[PATCH v3] ext4: limit length to bitmap_maxbytes - blocksize in punch_hole
1 view
Skip to first unread message
Tadeusz Struk
Mar 31, 2022, 4:10:26 PM3/31/22
to syzbot+7a8060...@syzkaller.appspotmail.com, syzkaller-a...@googlegroups.com, tadeus...@linaro.org
#syz test: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
=======================================
index 1ce13f69fbec..60bf31765d07 100644
--- a/fs/ext4/inode.c
+++ b/fs/ext4/inode.c
@@ -3958,7 +3958,8 @@ int ext4_punch_hole(struct inode *inode, loff_t offset, loff_t length)
struct super_block *sb = inode->i_sb;
ext4_lblk_t first_block, stop_block;
struct address_space *mapping = inode->i_mapping;
- loff_t first_block_offset, last_block_offset;
+ loff_t first_block_offset, last_block_offset, max_length;
+ struct ext4_sb_info *sbi = EXT4_SB(inode->i_sb);
handle_t *handle;
unsigned int credits;
int ret = 0, ret2 = 0;
@@ -4001,6 +4002,14 @@ int ext4_punch_hole(struct inode *inode, loff_t offset, loff_t length)
offset;
}
+ /*
+ * For punch hole the length + offset needs to be within one block
+ * before last range. Adjust the length if it goes beyond that limit.
+ */
+ max_length = sbi->s_bitmap_maxbytes - inode->i_sb->s_blocksize;
+ if (offset + length > max_length)
+ length = max_length - offset;
+
if (offset & (sb->s_blocksize - 1) ||
(offset + length) & (sb->s_blocksize - 1)) {
/*
--
2.35.1
=======================================
index 1ce13f69fbec..60bf31765d07 100644
--- a/fs/ext4/inode.c
+++ b/fs/ext4/inode.c
@@ -3958,7 +3958,8 @@ int ext4_punch_hole(struct inode *inode, loff_t offset, loff_t length)
struct super_block *sb = inode->i_sb;
ext4_lblk_t first_block, stop_block;
struct address_space *mapping = inode->i_mapping;
- loff_t first_block_offset, last_block_offset;
+ loff_t first_block_offset, last_block_offset, max_length;
+ struct ext4_sb_info *sbi = EXT4_SB(inode->i_sb);
handle_t *handle;
unsigned int credits;
int ret = 0, ret2 = 0;
@@ -4001,6 +4002,14 @@ int ext4_punch_hole(struct inode *inode, loff_t offset, loff_t length)
offset;
}
+ /*
+ * For punch hole the length + offset needs to be within one block
+ * before last range. Adjust the length if it goes beyond that limit.
+ */
+ max_length = sbi->s_bitmap_maxbytes - inode->i_sb->s_blocksize;
+ if (offset + length > max_length)
+ length = max_length - offset;
+
if (offset & (sb->s_blocksize - 1) ||
(offset + length) & (sb->s_blocksize - 1)) {
/*
--
2.35.1
syzbot
Mar 31, 2022, 10:50:08 PM3/31/22
to syzkaller-a...@googlegroups.com, tadeus...@linaro.org
Hello,
syzbot has tested the proposed patch and the reproducer did not trigger any issue:
Reported-and-tested-by: syzbot+7a8060...@syzkaller.appspotmail.com
Tested on:
commit: e8b767f5 Merge tag 'for-linus-5.18-rc1' of git://git.k..
git tree: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
kernel config: https://syzkaller.appspot.com/x/.config?x=f25291aab6dcd24e
dashboard link: https://syzkaller.appspot.com/bug?extid=7a806094edd5d07ba029
compiler: Debian clang version 11.0.1-2, GNU ld (GNU Binutils for Debian) 2.35.2
patch: https://syzkaller.appspot.com/x/patch.diff?x=1480d353700000
Note: testing is done by a robot and is best-effort only.
syzbot has tested the proposed patch and the reproducer did not trigger any issue:
Reported-and-tested-by: syzbot+7a8060...@syzkaller.appspotmail.com
Tested on:
commit: e8b767f5 Merge tag 'for-linus-5.18-rc1' of git://git.k..
git tree: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
kernel config: https://syzkaller.appspot.com/x/.config?x=f25291aab6dcd24e
dashboard link: https://syzkaller.appspot.com/bug?extid=7a806094edd5d07ba029
compiler: Debian clang version 11.0.1-2, GNU ld (GNU Binutils for Debian) 2.35.2
patch: https://syzkaller.appspot.com/x/patch.diff?x=1480d353700000
Note: testing is done by a robot and is best-effort only.
Tadeusz Struk
Apr 4, 2022, 1:30:56 PM4/4/22
to syzbot+7a8060...@syzkaller.appspotmail.com, syzkaller
#syz fix: ext4: limit length to bitmap_maxbytes - blocksize in punch_hole
Reply all
Reply to author
Forward
0 new messages