Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp2982545imu; Mon, 19 Nov 2018 08:58:15 -0800 (PST) X-Google-Smtp-Source: AJdET5ePvR53xdNj5KpwgdIwTplDc6LdLe5ft2plbZ8I+3tcBIziijE1xUExqlOF3OhLGaNIuyMe X-Received: by 2002:a62:302:: with SMTP id 2-v6mr24419502pfd.135.1542646695360; Mon, 19 Nov 2018 08:58:15 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1542646695; cv=none; d=google.com; s=arc-20160816; b=Ad6usQfvP1o1Yy0kpUSnCnH7u0bJpSPX3WzgMVn+dcwiuCmOiwJn1FDNW9tP8eTuGJ M3R6O8KnwZ1BcU8qJzgMBULv6cfsqAB2AT/itb+VNWH0CXQ93CpHW1rfGiPYK6TWBzWH DvTP6hn4Vy+WAJ54+dzNponZBHvddLluXJOd6uaVN3NgnQxyc/1dL/b+2CLfyWO49ChY Wn2tJDpyJn5YpHUiuXpWfIQb7HdVHGDadcrK1sabCzmp3BaQOzpxCqGtQLYOdqengNKk 3IOuibaBxuFe8W++xxQGK3qWzXNfPh/NszDD7sBIU7Zy1LdPTE08cvWq+lUqy+L47WtB oKog== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=h6t9UpSufih0QWbW1CTbT3jAi/86xtPaYF0BYQ696BE=; b=hRzE9e0ZSf4o+fS/UYUwqUEXzO0nzGPdGo9/bRAR3jTQSBxwfgz+BfwGRX9cfVd5d8 q8df3ijljy7s4JMB9jXHTdJikhgFnbRon71jUR4SKRyuk9F7GuyKUGpPZ7UqU6Wd0s2Q aIvAkeiNgiYOM+h9LJRqccUF+7R22vvKqNVHfj0QlUq1x/8qlJpYgCtdbySK+8e5JSVU MDMXq675m4ctASDLAwIgOV5DkIlZ79JLJ2XOJdhZS9Z65ZpSiv4MLVDMOe8zLpKv00JV dJVfet6DGQSphxtDHBJ+nq+nVfAc4DUmc8J2v1oTqkdBOeYRZhEl3XkWLFNFJmap6SDS GUAA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=bigL4NeA; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id e7si24286092pfh.147.2018.11.19.08.58.00; Mon, 19 Nov 2018 08:58:15 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=bigL4NeA; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2404523AbeKTDVj (ORCPT + 99 others); Mon, 19 Nov 2018 22:21:39 -0500 Received: from mail.kernel.org ([198.145.29.99]:33068 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2403956AbeKTDVg (ORCPT ); Mon, 19 Nov 2018 22:21:36 -0500 Received: from localhost (5356596B.cm-6-7b.dynamic.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 0F30021104; Mon, 19 Nov 2018 16:57:20 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1542646641; bh=4BDPqXgOI21Q0kAbAx+EfIDdm6f8G0BtJ+L/+m+pO6U=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=bigL4NeAsJu0UP2XkBeFigQEYTXMfYXupE2lA1yvs9i2/EZ0BgTleso6f3qzPGiXI bvyq/jblyw+egz6SCAO6jga0B3T4dQ5UBGW2sZZvlmW02qr4QXMTGu4K0xlMTvCDXJ 91kQYTmXf1LmSPHwVqDD0FK2nrw6pnXV2NH1Yujo= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, syzbot+c61979f6f2cba5cb3c06@syzkaller.appspotmail.com, Theodore Tso , stable@kernel.org, Sasha Levin Subject: [PATCH 4.4 035/160] ext4: fix argument checking in EXT4_IOC_MOVE_EXT Date: Mon, 19 Nov 2018 17:27:54 +0100 Message-Id: <20181119162634.359380147@linuxfoundation.org> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20181119162630.031306128@linuxfoundation.org> References: <20181119162630.031306128@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.4-stable review patch. If anyone has any objections, please let me know. ------------------ From: Theodore Ts'o [ Upstream commit f18b2b83a727a3db208308057d2c7945f368e625 ] If the starting block number of either the source or destination file exceeds the EOF, EXT4_IOC_MOVE_EXT should return EINVAL. Also fixed the helper function mext_check_coverage() so that if the logical block is beyond EOF, make it return immediately, instead of looping until the block number wraps all the away around. This takes long enough that if there are multiple threads trying to do pound on an the same inode doing non-sensical things, it can end up triggering the kernel's soft lockup detector. Reported-by: syzbot+c61979f6f2cba5cb3c06@syzkaller.appspotmail.com Signed-off-by: Theodore Ts'o Cc: stable@kernel.org Signed-off-by: Sasha Levin Signed-off-by: Greg Kroah-Hartman --- fs/ext4/move_extent.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) --- a/fs/ext4/move_extent.c +++ b/fs/ext4/move_extent.c @@ -526,9 +526,13 @@ mext_check_arguments(struct inode *orig_ orig_inode->i_ino, donor_inode->i_ino); return -EINVAL; } - if (orig_eof < orig_start + *len - 1) + if (orig_eof <= orig_start) + *len = 0; + else if (orig_eof < orig_start + *len - 1) *len = orig_eof - orig_start; - if (donor_eof < donor_start + *len - 1) + if (donor_eof <= donor_start) + *len = 0; + else if (donor_eof < donor_start + *len - 1) *len = donor_eof - donor_start; if (!*len) { ext4_debug("ext4 move extent: len should not be 0 "