From patchwork Thu Apr 23 10:47:53 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ritesh Harjani X-Patchwork-Id: 11505463 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id BB57F1392 for ; Thu, 23 Apr 2020 10:48:33 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id AE235208E4 for ; Thu, 23 Apr 2020 10:48:33 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727858AbgDWKsc (ORCPT ); Thu, 23 Apr 2020 06:48:32 -0400 Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]:54582 "EHLO mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727832AbgDWKsb (ORCPT ); Thu, 23 Apr 2020 06:48:31 -0400 Received: from pps.filterd (m0098393.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 03NAVee5059111 for ; Thu, 23 Apr 2020 06:48:30 -0400 Received: from e06smtp05.uk.ibm.com (e06smtp05.uk.ibm.com [195.75.94.101]) by mx0a-001b2d01.pphosted.com with ESMTP id 30gmv1v7eq-1 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 23 Apr 2020 06:48:30 -0400 Received: from localhost by e06smtp05.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Thu, 23 Apr 2020 11:47:32 +0100 Received: from b06avi18626390.portsmouth.uk.ibm.com (9.149.26.192) by e06smtp05.uk.ibm.com (192.168.101.135) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; (version=TLSv1/SSLv3 cipher=AES256-GCM-SHA384 bits=256/256) Thu, 23 Apr 2020 11:47:28 +0100 Received: from d06av25.portsmouth.uk.ibm.com (d06av25.portsmouth.uk.ibm.com [9.149.105.61]) by b06avi18626390.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 03NAlFAG63635902 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 23 Apr 2020 10:47:15 GMT Received: from d06av25.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 5DD9011C04C; Thu, 23 Apr 2020 10:48:22 +0000 (GMT) Received: from d06av25.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 6809C11C052; Thu, 23 Apr 2020 10:48:18 +0000 (GMT) Received: from localhost.localdomain.com (unknown [9.199.60.18]) by d06av25.portsmouth.uk.ibm.com (Postfix) with ESMTP; Thu, 23 Apr 2020 10:48:18 +0000 (GMT) From: Ritesh Harjani To: linux-ext4@vger.kernel.org Cc: jack@suse.cz, tytso@mit.edu, adilger@dilger.ca, darrick.wong@oracle.com, hch@infradead.org, Alexander Viro , Dan Carpenter , "Aneesh Kumar K . V" , Ritesh Harjani , Murphy Zhou , Miklos Szeredi , Amir Goldstein , linux-fsdevel@vger.kernel.org, linux-unionfs@vger.kernel.org, syzbot+77fa5bdb65cc39711820@syzkaller.appspotmail.com Subject: [PATCH 1/5] ext4: Fix EXT4_MAX_LOGICAL_BLOCK macro Date: Thu, 23 Apr 2020 16:17:53 +0530 X-Mailer: git-send-email 2.21.0 In-Reply-To: References: MIME-Version: 1.0 X-TM-AS-GCONF: 00 x-cbid: 20042310-0020-0000-0000-000003CD1B83 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 20042310-0021-0000-0000-000022261BDB Message-Id: X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.138,18.0.676 definitions=2020-04-23_07:2020-04-22,2020-04-23 signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 mlxscore=0 clxscore=1015 priorityscore=1501 impostorscore=0 adultscore=0 malwarescore=0 suspectscore=1 phishscore=0 spamscore=0 bulkscore=0 mlxlogscore=999 lowpriorityscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2003020000 definitions=main-2004230078 Sender: linux-fsdevel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-fsdevel@vger.kernel.org ext4 supports max number of logical blocks in a file to be 0xffffffff. (This is since ext4_extent's ee_block is __le32). This means that EXT4_MAX_LOGICAL_BLOCK should be 0xfffffffe (starting from 0 logical offset). This patch fixes this. The issue was seen when ext4 moved to iomap_fiemap API and when overlayfs was mounted on top of ext4. Since overlayfs was missing filemap_check_ranges(), so it could pass a arbitrary huge length which lead to overflow of map.m_len logic. This patch fixes that. Fixes: d3b6f23f7167 ("ext4: move ext4_fiemap to use iomap framework") Reported-by: syzbot+77fa5bdb65cc39711820@syzkaller.appspotmail.com Signed-off-by: Ritesh Harjani Reviewed-by: Jan Kara --- fs/ext4/ext4.