the length + offset needs to be at least within
+ * one block before last
+ */
+ max_length = sbi->s_bitmap_maxbytes - sbi->s_blocksize;
+ if (offset + length >= max_length) {
+ ret = -ENOSPC;
+ goto out_mutex;
+ }
+
if (offset & (sb->s_blocksize - 1) ||
(offset + length) & (sb->s_blocksize - 1)) {
/*
--
2.35.1
==============================================
diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c
index 01c9e4f743ba..dd9c35113efe 100644
--- a/fs/ext4/inode.c
+++ b/fs/ext4/inode.c
@@ -3924,7 +3924,8 @@ int ext4_punch_hole(struct inode *inode, loff_t offset, loff_t length)
struct super_block *sb = inode->i_sb;
ext4_lblk_t first_block, stop_block;
struct address_space *mapping = inode->i_mapping;
- loff_t first_block_offset, last_block_offset;
+ loff_t first_block_offset, last_block_offset, max_length;
+ struct ext4_sb_info *sbi = EXT4_SB(inode->i_sb);
handle_t *handle;
unsigned int credits;
int ret = 0, ret2 = 0;
@@ -3967,6 +3968,16 @@ int ext4_punch_hole(struct inode *inode, loff_t offset, loff_t length)
offset;
}
+ /*
+ * For punch hole the length + offset needs to be at least within
+ * one block before last
+ */
+ max_length = sbi->s_bitmap_maxbytes - sbi->s_blocksize;
+ if (offset + length >= max_length) {
+ ret = -ENOSPC;
+ goto out_mutex;
+ }
+
if (offset & (sb->s_blocksize - 1) ||
(offset + length) & (sb->s_blocksize - 1)) {
/*
--
2.35.1
Tadeusz Struk
Mar 15, 2022, 3:29:55 PM3/15/22
to syzbot+7a8060...@syzkaller.appspotmail.com, syzkall...@googlegroups.com, tadeus...@linaro.org
Tadeusz Struk
Mar 15, 2022, 3:31:16 PM3/15/22
to syzbot+7a8060...@syzkaller.appspotmail.com, syzkall...@googlegroups.com, tadeus...@linaro.org
syzbot
Mar 15, 2022, 4:26:10 PM3/15/22
to syzkall...@googlegroups.com, tadeus...@linaro.org
Hello,
syzbot tried to test the proposed patch but the build/boot failed:
fs/ext4/inode.c:3975:43: error: 'struct ext4_sb_info' has no member named 's_blocksize'
Tested on:
commit: 56e337f2 Revert "gpio: Revert regression in sysfs-gpio..
git tree: upstream
dashboard link: https://syzkaller.appspot.com/bug?extid=fcc629d1a1ae8d3fe8a5
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
patch: https://syzkaller.appspot.com/x/patch.diff?x=1087bb41700000
syzbot tried to test the proposed patch but the build/boot failed:
fs/ext4/inode.c:3975:43: error: 'struct ext4_sb_info' has no member named 's_blocksize'
Tested on:
commit: 56e337f2 Revert "gpio: Revert regression in sysfs-gpio..
git tree: upstream
dashboard link: https://syzkaller.appspot.com/bug?extid=fcc629d1a1ae8d3fe8a5
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
patch: https://syzkaller.appspot.com/x/patch.diff?x=1087bb41700000
Tadeusz Struk
Mar 15, 2022, 4:40:52 PM3/15/22
to syzbot+fcc629...@syzkaller.appspotmail.com, syzkall...@googlegroups.com, tadeus...@linaro.org
#syz test: https://android.googlesource.com/kernel/common android12-5.10
==============================================
diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c
index 01c9e4f743ba..dd9c35113efe 100644
--- a/fs/ext4/inode.c
+++ b/fs/ext4/inode.c
@@ -3924,7 +3924,8 @@ int ext4_punch_hole(struct inode *inode, loff_t offset, loff_t length)
struct super_block *sb = inode->i_sb;
ext4_lblk_t first_block, stop_block;
struct address_space *mapping = inode->i_mapping;
- loff_t first_block_offset, last_block_offset;
+ loff_t first_block_offset, last_block_offset, max_length;
+ struct ext4_sb_info *sbi = EXT4_SB(inode->i_sb);
handle_t *handle;
unsigned int credits;
int ret = 0, ret2 = 0;
@@ -3967,6 +3968,16 @@ int ext4_punch_hole(struct inode *inode, loff_t offset, loff_t length)
offset;
}
+ /*
+ * For punch hole the length + offset needs to be at least within
+ * one block before last
+ */
+ max_length = sbi->s_bitmap_maxbytes - inode->i_sb->s_blocksize;
==============================================
diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c
index 01c9e4f743ba..dd9c35113efe 100644
--- a/fs/ext4/inode.c
+++ b/fs/ext4/inode.c
@@ -3924,7 +3924,8 @@ int ext4_punch_hole(struct inode *inode, loff_t offset, loff_t length)
struct super_block *sb = inode->i_sb;
ext4_lblk_t first_block, stop_block;
struct address_space *mapping = inode->i_mapping;
- loff_t first_block_offset, last_block_offset;
+ loff_t first_block_offset, last_block_offset, max_length;
+ struct ext4_sb_info *sbi = EXT4_SB(inode->i_sb);
handle_t *handle;
unsigned int credits;
int ret = 0, ret2 = 0;
@@ -3967,6 +3968,16 @@ int ext4_punch_hole(struct inode *inode, loff_t offset, loff_t length)
offset;
}
+ /*
+ * For punch hole the length + offset needs to be at least within
+ * one block before last
+ */
Tadeusz Struk
Mar 15, 2022, 4:42:13 PM3/15/22
to syzbot+fcc629...@syzkaller.appspotmail.com, syzkall...@googlegroups.com, tadeus...@linaro.org
syzbot
Mar 15, 2022, 5:01:08 PM3/15/22
to syzkall...@googlegroups.com, tadeus...@linaro.org
Hello,
syzbot has tested the proposed patch and the reproducer did not trigger any issue:
Reported-and-tested-by: syzbot+fcc629...@syzkaller.appspotmail.com
Tested on:
commit: 803ff116 UPSTREAM: binder: Add invalid handle info in ..
