Received: by 2002:ab2:6857:0:b0:1ef:ffd0:ce49 with SMTP id l23csp2400084lqp; Sun, 24 Mar 2024 17:53:36 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCVpWMClkEPAakiiKOMAGXxyiRrmBSycoXaprbdVAKQFQp/xzJjZAGnsBSWQW8hSh5bW97Gw5azF5BS5Hwnhe8u1bkxTZMrJfLGhZkPY3g== X-Google-Smtp-Source: AGHT+IGadLguLAlFgES7S/tP+dOABZky/wRw6/CCFIetPjybSRXYE/8H1w+zLh+vYf7JK9skZuSC X-Received: by 2002:a17:90b:f08:b0:29b:c2b3:2712 with SMTP id br8-20020a17090b0f0800b0029bc2b32712mr3822413pjb.26.1711328015930; Sun, 24 Mar 2024 17:53:35 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1711328015; cv=pass; d=google.com; s=arc-20160816; b=mCaarmualFO9SJ7Lm6kRvoL0xc6odhjalh9dJ12v/ra90zWjyUBicDuOGv90ZCC5z/ kFFWwgBux/X+w6V896KuOgDNYVTG86ufEEI1+shMTiU2g4KlHmyigzuQioIumrcZdw+Q sMDdD0M3r7e/b/0JUSS+tdToM7xY8JMGIpPCOtFOgQ3Z0BDXW2nW1DygTmLtpqm7HDCp OKeCe1k3PKQvQGbAbGMQEUqX7kQ+Xagk4Vgk581EYJzTYhCnILMa7bTC9GmMFCiV5qaT jE0z9tHVwWMzlmkCnFGdrddkNizpXB2ZlDW8zfqW2BMM7msQuOJlqGPJnLJOJkObueJV soew== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from:dkim-signature; bh=bEZTgkyJqmnQzF5uTZx8EICBN9sykBGUFfgdjoiYMQo=; fh=nJt67uS+w5opTW9/d+MjvIOuH4pZwKFFKJXuDl8dhFs=; b=fa92jeahiaJmtA+IqRwOXJ2zNtilx2R50ffgv32yRiJyEXTp8K4E5wY3SO5nsCjh3o dMtHwNmFToUuwKvZsewnXS5QWBM3J/GKsf3qJTDJ7L0bgyYMap83jSd+h6zOT2Y+TM7v 3RvYy6FO3Mo4ByHwdr69q4UKRNbKZlxy4KwDGEcsm3UUXUtiVTvRQorJxgMtEx7L5wBl fqLrmFSmVlaadSSrU8h2TupsPCuURS/L704yIOE+4aFN8ftCSVnCDaiD4qOnyYb1Nz9Z C8ZddqDRfbCihoCpOvEtnf6S0DwUeyaU0RioQDwl709m6L3GrIt8l7rxqwbCHXANYHak fO4g==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=k+CbfoXI; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-113497-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-113497-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [139.178.88.99]) by mx.google.com with ESMTPS id p5-20020a17090ab90500b002a01f12cd5esi6581878pjr.156.2024.03.24.17.53.35 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 24 Mar 2024 17:53:35 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-113497-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) client-ip=139.178.88.99; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=k+CbfoXI; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-113497-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-113497-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id 60FE22844D5 for ; Mon, 25 Mar 2024 00:51:29 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 563FE13D52B; Sun, 24 Mar 2024 22:45:00 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="k+CbfoXI" Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4F42013D50C; Sun, 24 Mar 2024 22:44:59 