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/ext4/ext4.h b/fs/ext4/ext4.h index 91eb4381cae5..ad2dbf6e4924 100644 --- a/fs/ext4/ext4.h +++ b/fs/ext4/ext4.h @@ -722,7 +722,7 @@ enum { #define EXT4_MAX_BLOCK_FILE_PHYS 0xFFFFFFFF /* Max logical block we can support */ -#define EXT4_MAX_LOGICAL_BLOCK 0xFFFFFFFF +#define EXT4_MAX_LOGICAL_BLOCK 0xFFFFFFFE /* * Structure of an inode on the disk From patchwork Thu Apr 23 10:47:54 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ritesh Harjani X-Patchwork-Id: 11505465 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 0676D15AB for ; Thu, 23 Apr 2020 10:48:44 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id EA22D208E4 for ; Thu, 23 Apr 2020 10:48:43 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727833AbgDWKsn (ORCPT ); Thu, 23 Apr 2020 06:48:43 -0400 Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]:45870 "EHLO mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727111AbgDWKsn (ORCPT ); Thu, 23 Apr 2020 06:48:43 -0400 Received: from pps.filterd (m0098393.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 03NAVdNG059028 for ; Thu, 23 Apr 2020 06:48:42 -0400 Received: from e06smtp05.uk.ibm.com (e06smtp05.uk.ibm.com [195.75.94.101]) by mx0a-001b2d01.pphosted.com with ESMTP id 30gmv1v7k8-1 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 23 Apr 2020 06:48:42 -0400 Received: from localhost by e06smtp05.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Thu, 23 Apr 2020 11:47:44 +0100 Received: from b06cxnps4075.portsmouth.uk.ibm.com (9.149.109.197) by e06smtp05.uk.ibm.com (192.168.101.135) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; (version=TLSv1/SSLv3 cipher=AES256-GCM-SHA384 bits=256/256) Thu, 23 Apr 2020 11:47:40 +0100 Received: from d06av25.portsmouth.uk.ibm.com (d06av25.portsmouth.uk.ibm.com [9.149.105.61]) by b06cxnps4075.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 03NAmXSV63635682 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 23 Apr 2020 10:48:33 GMT Received: from d06av25.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id A65B311C050; Thu, 23 Apr 2020 10:48:33 +0000 (GMT) Received: from d06av25.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 990FE11C04A; Thu, 23 Apr 2020 10:48:30 +0000 (GMT) Received: from localhost.localdomain.com (unknown [9.199.60.18]) by d06av25.portsmouth.uk.ibm.com (Postfix) with ESMTP; Thu, 23 Apr 2020 10:48:30 +0000 (GMT) From: Ritesh Harjani To: linux-ext4@vger.kernel.org Cc: jack@suse.cz, tytso@mit.edu, adilger@dilger.ca, darrick.wong@oracle.com, hch@infradead.org, Alexander Viro , Dan Carpenter , "Aneesh Kumar K . V" , Ritesh Harjani , Murphy Zhou , Miklos Szeredi , Amir Goldstein , linux-fsdevel@vger.kernel.org, linux-unionfs@vger.kernel.org Subject: [PATCH 2/5] ext4: Rename fiemap_check_ranges() to make it ext4 specific Date: Thu, 23 Apr 2020 16:17:54 +0530 X-Mailer: git-send-email 2.21.0 In-Reply-To: References: MIME-Version: 1.0 X-TM-AS-GCONF: 00 x-cbid: 20042310-0020-0000-0000-000003CD1B86 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 20042310-0021-0000-0000-000022261BDF Message-Id: <64ab9d5449f6fb96bb8633f1a40cff14ddb5614e.1587555962.git.riteshh@linux.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.138,18.0.676 definitions=2020-04-23_07:2020-04-22,2020-04-23 signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 mlxscore=0 clxscore=1015 priorityscore=1501 impostorscore=0 adultscore=0 malwarescore=0 suspectscore=1 phishscore=0 spamscore=0 bulkscore=0 mlxlogscore=999 lowpriorityscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2003020000 definitions=main-2004230078 Sender: linux-fsdevel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-fsdevel@vger.kernel.org This renames the fiemap_check_ranges() copy of function within ext4/ioctl.c to become ext4_fiemap_check_ranges(). This is required so that we can finally get rid of this duplicate version. Since overlayfs anyways need to use this in it's ovl_fiemap() function, so later patches make it available for use by others via EXPORT_SYMBOL. Signed-off-by: Ritesh Harjani Reviewed-by: Jan Kara --- fs/ext4/ioctl.