Received: by 2002:a25:1985:0:0:0:0:0 with SMTP id 127csp1412919ybz; Wed, 29 Apr 2020 22:00:01 -0700 (PDT) X-Google-Smtp-Source: APiQypKOQ8iT5EefI//uyDm3XRq9nsjb+OjLk8D3ef0JkEvNdP9Zyofi1iir+kEIEb/OOfpZhae9 X-Received: by 2002:aa7:d653:: with SMTP id v19mr1045945edr.383.1588222801375; Wed, 29 Apr 2020 22:00:01 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1588222801; cv=none; d=google.com; s=arc-20160816; b=Au12HSKpnAYidBZft1LzTxbFT0WSJJvh87XgCKm6BJmMQ33dhh6OrsNhScE0W+Mb8Z FXFq1Ddcuk9F+8P95aN0k/dueHPKA4BZGK84E6Rjo2bl67k0CzYFtgVOcQXlqsACcl8i uB1Hx6MmabUGM0oks6u4uisCUGme9l0l5Be29YotB6bPKQ9JMkx3BcYE+IhtAs6M8Fm/ 2W4+kXV290CNI6wtv5EiWO7KkRgaDxpDrKWnIP54zrH8maDbb00T39X4OEyvez7KkEVH LFznrGiQNkdp2BbTRmsqZOCDK1F6WVueuqaT2NPoEte5hdYxfkXKBp5qFCywS3aFs4BB 0SWQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from; bh=QGzehT1bWXGYd6hNRdBuIrsV5TM+GBllAvq9mDaeVpw=; b=cRnzdxM2PTAJ7bwlqt+eXiyj5E5mWgA9Ac+U3bRxCTWBNS4i0X0odCWdz9d1zhB7kl ILsFpCBB8myqsY/V6TcVpX6MqI+957qfNh4+ib77HWmg4uZyjE247bUFpQlV8wBkPHQ5 qjvj6RUc+wnaRs4VYrlj0o0UGUdTjBF6ic9cj4FxO/t3NiwUKtdctBQRefNS3SUXRLkl MS1WQqbTAw5ugQWBEvWnNBId2JN3ukpCdRBaf7Iajlaa9owOkoJwTuFX9atYFQIVh5Cb jy417JlLnKPstWT9oK4dV8GmHXMTnvxb8T21dP1bxNCnJ1lEdv7xUVjBOc/q9htJlCht 2duA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-ext4-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-ext4-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id o15si5020890eju.289.2020.04.29.21.59.33; Wed, 29 Apr 2020 22:00:01 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-ext4-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-ext4-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-ext4-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726405AbgD3E4I (ORCPT + 99 others); Thu, 30 Apr 2020 00:56:08 -0400 Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]:29260 "EHLO mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726337AbgD3E4I (ORCPT ); Thu, 30 Apr 2020 00:56:08 -0400 Received: from pps.filterd (m0098394.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.42/8.16.0.42) with SMTP id 03U4WXsR061953; Thu, 30 Apr 2020 00:55:32 -0400 Received: from ppma01fra.de.ibm.com (46.49.7a9f.ip4.static.sl-reverse.com [159.122.73.70]) by mx0a-001b2d01.pphosted.com with ESMTP id 30mhqada3x-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 30 Apr 2020 00:55:32 -0400 Received: from pps.filterd (ppma01fra.de.ibm.com [127.0.0.1]) by ppma01fra.de.ibm.com (8.16.0.27/8.16.0.27) with SMTP id 03U4pPve010649; Thu, 30 Apr 2020 04:55:29 GMT Received: from b06cxnps4076.portsmouth.uk.ibm.com (d06relay13.portsmouth.uk.ibm.com [9.149.109.198]) by ppma01fra.de.ibm.com with ESMTP id 30mcu8ebtq-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 30 Apr 2020 04:55:29 +0000 Received: from d06av24.portsmouth.uk.ibm.com (mk.ibm.com [9.149.105.60]) by b06cxnps4076.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 03U4tRhI49086520 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 30 Apr 2020 04:55:27 GMT Received: from d06av24.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id F376F42041; Thu, 30 Apr 2020 04:55:26 +0000 (GMT) Received: from d06av24.