| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20251224-hinspiel-filzstift-d659293ee101@brauner>
Date: Wed, 24 Dec 2025 13:59:51 +0100
From: Christian Brauner <brauner@...nel.org>
To: Matteo Croce <technoboy85@...il.com>
Cc: Christian Brauner <brauner@...nel.org>,
linux-kernel@...r.kernel.org,
linux-fsdevel@...r.kernel.org,
Alexander Viro <viro@...iv.linux.org.uk>
Subject: Re: [PATCH] fs: fix overflow check in rw_verify_area()
On Fri, 19 Dec 2025 13:52:50 +0100, Matteo Croce wrote:
> The overflow check in rw_verify_area() can itself overflow when
> pos + count > LLONG_MAX, causing the sum to wrap to a negative value
> and incorrectly return -EINVAL.
>
> This can be reproduced easily by creating a 20 MB file and reading it
> via splice() and a size of 0x7FFFFFFFFF000000. The syscall fails
> when the file pos reaches 16 MB.
>
> [...]
Applied to the vfs.fixes branch of the vfs/vfs.git tree.
Patches in the vfs.fixes branch should appear in linux-next soon.
Please report any outstanding bugs that were missed during review in a
new review to the original patch series allowing us to drop it.
It's encouraged to provide Acked-bys and Reviewed-bys even though the
patch has now been applied. If possible patch trailers will be updated.
Note that commit hashes shown below are subject to change due to rebase,
trailer updates or similar. If in doubt, please check the listed branch.
tree: https://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs.git
branch: vfs.fixes
[1/1] fs: fix overflow check in rw_verify_area()
https://git.kernel.org/vfs/vfs/c/d77e4d49e5f0
Powered by blists - more mailing lists