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711320299; cv=none; b=borPn10bTzXhaGEcRStmuv/X4xtNs0TD/tDzlMgRPb3EUGgUdpdeM/c0xUV72nZ4dwecqNyxHkXLPqX9qTQQHFkox66bnM8d3Oie3TRfIsdq9g3vGzD0hcwuTbJkC/Y/Owy9stMtcvWl8jszOPp9XK1XZHgXv2SuUNLgFgNQaGg= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1711320299; c=relaxed/simple; bh=BFLrM6VzIQ/SvkmNCVyRKM9OQn5i2ec6bYhmnanVnZM=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=sgEBZ55rMvHBV/Fc04wWnh5fPD628YYqolOkWCBFPLeBzJ3sUVKWVGVhb3HWKoxXrwY7YhNvw5nUxsS2e6kOHre6DjpaQjI9ZW3MIrWQofnBqIMm+KbCAvs9Mp2nYlgjSe5WNzkJOOJwj+4JJQVFiPaBiNtkjacOGzPQ9LzC3LU= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=k+CbfoXI; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPSA id 4ED94C433F1; Sun, 24 Mar 2024 22:44:58 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1711320298; bh=BFLrM6VzIQ/SvkmNCVyRKM9OQn5i2ec6bYhmnanVnZM=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=k+CbfoXIGFwySHmAsdjdoWHukm7+7lUlanrRB5HQz9FzJsrEnNuISokt+w8aj2o2U WoKbEMsseRxHCH3pTlgSVI55DMQqWR1SlwiZEZrJCpR64Mu06SQiXsd+q0bAN2lKK/ wnrgJpADI4XZOf9hOKzFU+WDS9uZypZPrPINkWtNs0F3cUuCEIr9d5qmkT/1VXDkS0 +gBBz1tmnzaDntrIbw0CRDWSiGW+1dglsgbOgCzPdbZuMnSJ41d1HE6fEawshgRomO PDFu6joZR3hOsuXyLimVWcgdIfKsUILFMP7gMs0vTIW+aQMZEUzPiggUob+QOFcogJ HQiydz/k+EBwg== From: Sasha Levin To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Cc: Amir Goldstein , syzbot+3abd99031b42acf367ef@syzkaller.appspotmail.com, Sasha Levin Subject: [PATCH 6.8 606/715] ovl: relax WARN_ON in ovl_verify_area() Date: Sun, 24 Mar 2024 18:33:05 -0400 Message-ID: <20240324223455.1342824-607-sashal@kernel.org> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20240324223455.1342824-1-sashal@kernel.org> References: <20240324223455.1342824-1-sashal@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-stable: review X-Patchwork-Hint: Ignore Content-Transfer-Encoding: 8bit From: Amir Goldstein [ Upstream commit 77a28aa476873048024ad56daf8f4f17d58ee48e ] syzbot hit an assertion in copy up data loop which looks like it is the result of a lower file whose size is being changed underneath overlayfs. This type of use case is documented to cause undefined behavior, so returning EIO error for the copy up makes sense, but it should not be causing a WARN_ON assertion. Reported-and-tested-by: syzbot+3abd99031b42acf367ef@syzkaller.appspotmail.com Fixes: ca7ab482401c ("ovl: add permission hooks outside of do_splice_direct()") Signed-off-by: Amir Goldstein Signed-off-by: Sasha Levin --- fs/overlayfs/copy_up.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/fs/overlayfs/copy_up.c b/fs/overlayfs/copy_up.c index 8586e2f5d2439..0762575a1e708 100644 --- a/fs/overlayfs/copy_up.c +++ b/fs/overlayfs/copy_up.c @@ -234,11 +234,11 @@ static int ovl_verify_area(loff_t pos, loff_t pos2, loff_t len, loff_t totlen) { loff_t tmp; - if (WARN_ON_ONCE(pos != pos2)) + if (pos != pos2) return -EIO; - if (WARN_ON_ONCE(pos < 0 || len < 0 || totlen < 0)) + if (pos < 0 || len < 0 || totlen < 0) return -EIO; - if (WARN_ON_ONCE(check_add_overflow(pos, len, &tmp))) + if (check_add_overflow(pos, len, &tmp)) return -EIO; return 0; } -- 2.43.0