Received: by 2002:a05:6358:3188:b0:123:57c1:9b43 with SMTP id q8csp559670rwd; Sat, 20 May 2023 02:39:56 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ50DrmlihpRNZbEDKv7wBmHN8lL31mPmz3URtP2pVA1c6eWPPZ63JvSsVCvI0He8sEJPUmG X-Received: by 2002:a05:6a20:9147:b0:106:93b:aa9a with SMTP id x7-20020a056a20914700b00106093baa9amr5673342pzc.48.1684575596565; Sat, 20 May 2023 02:39:56 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1684575596; cv=none; d=google.com; s=arc-20160816; b=kBz8kh+r7dON0PMV0Kv6o01zHvfTZHevM0oNtNYSEBiIavoi0KXhKgQ4nyGjtwswbt lNtB+1pQI2vsYDYQZG8mZh2tGy75opGOQ6QL6KHky5ijtdgetkBlh0kQ2FT40zTzumzO NHbdo+6LvXKe+McD7VEzirhpf/xCluQwqca1Umt86a3uzWxUpmXMh+5XY0pvA6s+Wkpw L7olCKF9PiwnRaHF8vLCahlasFjbO+rD1fqutzHYjipZmtJGzrmxRwsQZgT5KYZ6hTVx fQ47tpn+n3T3PWcMpYBC3PJX+tcpued6d79q5E1a4yLFemrV6WWbpHatW1f6tsMslWa/ fx1A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=IhSX6TXpF35/GvnFLloDn/3SXtUDhj0qJzBie2Mlaww=; b=swcidyrGPIo+79akwPsBymoeghMA+ris5gAylHqMN5EogHcc4Rl+rKAqEPIJRaFr9Y j5Dh8lcOBkK5Lv0Aoyhh4vNpXUFz0Dz3Uj9p47DKaEtieNtAX+y1fj4Ef4cOmChsm3i9 xZgJeabcfjZRUHFBpKFuMJ+xBJ5X1yNKQztcENpK/fxqlq8BXROmzSHuCZUmQSS0wx2d Cync5gHNtkUD8Su4TfK+XUDGao7MEdkECOxyyDsyJDSjcFesXjF6h6tS1wlWyN3batTg 3fZUQKom91+z1zH6KvDYnYxwvxQouMs8tyQKiylvXn0Wems/wpiywxJ3Rl93rAKqDQ2g TSIA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=eYWLBFhT; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id n7-20020a6543c7000000b00518cf8916e2si1272316pgp.415.2023.05.20.02.39.38; Sat, 20 May 2023 02:39:56 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=eYWLBFhT; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230331AbjETJVU (ORCPT + 99 others); Sat, 20 May 2023 05:21:20 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41728 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229548AbjETJVS (ORCPT ); Sat, 20 May 2023 05:21:18 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 85DDB103; Sat, 20 May 2023 02:21:17 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id F03BA61155; Sat, 20 May 2023 09:21:16 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 005DDC433EF; Sat, 20 May 2023 09:21:11 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1684574476; bh=1sk3KywmldKzQSQt90JNPQOI5X1ZWPtE36C3dU9orHM=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=eYWLBFhTwx1fR7Cz/5zG9pwLY+6U2pv9KX0owdf1450WutM3cJyiNdY4rcV1Aawm2 p72IcCpaimXVM4z+BiA0BX8BUYnw9tENkwNqpcid6Zpq3trS1XZavJi2ifTXO04UA2 XpphECjMHAyUP3W1Z2d6eJZ7evjMRFXuvBLcmsvxy96Q30fXTwvMLzYyqix16yi0zI jhVuGGD5CnY5nU0uBgfUYqmOUnJda4b5xIIl5FvnuB67fZxVL/UirSpknicVuJKsOS dW4ifc4rYuoJayLJuvSKpFr74JYHfUW95tBipXt3wXPh/Vtd3L+WO+YKZ1Ls0cgIFp tVmYwsuyzQwvg== Date: Sat, 20 May 2023 11:21:08 +0200 From: Christian Brauner To: David Howells Cc: Jens Axboe , Al Viro , Christoph Hellwig , Matthew Wilcox , Jan Kara , Jeff Layton , David Hildenbrand , Jason Gunthorpe , Logan Gunthorpe , Hillf Danton , Linus Torvalds , linux-fsdevel@vger.kernel.org, linux-block@vger.kernel.org, linux-kernel@vger.kernel.org, linux-mm@kvack.org, Christoph Hellwig , Steve French , John Hubbard Subject: Re: [PATCH v21 02/30] splice: Make filemap_splice_read() check s_maxbytes Message-ID: <20230520-abzweigen-jurymitglied-600e651d784b@brauner> References: <20230520000049.2226926-1-dhowells@redhat.com> <20230520000049.2226926-3-dhowells@redhat.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <20230520000049.2226926-3-dhowells@redhat.com> X-Spam-Status: No, score=-4.4 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_MED, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sat, May 20, 2023 at 01:00:21AM +0100, David Howells wrote: > Make filemap_splice_read() check s_maxbytes analogously to filemap_read(). > > Signed-off-by: David Howells > cc: Christoph Hellwig > cc: Steve French > cc: Jens Axboe > cc: Al Viro > cc: David Hildenbrand > cc: John Hubbard > cc: linux-mm@kvack.org > cc: linux-block@vger.kernel.org > cc: linux-fsdevel@vger.kernel.org > --- > mm/filemap.c | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/mm/filemap.c b/mm/filemap.c > index a2006936a6ae..0fcb0b80c2e2 100644 > --- a/mm/filemap.c > +++ b/mm/filemap.c > @@ -2887,6 +2887,9 @@ ssize_t filemap_splice_read(struct file *in, loff_t *ppos, > bool writably_mapped; > int i, error = 0; > > + if (unlikely(*ppos >= in->f_mapping->host->i_sb->s_maxbytes)) Pointer deref galore Reviewed-by: Christian Brauner