ext4: limit length to bitmap_maxbytes - blocksize in punch_hole - BMC/Intel-BMC/linux.git - Intel OpenBMC Linux kernel source tree (mirror)

diff options

author	Tadeusz Struk <tadeusz.struk@linaro.org>	2022-03-31 23:05:15 +0300
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2022-04-27 15:39:01 +0300
commit	9b90003771e5112e73d362ba4f4df03c7064ddc9 (patch)
tree	62b7ff6dba99c276932207fcacc34745d6cf938e /Documentation
parent	e3912775b4766a81cc80279ccb3740d514926ad0 (diff)
download	linux-9b90003771e5112e73d362ba4f4df03c7064ddc9.tar.xz

ext4: limit length to bitmap_maxbytes - blocksize in punch_hole

commit 2da376228a2427501feb9d15815a45dbdbdd753e upstream. Syzbot found an issue [1] in ext4_fallocate(). The C reproducer [2] calls fallocate(), passing size 0xffeffeff000ul, and offset 0x1000000ul, which, when added together exceed the bitmap_maxbytes for the inode. This triggers a BUG in ext4_ind_remove_space(). According to the comments in this function the 'end' parameter needs to be one block after the last block to be removed. In the case when the BUG is triggered it points to the last block. Modify the ext4_punch_hole() function and add constraint that caps the length to satisfy the one before laster block requirement. LINK: [1] https://syzkaller.appspot.com/bug?id=b80bd9cf348aac724a4f4dff251800106d721331 LINK: [2] https://syzkaller.appspot.com/text?tag=ReproC&x=14ba0238700000 Fixes: a4bb6b64e39a ("ext4: enable "punch hole" functionality") Reported-by: syzbot+7a806094edd5d07ba029@syzkaller.appspotmail.com Signed-off-by: Tadeusz Struk <tadeusz.struk@linaro.org> Link: https://lore.kernel.org/r/20220331200515.153214-1-tadeusz.struk@linaro.org Signed-off-by: Theodore Ts'o <tytso@mit.edu> Cc: stable@kernel.org Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Diffstat (limited to 'Documentation')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: