* [PATCH] bcachefs: fix overflow in fiemap
@ 2024-05-04 22:12 Reed Riley
2024-05-04 23:35 ` Kent Overstreet
0 siblings, 1 reply; 2+ messages in thread
From: Reed Riley @ 2024-05-04 22:12 UTC (permalink / raw)
To: linux-bcachefs
filefrag (and potentially other utilities that call fiemap) sometimes
pass ULONG_MAX as the length. fiemap_prep clamps excessively large
lengths - but the calculation of end can overflow if it occurs before
calling fiemap_prep. When this happens, filefrag assumes it has read to
the end and exits.
Signed-off-by: Reed Riley <reed@riley.engineer>
---
fs/bcachefs/fs.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/fs/bcachefs/fs.c b/fs/bcachefs/fs.c
index 4e4442bc71e3..ff01c954bff8 100644
--- a/fs/bcachefs/fs.c
+++ b/fs/bcachefs/fs.c
@@ -996,7 +996,7 @@ static int bch2_fiemap(struct inode *vinode, struct fiemap_extent_info *info,
struct btree_iter iter;
struct bkey_s_c k;
struct bkey_buf cur, prev;
- struct bpos end = POS(ei->v.i_ino, (start + len) >> 9);
+ struct bpos end;
unsigned offset_into_extent, sectors;
bool have_extent = false;
u32 snapshot;
@@ -1006,6 +1006,7 @@ static int bch2_fiemap(struct inode *vinode, struct fiemap_extent_info *info,
if (ret)
return ret;
+ end = POS(ei->v.i_ino, (start + len) >> 9);
if (start + len < start)
return -EINVAL;
--
2.44.0
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH] bcachefs: fix overflow in fiemap
2024-05-04 22:12 [PATCH] bcachefs: fix overflow in fiemap Reed Riley
@ 2024-05-04 23:35 ` Kent Overstreet
0 siblings, 0 replies; 2+ messages in thread
From: Kent Overstreet @ 2024-05-04 23:35 UTC (permalink / raw)
To: Reed Riley; +Cc: linux-bcachefs
On Sat, May 04, 2024 at 10:12:23PM +0000, Reed Riley wrote:
> filefrag (and potentially other utilities that call fiemap) sometimes
> pass ULONG_MAX as the length. fiemap_prep clamps excessively large
> lengths - but the calculation of end can overflow if it occurs before
> calling fiemap_prep. When this happens, filefrag assumes it has read to
> the end and exits.
>
> Signed-off-by: Reed Riley <reed@riley.engineer>
Applied!
> ---
> fs/bcachefs/fs.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/fs/bcachefs/fs.c b/fs/bcachefs/fs.c
> index 4e4442bc71e3..ff01c954bff8 100644
> --- a/fs/bcachefs/fs.c
> +++ b/fs/bcachefs/fs.c
> @@ -996,7 +996,7 @@ static int bch2_fiemap(struct inode *vinode, struct fiemap_extent_info *info,
> struct btree_iter iter;
> struct bkey_s_c k;
> struct bkey_buf cur, prev;
> - struct bpos end = POS(ei->v.i_ino, (start + len) >> 9);
> + struct bpos end;
> unsigned offset_into_extent, sectors;
> bool have_extent = false;
> u32 snapshot;
> @@ -1006,6 +1006,7 @@ static int bch2_fiemap(struct inode *vinode, struct fiemap_extent_info *info,
> if (ret)
> return ret;
>
> + end = POS(ei->v.i_ino, (start + len) >> 9);
> if (start + len < start)
> return -EINVAL;
>
> --
> 2.44.0
>
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2024-05-04 23:35 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-05-04 22:12 [PATCH] bcachefs: fix overflow in fiemap Reed Riley
2024-05-04 23:35 ` Kent Overstreet
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).