git tree: https://android.googlesource.com/kernel/common android12-5.10
kernel config: https://syzkaller.appspot.com/x/.config?x=e24df585a058c8a4
Note: testing is done by a robot and is best-effort only.
syzbot has tested the proposed patch and the reproducer did not trigger any issue:
Reported-and-tested-by: syzbot+fcc629...@syzkaller.appspotmail.com
Tested on:
commit: 803ff116 UPSTREAM: binder: Add invalid handle info in ..
git tree: https://android.googlesource.com/kernel/common android12-5.10
kernel config: https://syzkaller.appspot.com/x/.config?x=e24df585a058c8a4
dashboard link: https://syzkaller.appspot.com/bug?extid=fcc629d1a1ae8d3fe8a5
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
patch: https://syzkaller.appspot.com/x/patch.diff?x=11dd6e55700000
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
Note: testing is done by a robot and is best-effort only.
syzbot
Mar 15, 2022, 5:15:10 PM3/15/22
to syzkall...@googlegroups.com, tadeus...@linaro.org
Hello,
syzbot has tested the proposed patch and the reproducer did not trigger any issue:
Reported-and-tested-by: syzbot+fcc629...@syzkaller.appspotmail.com
Tested on:
syzbot has tested the proposed patch and the reproducer did not trigger any issue:
Reported-and-tested-by: syzbot+fcc629...@syzkaller.appspotmail.com
Tested on:
commit: 56e337f2 Revert "gpio: Revert regression in sysfs-gpio..
git tree: upstream
kernel config: https://syzkaller.appspot.com/x/.config?x=d35f9bc6884af6c9
git tree: upstream
dashboard link: https://syzkaller.appspot.com/bug?extid=fcc629d1a1ae8d3fe8a5
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
patch: https://syzkaller.appspot.com/x/patch.diff?x=1715439d700000
compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2
syzbot
Mar 16, 2022, 12:26:15 AM3/16/22
to syzkaller-a...@googlegroups.com, syzkall...@googlegroups.com, tadeus...@linaro.org
Hello,
syzbot tried to test the proposed patch but the build/boot failed:
fs/ext4/inode.c:3975:45: error: no member named 's_blocksize' in 'struct ext4_sb_info'
syzbot tried to test the proposed patch but the build/boot failed:
Tested on:
commit: 56e337f2 Revert "gpio: Revert regression in sysfs-gpio..
dashboard link: https://syzkaller.appspot.com/bug?extid=7a806094edd5d07ba029
compiler: Debian clang version 11.0.1-2, GNU ld (GNU Binutils for Debian) 2.35.2
patch: https://syzkaller.appspot.com/x/patch.diff?x=127f7e89700000
syzbot
Mar 16, 2022, 12:34:08 AM3/16/22
to syzkaller-a...@googlegroups.com, syzkall...@googlegroups.com, tadeus...@linaro.org
Hello,
syzbot tried to test the proposed patch but the build/boot failed:
fs/ext4/inode.c:4090:45: error: no member named 's_blocksize' in 'struct ext4_sb_info'
syzbot tried to test the proposed patch but the build/boot failed:
Tested on:
commit: 803ff116 UPSTREAM: binder: Add invalid handle info in ..
git tree: https://android.googlesource.com/kernel/common android12-5.10
dashboard link: https://syzkaller.appspot.com/bug?extid=7a806094edd5d07ba029
compiler: Debian clang version 11.0.1-2, GNU ld (GNU Binutils for Debian) 2.35.2
patch: https://syzkaller.appspot.com/x/patch.diff?x=131f8bb5700000
compiler: Debian clang version 11.0.1-2, GNU ld (GNU Binutils for Debian) 2.35.2
Reply all
Reply to author
Forward
0 new messages