| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 15 Mar 2022 14:38:57 -0700
From: Tadeusz Struk <tadeusz.struk@...aro.org>
To: syzbot+fcc629d1a1ae8d3fe8a5@...kaller.appspotmail.com
Cc: syzkaller-bugs@...glegroups.com, adilger.kernel@...ger.ca,
linux-ext4@...r.kernel.org, tytso@....edu,
Tadeusz Struk <tadeusz.struk@...aro.org>
Subject: [PATCH v2] ext4: check if offset+length is within valid fallocate
#syz test: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master
==============================================
diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c
index 01c9e4f743ba..355384007d11 100644
--- a/fs/ext4/inode.c
+++ b/fs/ext4/inode.c
@@ -3924,7 +3924,8 @@ int ext4_punch_hole(struct inode *inode, loff_t offset, loff_t length)
struct super_block *sb = inode->i_sb;
ext4_lblk_t first_block, stop_block;
struct address_space *mapping = inode->i_mapping;
- loff_t first_block_offset, last_block_offset;
+ loff_t first_block_offset, last_block_offset, max_length;
+ struct ext4_sb_info *sbi = EXT4_SB(inode->i_sb);
handle_t *handle;
unsigned int credits;
int ret = 0, ret2 = 0;
@@ -3967,6 +3968,16 @@ int ext4_punch_hole(struct inode *inode, loff_t offset, loff_t length)
offset;
}
+ /*
+ * For punch hole the length + offset needs to be at least within
+ * one block before last
+ */
+ max_length = sbi->s_bitmap_maxbytes - inode->i_sb->s_blocksize;
+ if (offset + length >= max_length) {
+ ret = -ENOSPC;
+ goto out_mutex;
+ }
+
if (offset & (sb->s_blocksize - 1) ||
(offset + length) & (sb->s_blocksize - 1)) {
/*
--
2.35.1
Powered by blists - more mailing lists