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/fs/ext4/ioctl.c b/fs/ext4/ioctl.c index bfc1281fc4cb..76a2b5200ba3 100644 --- a/fs/ext4/ioctl.c +++ b/fs/ext4/ioctl.c @@ -734,7 +734,7 @@ static void ext4_fill_fsxattr(struct inode *inode, struct fsxattr *fa) } /* copied from fs/ioctl.c */ -static int fiemap_check_ranges(struct super_block *sb, +static int ext4_fiemap_check_ranges(struct super_block *sb, u64 start, u64 len, u64 *new_len) { u64 maxbytes = (u64) sb->s_maxbytes; @@ -775,7 +775,7 @@ static int ext4_ioctl_get_es_cache(struct file *filp, unsigned long arg) if (fiemap.fm_extent_count > FIEMAP_MAX_EXTENTS) return -EINVAL; - error = fiemap_check_ranges(sb, fiemap.fm_start, fiemap.fm_length, + error = ext4_fiemap_check_ranges(sb, fiemap.fm_start, fiemap.fm_length, &len); if (error) return error; From patchwork Thu Apr 23 10:47:55 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ritesh Harjani X-Patchwork-Id: 11505467 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id D825315AB for ; Thu, 23 Apr 2020 10:48:50 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id C5078208E4 for ; Thu, 23 Apr 2020 10:48:50 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726669AbgDWKsu (ORCPT ); Thu, 23 Apr 2020 06:48:50 -0400 Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]:10766 "EHLO mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1727111AbgDWKsu (ORCPT ); Thu, 23 Apr 2020 06:48:50 -0400 Received: from pps.filterd (m0098413.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 03NAaIDq107756 for ; Thu, 23 Apr 2020 06:48:48 -0400 Received: from e06smtp02.uk.ibm.com (e06smtp02.uk.ibm.com [195.75.94.98]) by mx0b-001b2d01.pphosted.com with ESMTP id 30ghu8x9cc-1 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 23 Apr 2020 06:48:48 -0400 Received: from localhost by e06smtp02.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Thu, 23 Apr 2020 11:48:10 +0100 Received: from b06cxnps4075.portsmouth.uk.ibm.com (9.149.109.197) by e06smtp02.uk.ibm.com (192.168.101.132) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; (version=TLSv1/SSLv3 cipher=AES256-GCM-SHA384 bits=256/256) Thu, 23 Apr 2020 11:48:05 +0100 Received: from d06av25.portsmouth.uk.ibm.com (d06av25.portsmouth.uk.ibm.com [9.149.105.61]) by b06cxnps4075.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 03NAmedZ59113688 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 23 Apr 2020 10:48:40 GMT Received: from d06av25.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 2788411C04A; Thu, 23 Apr 2020 10:48:40 +0000 (GMT) Received: from d06av25.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 1FBBD11C064; Thu, 23 Apr 2020 10:48:37 +0000 (GMT) Received: from localhost.localdomain.com (unknown [9.199.60.18]) by d06av25.portsmouth.uk.ibm.com (Postfix) with ESMTP; Thu, 23 Apr 2020 10:48:36 +0000 (GMT) From: Ritesh Harjani To: linux-ext4@vger.kernel.org Cc: jack@suse.cz, tytso@mit.edu, adilger@dilger.ca, darrick.wong@oracle.com, hch@infradead.org, Alexander Viro , Dan Carpenter , "Aneesh Kumar K . V" , Ritesh Harjani , Murphy Zhou , Miklos Szeredi , Amir Goldstein , linux-fsdevel@vger.kernel.org, linux-unionfs@vger.kernel.org Subject: [PATCH 3/5] vfs: EXPORT_SYMBOL for fiemap_check_ranges() Date: Thu, 23 Apr 2020 16:17:55 +0530 X-Mailer: git-send-email 2.21.0 In-Reply-To: References: MIME-Version: 1.0 X-TM-AS-GCONF: 00 x-cbid: 20042310-0008-0000-0000-00000375F52C X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 20042310-0009-0000-0000-00004A97C1E4 Message-Id: <58eee51755bb15c312c9d5935655a89466bd34ca.1587555962.git.riteshh@linux.