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 795ED42042; Thu, 30 Apr 2020 04:55:24 +0000 (GMT) Received: from localhost.localdomain.com (unknown [9.199.35.53]) by d06av24.portsmouth.uk.ibm.com (Postfix) with ESMTP; Thu, 30 Apr 2020 04:55:24 +0000 (GMT) From: Ritesh Harjani To: linux-fsdevel@vger.kernel.org, linux-xfs@vger.kernel.org Cc: Alexander Viro , "Darrick J . Wong" , Christoph Hellwig , Jan Kara , tytso@mit.edu, "Aneesh Kumar K . V" , linux-ext4@vger.kernel.org, Ritesh Harjani Subject: [PATCHv3 1/1] fibmap: Warn and return an error in case of block > INT_MAX Date: Thu, 30 Apr 2020 10:25:18 +0530 Message-Id: X-Mailer: git-send-email 2.21.0 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-TM-AS-GCONF: 00 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.138,18.0.676 definitions=2020-04-30_01:2020-04-30,2020-04-30 signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 bulkscore=0 priorityscore=1501 phishscore=0 clxscore=1015 adultscore=0 suspectscore=0 spamscore=0 lowpriorityscore=0 malwarescore=0 impostorscore=0 mlxlogscore=999 mlxscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2003020000 definitions=main-2004300030 Sender: linux-ext4-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-ext4@vger.kernel.org We better warn the fibmap user and not return a truncated and therefore an incorrect block map address if the bmap() returned block address is greater than INT_MAX (since user supplied integer pointer). It's better to pr_warn() all user of ioctl_fibmap() and return a proper error code rather than silently letting a FS corruption happen if the user tries to fiddle around with the returned block map address. We fix this by returning an error code of -ERANGE and returning 0 as the block mapping address in case if it is > INT_MAX. Now iomap_bmap() could be called from either of these two paths. Either when a user is calling an ioctl_fibmap() interface to get the block mapping address or by some filesystem via use of bmap() internal kernel API. bmap() kernel API is well equipped with handling of u64 addresses. WARN condition in iomap_bmap_actor() was mainly added to warn all the fibmap users. But now that we have directly added this warning for all fibmap users and also made sure to return 0 as block map address in case if addr > INT_MAX. So we can now remove this logic from iomap_bmap_actor(). Signed-off-by: Ritesh Harjani --- v2 -> v3: 1. Added file path info using (%pD4) 2. Dropped Reviewed-by tags for reviewing this final version. fs/ioctl.c | 8 ++++++++ fs/iomap/fiemap.c | 5 +---- 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/fs/ioctl.c b/fs/ioctl.c index f1d93263186c..6b8629fbe0fd 100644 --- a/fs/ioctl.c +++ b/fs/ioctl.c @@ -55,6 +55,7 @@ EXPORT_SYMBOL(vfs_ioctl); static int ioctl_fibmap(struct file *filp, int __user *p) { struct inode *inode = file_inode(filp); + struct super_block *sb = inode->i_sb; int error, ur_block; sector_t block; @@ -71,6 +72,13 @@ static int ioctl_fibmap(struct file *filp, int __user *p) block = ur_block; error = bmap(inode, &block); + if (block > INT_MAX) { + error = -ERANGE; + pr_warn_ratelimited("[%s/%d] FS: %s File: %pD4 would truncate fibmap result\n", + current->comm, task_pid_nr(current), + sb->s_id, filp); + } + if (error) ur_block = 0; else diff --git a/fs/iomap/fiemap.c b/fs/iomap/fiemap.c index bccf305ea9ce..d55e8f491a5e 100644 --- a/fs/iomap/fiemap.c +++ b/fs/iomap/fiemap.c @@ -117,10 +117,7 @@ iomap_bmap_actor(struct inode *inode, loff_t pos, loff_t length, if (iomap->type == IOMAP_MAPPED) { addr = (pos - iomap->offset + iomap->addr) >> inode->i_blkbits; - if (addr > INT_MAX) - WARN(1, "would truncate bmap result\n"); - else - *bno = addr; + *bno = addr; } return 0; } -- 2.21.0