Received: by 2002:a25:1985:0:0:0:0:0 with SMTP id 127csp2704468ybz; Mon, 27 Apr 2020 02:59:44 -0700 (PDT) X-Google-Smtp-Source: APiQypLtbk/W1n/Nl/qr8PPkuLQ6IonKUa9Mna/5aYHNjIkGx5aJLspPp5+9Kt4yJnc7U+CgVB0G X-Received: by 2002:a17:906:328c:: with SMTP id 12mr17809563ejw.69.1587981584814; Mon, 27 Apr 2020 02:59:44 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1587981584; cv=none; d=google.com; s=arc-20160816; b=fv0jrYP2lfU6Opdbfb8hEiOJ6Hklj+etD0g6isvjAINWSKl5Y2oIeHcu/LAWAj188s WSpnmjsGpu+Yh5ThJWNTZ8wuG5MGNJZRtm+dT6D9ZdY830qQPLutj7qcf2B5oLCHuWpu KE4W2KTgo9ZZAwnJL2/h070j+YxTZZUAAhHyrlZTv4hl2czAFGXyD1x/miOFlUY385/j ymUtmGhY4KdTuaZQH0fE4grPMFyMQmvSVwnJkUz70t7NLWj7HrMvu/v4zmGN4hKan3Hv ZAa/89Yr9NxdvHwQ3ByScfVQIoxdMDZPg9dpgMiq9179U8PqlAScDI6AVDQLA6Vu+fSM gBWg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=RgQiwfsSPXHYeN94dR0SYoXUiw/kCpJ0Bv9UO/BsFqU=; b=Mk2ckPaURULMcKhRdhSMdSYoNqKJh93JhDMIb4ShqoF1AvODon+VsDDOEaafTzTz7v gyYbAlJ5veRnyaPVfqnh1v2qlYvaoOJ3kVi7AR2+N+PYkEw9USj5pXy8Tf3nw5nBguVO oPYKNdaWmeqHGOHA1/FVssR+CxlU93SlEFIXr4+l7lOC4C1B4IiilUDZ4qFqEpjwGTJx nF6Ppq+3KtQDzRhNMVnRWmXOdlcEudVuzv0tULbCmnHH/hQpevraZWebFe4PPTI+36JN JfdYgWMQyjEFBCM8VuGNXweb2ucWMeEeRy8soTQDXdMHUKIwjCQF2b1V0w2xnFbcKta8 0S6w== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@infradead.org header.s=bombadil.20170209 header.b=npmptoCU; spf=pass (google.com: domain of linux-ext4-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-ext4-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id l12si7347310edn.565.2020.04.27.02.59.17; Mon, 27 Apr 2020 02:59:44 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-ext4-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=fail header.i=@infradead.org header.s=bombadil.20170209 header.b=npmptoCU; spf=pass (google.com: domain of linux-ext4-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-ext4-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726621AbgD0J7H (ORCPT + 99 others); Mon, 27 Apr 2020 05:59:07 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48390 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-FAIL-OK-FAIL) by vger.kernel.org with ESMTP id S1726349AbgD0J7G (ORCPT ); Mon, 27 Apr 2020 05:59:06 -0400 Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6ACCEC0610D6; Mon, 27 Apr 2020 02:59:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=bombadil.20170209; h=Content-Transfer-Encoding: MIME-Version:References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender :Reply-To:Content-Type:Content-ID:Content-Description; bh=RgQiwfsSPXHYeN94dR0SYoXUiw/kCpJ0Bv9UO/BsFqU=; b=npmptoCUw0CXC7qt7dy2UTvU7+ bDTtfVAEokmo55lXkCVpK3qaFc0r68Ucpw4o406KsjXZS7JkcaNSi6W3cwMJ3B5f1tGR5wPCQaj0A cFhTS1c4ogwHS4BH3tc6gIwjYUibc7Zf2BWsL8mJlsaSeI1j9CB2JSC1KL+ND7bW8HWZXDd9gtG5v f9TBB3ojjFyGG7sGe8sDqNadhRY+3FFni4yXQOxQscWY4hk212iFqfl5HP5+UfUwJLY7jCad4PtYO upf6AlQUjxciojA12N6L+joHftCd5ulO5Sw8t/ERds6dOhzUhMSHjadt7YMZ+V526fc63JJCP4lIx MJx05qCw==; Received: from [2001:4bb8:193:f203:c70:4a89:bc61:2] (helo=localhost) by bombadil.infradead.org with esmtpsa (Exim 4.92.3 #3 (Red Hat Linux)) id 1jT0XX-0003f5-8J; Mon, 27 Apr 2020 09:59:03 +0000 From: Christoph Hellwig To: linux-ext4@vger.kernel.org, viro@zeniv.linux.org.uk Cc: jack@suse.cz, tytso@mit.edu, adilger@dilger.ca, riteshh@linux.ibm.com, amir73il@gmail.com, linux-fsdevel@vger.kernel.org, linux-unionfs@vger.kernel.org, syzbot+77fa5bdb65cc39711820@syzkaller.appspotmail.com Subject: [PATCH 1/8] ext4: fix EXT4_MAX_LOGICAL_BLOCK macro Date: Mon, 27 Apr 2020 11:58:51 +0200 Message-Id: <20200427095858.1440608-2-hch@lst.de> X-Mailer: git-send-email 2.26.1 In-Reply-To: <20200427095858.1440608-1-hch@lst.de> References: <20200427095858.1440608-1-hch@lst.de> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-SRS-Rewrite: SMTP reverse-path rewritten from by bombadil.infradead.org. See http://www.infradead.org/rpr.html Sender: linux-ext4-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-ext4@vger.kernel.org From: Ritesh Harjani ext4 supports max number of logical blocks in a file to be 0xffffffff. (This is since ext4_extent's ee_block is __le32). This means that EXT4_MAX_LOGICAL_BLOCK should be 0xfffffffe (starting from 0 logical offset). This patch fixes this. The issue was seen when ext4 moved to iomap_fiemap API and when overlayfs was mounted on top of ext4. Since overlayfs was missing filemap_check_ranges(), so it could pass a arbitrary huge length which lead to overflow of map.m_len logic. This patch fixes that. Fixes: d3b6f23f7167 ("ext4: move ext4_fiemap to use iomap framework") Reported-by: syzbot+77fa5bdb65cc39711820@syzkaller.appspotmail.com Signed-off-by: Ritesh Harjani Reviewed-by: Jan Kara Signed-off-by: Christoph Hellwig --- fs/ext4/ext4.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/ext4/ext4.h b/fs/ext4/ext4.h index 91eb4381cae5b..ad2dbf6e49245 100644 --- a/fs/ext4/ext4.h +++ b/fs/ext4/ext4.h @@ -722,7 +722,7 @@ enum { #define EXT4_MAX_BLOCK_FILE_PHYS 0xFFFFFFFF /* Max logical block we can support */ -#define EXT4_MAX_LOGICAL_BLOCK 0xFFFFFFFF +#define EXT4_MAX_LOGICAL_BLOCK 0xFFFFFFFE /* * Structure of an inode on the disk -- 2.26.1