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.138,18.0.676 definitions=2020-04-23_07:2020-04-22,2020-04-23 signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 mlxlogscore=990 suspectscore=1 bulkscore=0 spamscore=0 phishscore=0 adultscore=0 clxscore=1015 malwarescore=0 priorityscore=1501 lowpriorityscore=0 mlxscore=0 impostorscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2003020000 definitions=main-2004230078 Sender: linux-fsdevel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-fsdevel@vger.kernel.org 1. fiemap_check_ranges() is needed by ovl_fiemap() to check for ranges before calling underlying inode's ->fiemap() call. 2. With this change even ext4 can use generic fiemap_check_ranges() instead of having a duplicate copy of it. So make this EXPORT_SYMBOL for use by overlayfs. Signed-off-by: Ritesh Harjani Reviewed-by: Jan Kara --- fs/ioctl.c | 5 +++-- include/linux/fs.h | 2 ++ 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/fs/ioctl.c b/fs/ioctl.c index 282d45be6f45..f1d93263186c 100644 --- a/fs/ioctl.c +++ b/fs/ioctl.c @@ -166,8 +166,8 @@ int fiemap_check_flags(struct fiemap_extent_info *fieinfo, u32 fs_flags) } EXPORT_SYMBOL(fiemap_check_flags); -static int fiemap_check_ranges(struct super_block *sb, - u64 start, u64 len, u64 *new_len) +int fiemap_check_ranges(struct super_block *sb, u64 start, u64 len, + u64 *new_len) { u64 maxbytes = (u64) sb->s_maxbytes; @@ -187,6 +187,7 @@ static int fiemap_check_ranges(struct super_block *sb, return 0; } +EXPORT_SYMBOL(fiemap_check_ranges); static int ioctl_fiemap(struct file *filp, struct fiemap __user *ufiemap) { diff --git a/include/linux/fs.h b/include/linux/fs.h index 4f6f59b4f22a..1ea70fe07618 100644 --- a/include/linux/fs.h +++ b/include/linux/fs.h @@ -1759,6 +1759,8 @@ int fiemap_fill_next_extent(struct fiemap_extent_info *info, u64 logical, u64 phys, u64 len, u32 flags); int fiemap_check_flags(struct fiemap_extent_info *fieinfo, u32 fs_flags); +int fiemap_check_ranges(struct super_block *sb, u64 start, u64 len, + u64 *new_len); /* * This is the "filldir" function type, used by readdir() to let * the kernel specify what kind of dirent layout it wants to have. From patchwork Thu Apr 23 10:47:56 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ritesh Harjani X-Patchwork-Id: 11505469 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 5F3781392 for ; Thu, 23 Apr 2020 10:49:00 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 515F4208E4 for ; Thu, 23 Apr 2020 10:49:00 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727870AbgDWKs7 (ORCPT ); Thu, 23 Apr 2020 06:48:59 -0400 Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]:33992 "EHLO mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727121AbgDWKs6 (ORCPT ); Thu, 23 Apr 2020 06:48:58 -0400 Received: from pps.filterd (m0098404.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 03NAW5Eh092853 for ; Thu, 23 Apr 2020 06:48:58 -0400 Received: from e06smtp03.uk.ibm.com (e06smtp03.uk.ibm.com [195.75.94.99]) by mx0a-001b2d01.pphosted.com with ESMTP id 30gmua8j23-1 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 23 Apr 2020 06:48:57 -0400 Received: from localhost by e06smtp03.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Thu, 23 Apr 2020 11:48:31 +0100 Received: from b06avi18878370.portsmouth.uk.ibm.com (9.149.26.194) by e06smtp03.uk.ibm.com (192.168.101.133) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; (version=TLSv1/SSLv3 cipher=AES256-GCM-SHA384 bits=256/256) Thu, 23 Apr 2020 11:48:26 +0100 Received: from d06av25.portsmouth.uk.ibm.com (d06av25.portsmouth.uk.ibm.com [9.149.105.61]) by b06avi18878370.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 03NAmnrL66650428 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 23 Apr 2020 10:48:49 GMT Received: from d06av25.