linux-bcachefs.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH] bcachefs: fix overflow in fiemap
@ 2024-05-04 22:12 Reed Riley
  2024-05-04 23:35 ` Kent Overstreet
  0 siblings, 1 reply; 2+ messages in thread
From: Reed Riley @ 2024-05-04 22:12 UTC (permalink / raw)
  To: linux-bcachefs

filefrag (and potentially other utilities that call fiemap) sometimes
pass ULONG_MAX as the length.  fiemap_prep clamps excessively large
lengths - but the calculation of end can overflow if it occurs before
calling fiemap_prep.  When this happens, filefrag assumes it has read to
the end and exits.

Signed-off-by: Reed Riley <reed@riley.engineer>
---
 fs/bcachefs/fs.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/fs/bcachefs/fs.c b/fs/bcachefs/fs.c
index 4e4442bc71e3..ff01c954bff8 100644
--- a/fs/bcachefs/fs.c
+++ b/fs/bcachefs/fs.c
@@ -996,7 +996,7 @@ static int bch2_fiemap(struct inode *vinode, struct fiemap_extent_info *info,
        struct btree_iter iter;
        struct bkey_s_c k;
        struct bkey_buf cur, prev;
-       struct bpos end = POS(ei->v.i_ino, (start + len) >> 9);
+       struct bpos end;
        unsigned offset_into_extent, sectors;
        bool have_extent = false;
        u32 snapshot;
@@ -1006,6 +1006,7 @@ static int bch2_fiemap(struct inode *vinode, struct fiemap_extent_info *info,
        if (ret)
                return ret;
 
+       end = POS(ei->v.i_ino, (start + len) >> 9);
        if (start + len < start)
                return -EINVAL;
 
-- 
2.44.0


^ permalink raw reply related	[flat|nested] 2+ messages in thread
* Re: [PATCH] bcachefs: fix overflow in fiemap
  2024-05-04 22:12 [PATCH] bcachefs: fix overflow in fiemap Reed Riley
@ 2024-05-04 23:35 ` Kent Overstreet
  0 siblings, 0 replies; 2+ messages in thread
From: Kent Overstreet @ 2024-05-04 23:35 UTC (permalink / raw)
  To: Reed Riley; +Cc: linux-bcachefs

On Sat, May 04, 2024 at 10:12:23PM +0000, Reed Riley wrote:
> filefrag (and potentially other utilities that call fiemap) sometimes
> pass ULONG_MAX as the length.  fiemap_prep clamps excessively large
> lengths - but the calculation of end can overflow if it occurs before
> calling fiemap_prep.  When this happens, filefrag assumes it has read to
> the end and exits.
> 
> Signed-off-by: Reed Riley <reed@riley.engineer>

Applied!

> ---
>  fs/bcachefs/fs.c | 3 ++-
>  1 file changed, 2 insertions(+), 1 deletion(-)
> 
> diff --git a/fs/bcachefs/fs.c b/fs/bcachefs/fs.c
> index 4e4442bc71e3..ff01c954bff8 100644
> --- a/fs/bcachefs/fs.c
> +++ b/fs/bcachefs/fs.c
> @@ -996,7 +996,7 @@ static int bch2_fiemap(struct inode *vinode, struct fiemap_extent_info *info,
>         struct btree_iter iter;
>         struct bkey_s_c k;
>         struct bkey_buf cur, prev;
> -       struct bpos end = POS(ei->v.i_ino, (start + len) >> 9);
> +       struct bpos end;
>         unsigned offset_into_extent, sectors;
>         bool have_extent = false;
>         u32 snapshot;
> @@ -1006,6 +1006,7 @@ static int bch2_fiemap(struct inode *vinode, struct fiemap_extent_info *info,
>         if (ret)
>                 return ret;
>  
> +       end = POS(ei->v.i_ino, (start + len) >> 9);
>         if (start + len < start)
>                 return -EINVAL;
>  
> -- 
> 2.44.0
> 

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2024-05-04 23:35 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-05-04 22:12 [PATCH] bcachefs: fix overflow in fiemap Reed Riley
2024-05-04 23:35 ` Kent Overstreet

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).