Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp3481762imu; Sun, 11 Nov 2018 16:05:51 -0800 (PST) X-Google-Smtp-Source: AJdET5d1QuZG7V4iVWCU+FIXvI3NCJtfnU+b+QdrAFvYXl/p3SolPclQWjCA+DwiRMnbrZt6M9Iz X-Received: by 2002:a62:6a88:: with SMTP id f130-v6mr17719881pfc.98.1541981151731; Sun, 11 Nov 2018 16:05:51 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1541981151; cv=none; d=google.com; s=arc-20160816; b=Kdxm5w3HbvCLholtQhveVtzpjI/bugV8u60YU2RewOdQK0J8OY62nxlINopi5unipG GaFAmYtKmZ4OktHvJlBWVnzVjlAFqn6UgBgwctYgwo3jbQ2nuuVh4wY/2ncWE6QA/rhO M0PDiqpWsRy4vRlOVd7O+TQxUXPkwdeCQEm2a2BRL6yMF5tjdVrTv6HkDhVqJn6tOiQA K6qOaIh7cCi8Zvu6sWhrSOV1AwU1QH4n8I5AKeYsPfSjwGRZy651PbomccM5qwkcPciV EhxPJ1XmkwZYwBY3ZVjFsbaolW0O4CYIKm+xyH9F/e5pbaRVy5eHZV2npSpGmB0lPyI3 K04Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=9pZJaoEgqWdaQvImfL84H6KL8gBD/6BIlPapBAZEy24=; b=j38sBa/fKxI/bn9ZjawHewfC72hLoou3Hz2efHHwR4+aOyChLBuHslIBB5IQ69SYiB 3BTt+I0QUJ5wc/+QIv55t0dvi6tKwSOdDWAFLbm7lzPr12P7SjTVBfpqjbe8qZzV30M8 82Yew6hsyHSlU7ar+s0PJsWKie9yZoUCeWHZExSOfPcQshUpEYo52WJW4/6MGNSqvrQl whyoOJQTWPzi8evlUKhonw6uH3h1fv0pKIxOJpJtiQKs/Cc1gICwzTiA685jZx3XsW/H Td5r1u5qi5iVtHhf8cn2dSwLJzoOUtj7fc2HHBy84zAmY4hnfGPRPU7bT8/PsjHNNpu3 yOww== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=QjH7Q9gy; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id m2-v6si17823840pfb.66.2018.11.11.16.05.36; Sun, 11 Nov 2018 16:05:51 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=QjH7Q9gy; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731973AbeKLIRo (ORCPT + 99 others); Mon, 12 Nov 2018 03:17:44 -0500 Received: from mail.kernel.org ([198.145.29.99]:34354 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731882AbeKLIRn (ORCPT ); Mon, 12 Nov 2018 03:17:43 -0500 Received: from localhost (unknown [206.108.79.134]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 9685A21582; Sun, 11 Nov 2018 22:27:47 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1541975267; bh=+52YmOB4GomOOjwFtoFDM9iQ3rqdS5dmuf5BlI7LCz4=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=QjH7Q9gyZxeFMGnzGx+W3Vc833F1sgSKhSG6DbpUWr7dbYQ06MviL7AK5vvCh7EXp TDDyiAmHSEazR7OWhH0sntWvv8zO988Hb3RHztBB1/nrXi68h80KR1Y1N/5lWflv4E 050f2CJExvOKl2/u2hw5IPHZCFrQF+vzkL8AOmnQ= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, syzbot+c61979f6f2cba5cb3c06@syzkaller.appspotmail.com, Theodore Tso , stable@kernel.org, Sasha Levin Subject: [PATCH 4.19 161/361] ext4: fix argument checking in EXT4_IOC_MOVE_EXT Date: Sun, 11 Nov 2018 14:18:28 -0800 Message-Id: <20181111221643.041052989@linuxfoundation.org> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20181111221619.915519183@linuxfoundation.org> References: <20181111221619.915519183@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.19-stable review patch. If anyone has any objections, please let me know. ------------------ From: Theodore Ts'o [ Upstream commit f18b2b83a727a3db208308057d2c7945f368e625 ] If the starting block number of either the source or destination file exceeds the EOF, EXT4_IOC_MOVE_EXT should return EINVAL. Also fixed the helper function mext_check_coverage() so that if the logical block is beyond EOF, make it return immediately, instead of looping until the block number wraps all the away around. This takes long enough that if there are multiple threads trying to do pound on an the same inode doing non-sensical things, it can end up triggering the kernel's soft lockup detector. Reported-by: syzbot+c61979f6f2cba5cb3c06@syzkaller.appspotmail.com Signed-off-by: Theodore Ts'o Cc: stable@kernel.org Signed-off-by: Sasha Levin Signed-off-by: Greg Kroah-Hartman --- fs/ext4/move_extent.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) --- a/fs/ext4/move_extent.c +++ b/fs/ext4/move_extent.c @@ -516,9 +516,13 @@ mext_check_arguments(struct inode *orig_ orig_inode->i_ino, donor_inode->i_ino); return -EINVAL; } - if (orig_eof < orig_start + *len - 1) + if (orig_eof <= orig_start) + *len = 0; + else if (orig_eof < orig_start + *len - 1) *len = orig_eof - orig_start; - if (donor_eof < donor_start + *len - 1) + if (donor_eof <= donor_start) + *len = 0; + else if (donor_eof < donor_start + *len - 1) *len = donor_eof - donor_start; if (!*len) { ext4_debug("ext4 move extent: len should not be 0 "