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id CEB3111C04A; Thu, 23 Apr 2020 10:48:49 +0000 (GMT) Received: from d06av25.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 85F7711C054; Thu, 23 Apr 2020 10:48:46 +0000 (GMT) Received: from localhost.localdomain.com (unknown [9.199.60.18]) by d06av25.portsmouth.uk.ibm.com (Postfix) with ESMTP; Thu, 23 Apr 2020 10:48:46 +0000 (GMT) From: Ritesh Harjani To: linux-ext4@vger.kernel.org Cc: jack@suse.cz, tytso@mit.edu, adilger@dilger.ca, darrick.wong@oracle.com, hch@infradead.org, Alexander Viro , Dan Carpenter , "Aneesh Kumar K . V" , Ritesh Harjani , Murphy Zhou , Miklos Szeredi , Amir Goldstein , linux-fsdevel@vger.kernel.org, linux-unionfs@vger.kernel.org Subject: [PATCH 4/5] overlayfs: Check for range bounds before calling i_op->fiemap() Date: Thu, 23 Apr 2020 16:17:56 +0530 X-Mailer: git-send-email 2.21.0 In-Reply-To: References: MIME-Version: 1.0 X-TM-AS-GCONF: 00 x-cbid: 20042310-0012-0000-0000-000003A9CB93 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 20042310-0013-0000-0000-000021E71F83 Message-Id: <39b4bf94f6723831a9798237bb1b4ae14da04d98.1587555962.git.riteshh@linux.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.138,18.0.676 definitions=2020-04-23_07:2020-04-22,2020-04-23 signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 bulkscore=0 priorityscore=1501 spamscore=0 lowpriorityscore=0 adultscore=0 impostorscore=0 mlxscore=0 malwarescore=0 suspectscore=1 mlxlogscore=999 clxscore=1015 phishscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2003020000 definitions=main-2004230078 Sender: linux-fsdevel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-fsdevel@vger.kernel.org Underlying fs may not be able to handle the length in fiemap beyond sb->s_maxbytes. So similar to how VFS ioctl does it, add fiemap_check_ranges() check in ovl_fiemap() as well before calling underlying fs i_op->fiemap() call. Signed-off-by: Ritesh Harjani Reviewed-by: Jan Kara Reviewed-by: Amir Goldstein --- fs/overlayfs/inode.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/fs/overlayfs/inode.c b/fs/overlayfs/inode.c index 79e8994e3bc1..9bcd2e96faad 100644 --- a/fs/overlayfs/inode.c +++ b/fs/overlayfs/inode.c @@ -455,16 +455,21 @@ static int ovl_fiemap(struct inode *inode, struct fiemap_extent_info *fieinfo, int err; struct inode *realinode = ovl_inode_real(inode); const struct cred *old_cred; + u64 length; if (!realinode->i_op->fiemap) return -EOPNOTSUPP; + err = fiemap_check_ranges(realinode->i_sb, start, len, &length); + if (err) + return err; + old_cred = ovl_override_creds(inode->i_sb); if (fieinfo->fi_flags & FIEMAP_FLAG_SYNC) filemap_write_and_wait(realinode->i_mapping); - err = realinode->i_op->fiemap(realinode, fieinfo, start, len); + err = realinode->i_op->fiemap(realinode, fieinfo, start, length); revert_creds(old_cred); return err; From patchwork Thu Apr 23 10:47:57 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ritesh Harjani X-Patchwork-Id: 11505471 Return-Path: Received: from mail.kernel.org (pdx-korg-mail-1.web.codeaurora.org [172.30.200.123]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 375791392 for ; Thu, 23 Apr 2020 10:49:05 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 2B02C20857 for ; Thu, 23 Apr 2020 10:49:05 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727875AbgDWKtE (ORCPT ); Thu, 23 Apr 2020 06:49:04 -0400 Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]:43170 "EHLO mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727111AbgDWKtE (ORCPT ); Thu, 23 Apr 2020 06:49:04 -0400 Received: from pps.filterd (m0098410.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 03NAXUft143755 for ; Thu, 23 Apr 2020 06:49:03 -0400 Received: from e06smtp03.uk.ibm.com (e06smtp03.uk.ibm.com [195.75.94.99]) by mx0a-001b2d01.pphosted.com with ESMTP id 30k09wf99h-1 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT) for ; Thu, 23 Apr 2020 06:49:03 -0400 Received: from localhost by e06smtp03.