Received: by 2002:a25:1506:0:0:0:0:0 with SMTP id 6csp1597711ybv; Fri, 21 Feb 2020 00:01:25 -0800 (PST) X-Google-Smtp-Source: APXvYqx4nxzz0x1ZcoemPmOOcWnbt7ahH+OIRhNhnpY2XFpb8iAcDjx5uf9wyJcBs9leqbcBJVRa X-Received: by 2002:aca:3114:: with SMTP id x20mr941531oix.121.1582272085159; Fri, 21 Feb 2020 00:01:25 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1582272085; cv=none; d=google.com; s=arc-20160816; b=sBJCkxalu37kpocaTU2wKss6m+YSHUSQsfbfo2B+GTLWWBZcz/hro8xLZq9vGwxpLt owQy2uuRlTkIdmApkv1dQ2ppHj4n1XppZLbWd5oInCRNZXI1zrrtcLJ6w4v8QMY9gHFW Rtu8xhjuv4wJi16RgXSU6cm9zSzuy5elUA6duSj43k7mC5ZqMtMOVkLGB3TZHw5vNfxp LbUej9it899s95DnDNqnJJba3u1XbmxSIR0hsxKymBh4PC9WaqfJxmNlekGI6zluTeFh OreDMl0jsqFlif074ACNdNde06TNuEqM+y2SY5iBny+9LUQ6WLtWiM6AAfot2aVGqIku 7jYA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=Ovea0To0H2/PHik1v0Llw0DzfmA3681hUt/jM3pLykg=; b=finIVvWo73cWydd2XbMU7sT45fpPriBREkPU8jT+hsWN6LbcXT/J+P9eyMNrTn6ijL UfMvm/WIAph0FOsnM1M6CXhIBxLuNE2ZExI5Z5MYMYBL0cktJuAgQ3ARPsd7HhoJJbvI QjWaEi8GRKlYCEdM9mWfQHVdPkauMJqqakNDCz7mznvos8s8G1pVgX7nV0pQw0eQIAfb d+n9BEql0BOrIwDNRQol1yndkqKMrfWOdSkzALG0JtPgAguYqLYTSVrBBQ/V2kJ/wf7V dl+q9/QqNxa3ueYjOHw1vKVmyqfiYoCDYCAu1MXIhtEk8oJHNQavLRAt9TSngbp7ToUU ikpQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=FHGJma7M; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id z3si391579oib.164.2020.02.21.00.01.12; Fri, 21 Feb 2020 00:01:25 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=FHGJma7M; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730882AbgBUIBJ (ORCPT + 99 others); Fri, 21 Feb 2020 03:01:09 -0500 Received: from mail.kernel.org ([198.145.29.99]:33308 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730649AbgBUIBC (ORCPT ); Fri, 21 Feb 2020 03:01:02 -0500 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 6BBD324670; Fri, 21 Feb 2020 08:01:01 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1582272061; bh=xMt+/WZJ7JX4l2wXXyGzZfDgtpkGtXEWwqSlZvxiJAE=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=FHGJma7MRfYf8T1TInTgV45LswH5mgutdTi1vI2590SLiUjCApOltJE+oyUMkhqp9 1l7Lhv1GCnRB+cQuSWguVHbf3iux9Jed16LyULe+MnqjBmVp1Iwbnxw7vwmUbR74LU gsCsFrdInh8TC1kml7DJHkJsaSxPYgCFxg1ysxPQ= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Xiao Yang , Miklos Szeredi , Sasha Levin Subject: [PATCH 5.5 394/399] fuse: dont overflow LLONG_MAX with end offset Date: Fri, 21 Feb 2020 08:41:59 +0100 Message-Id: <20200221072438.196078759@linuxfoundation.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20200221072402.315346745@linuxfoundation.org> References: <20200221072402.315346745@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Miklos Szeredi [ Upstream commit 2f1398291bf35fe027914ae7a9610d8e601fbfde ] Handle the special case of fuse_readpages() wanting to read the last page of a hugest file possible and overflowing the end offset in the process. This is basically to unbreak xfstests:generic/525 and prevent filesystems from doing bad things with an overflowing offset. Reported-by: Xiao Yang Signed-off-by: Miklos Szeredi Signed-off-by: Sasha Levin --- fs/fuse/file.c | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/fs/fuse/file.c b/fs/fuse/file.c index 695369f46f92d..3dd37a998ea93 100644 --- a/fs/fuse/file.c +++ b/fs/fuse/file.c @@ -803,6 +803,10 @@ static int fuse_do_readpage(struct file *file, struct page *page) attr_ver = fuse_get_attr_version(fc); + /* Don't overflow end offset */ + if (pos + (desc.length - 1) == LLONG_MAX) + desc.length--; + fuse_read_args_fill(&ia, file, pos, desc.length, FUSE_READ); res = fuse_simple_request(fc, &ia.ap.args); if (res < 0) @@ -888,6 +892,14 @@ static void fuse_send_readpages(struct fuse_io_args *ia, struct file *file) ap->args.out_pages = true; ap->args.page_zeroing = true; ap->args.page_replace = true; + + /* Don't overflow end offset */ + if (pos + (count - 1) == LLONG_MAX) { + count--; + ap->descs[ap->num_pages - 1].length--; + } + WARN_ON((loff_t) (pos + count) < 0); + fuse_read_args_fill(ia, file, pos, count, FUSE_READ); ia->read.attr_ver = fuse_get_attr_version(fc); if (fc->async_read) { -- 2.20.1