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Thu, 23 Apr 2020 11:48:36 +0100 Received: from b06cxnps4075.portsmouth.uk.ibm.com (9.149.109.197) by e06smtp03.uk.ibm.com (192.168.101.133) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; (version=TLSv1/SSLv3 cipher=AES256-GCM-SHA384 bits=256/256) Thu, 23 Apr 2020 11:48:31 +0100 Received: from d06av25.portsmouth.uk.ibm.com (d06av25.portsmouth.uk.ibm.com [9.149.105.61]) by b06cxnps4075.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 03NAms6t59900112 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 23 Apr 2020 10:48:54 GMT Received: from d06av25.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id A711611C052; Thu, 23 Apr 2020 10:48:54 +0000 (GMT) Received: from d06av25.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 9370311C050; Thu, 23 Apr 2020 10:48:51 +0000 (GMT) Received: from localhost.localdomain.com (unknown [9.199.60.18]) by d06av25.portsmouth.uk.ibm.com (Postfix) with ESMTP; Thu, 23 Apr 2020 10:48:51 +0000 (GMT) From: Ritesh Harjani To: linux-ext4@vger.kernel.org Cc: jack@suse.cz, tytso@mit.edu, adilger@dilger.ca, darrick.wong@oracle.com, hch@infradead.org, Alexander Viro , Dan Carpenter , "Aneesh Kumar K . V" , Ritesh Harjani , Murphy Zhou , Miklos Szeredi , Amir Goldstein , linux-fsdevel@vger.kernel.org, linux-unionfs@vger.kernel.org Subject: [PATCH 5/5] ext4: Get rid of ext4_fiemap_check_ranges Date: Thu, 23 Apr 2020 16:17:57 +0530 X-Mailer: git-send-email 2.21.0 In-Reply-To: References: MIME-Version: 1.0 X-TM-AS-GCONF: 00 x-cbid: 20042310-0012-0000-0000-000003A9CB98 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 20042310-0013-0000-0000-000021E71F88 Message-Id: X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.138,18.0.676 definitions=2020-04-23_07:2020-04-22,2020-04-23 signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 lowpriorityscore=0 suspectscore=1 phishscore=0 clxscore=1015 adultscore=0 mlxlogscore=999 bulkscore=0 impostorscore=0 spamscore=0 mlxscore=0 priorityscore=1501 malwarescore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2003020000 definitions=main-2004230082 Sender: linux-fsdevel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-fsdevel@vger.kernel.org Now that fiemap_check_ranges() is available for other filesystems to use, so get rid of ext4's private version. Signed-off-by: Ritesh Harjani Reviewed-by: Jan Kara --- fs/ext4/ioctl.c | 25 +------------------------ 1 file changed, 1 insertion(+), 24 deletions(-) diff --git a/fs/ext4/ioctl.c b/fs/ext4/ioctl.c index 76a2b5200ba3..6a7d7e9027cd 100644 --- a/fs/ext4/ioctl.c +++ b/fs/ext4/ioctl.c @@ -733,29 +733,6 @@ static void ext4_fill_fsxattr(struct inode *inode, struct fsxattr *fa) fa->fsx_projid = from_kprojid(&init_user_ns, ei->i_projid); } -/* copied from fs/ioctl.c */ -static int ext4_fiemap_check_ranges(struct super_block *sb, - u64 start, u64 len, u64 *new_len) -{ - u64 maxbytes = (u64) sb->s_maxbytes; - - *new_len = len; - - if (len == 0) - return -EINVAL; - - if (start > maxbytes) - return -EFBIG; - - /* - * Shrink request scope to what the fs can actually handle. - */ - if (len > maxbytes || (maxbytes - len) < start) - *new_len = maxbytes - start; - - return 0; -} - /* So that the fiemap access checks can't overflow on 32 bit machines. */ #define FIEMAP_MAX_EXTENTS (UINT_MAX / sizeof(struct fiemap_extent)) @@ -775,7 +752,7 @@ static int ext4_ioctl_get_es_cache(struct file *filp, unsigned long arg) if (fiemap.fm_extent_count > FIEMAP_MAX_EXTENTS) return -EINVAL; - error = ext4_fiemap_check_ranges(sb, fiemap.fm_start, fiemap.fm_length, + error = fiemap_check_ranges(sb, fiemap.fm_start, fiemap.fm_length, &len); if (error) return error;