Received: by 2002:a05:6a10:413:0:0:0:0 with SMTP id 19csp891453pxp; Wed, 16 Mar 2022 20:22:06 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxx9i2drecH35xUw17o9LT+tzmHocMJ9M912Ia4UDcvM0AleI3Ae7qkAdHlFIoAxhmTqFfR X-Received: by 2002:a05:6a00:ac1:b0:4f1:29e4:b3a1 with SMTP id c1-20020a056a000ac100b004f129e4b3a1mr2349697pfl.63.1647487326153; Wed, 16 Mar 2022 20:22:06 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1647487326; cv=none; d=google.com; s=arc-20160816; b=BWBmw3d2r7m8aW0rBhsB21WriI8OsAtYjz1R5XuTYXiBfxAOdA1DPyJeqr93eAUgZ/ jj0IBQRpDVgA9wBibKibVp9GQmJBntx7DRFYeBff7cF2lJkhbLHCP+kxJ+Uct/+F7jdf klSFncO007J11m7z0mGPFYEdVxNzfXzuOH66xzCguVAsSgXq2MyoaCK1yhVHfvM2xaH5 aKr+htmsaXvyaZcUpMwWXI1kj8uPq4VB0jmQ/Odv0ol2zXr2OlrEIROwpEHriZVDqOXj GNO1fIMDGXrIszFVWxZgvvqCxxqTY3Gf4SuSPtpmxFqe6LYroC8g0Kvr644Tz5u93Zc8 gskQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=Bgb19ns4uv6kCrQDg8aIIgRvVQ+xaItlKh1vWLuVpNA=; b=p/6RlCo7+9VeLQoc02I0vaZ/NSbfpiojwKB+eP+sWdo3S2Wja5N4zW3VpfqkN8DdPV oUx3cZU+xxBmoxNJkWACKMzm9Vo9YlOMHDOH66oxZB+KyeCMuAdBEmQFfCQ86iaBeLYN /Vq3fQLy07sKSEpQo9WNmLROuHMRb7w2KJAKsm2vhJLiCfIXnjKEDiiyt03av7lU05zP RjDhnPj0CL8dSFvKHja1zgLga56RP26eRcKyEHYYkwXxZDJU1t2opqzH2VSyo/JI9f7m mTar8V1XecQsUFKXpNVWXIZ/DQrBdelJax04v8Q8AsCFp/N6mcujDqelxWeSNCE9RR+Z Aw8Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=N7wKk+oL; spf=softfail (google.com: domain of transitioning linux-ext4-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-ext4-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [23.128.96.19]) by mx.google.com with ESMTPS id s9-20020a632149000000b003816043f0b9si896054pgm.686.2022.03.16.20.22.05 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 16 Mar 2022 20:22:06 -0700 (PDT) Received-SPF: softfail (google.com: domain of transitioning linux-ext4-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) client-ip=23.128.96.19; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=N7wKk+oL; spf=softfail (google.com: domain of transitioning linux-ext4-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-ext4-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by lindbergh.monkeyblade.net (Postfix) with ESMTP id 91C7827CFD; Wed, 16 Mar 2022 20:21:56 -0700 (PDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1352026AbiCOVkl (ORCPT + 99 others); Tue, 15 Mar 2022 17:40:41 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51932 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1352000AbiCOVkh (ORCPT ); Tue, 15 Mar 2022 17:40:37 -0400 Received: from mail-pf1-x433.google.com (mail-pf1-x433.google.com [IPv6:2607:f8b0:4864:20::433]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9B4705BD26 for ; Tue, 15 Mar 2022 14:39:24 -0700 (PDT) Received: by mail-pf1-x433.google.com with SMTP id t2so995485pfj.10 for ; Tue, 15 Mar 2022 14:39:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=Bgb19ns4uv6kCrQDg8aIIgRvVQ+xaItlKh1vWLuVpNA=; b=N7wKk+oL3j1Qd30Y6igSF5SaMyfetrcGPS0hNadBBXPNNCoSf3hcxmgthsV1OnfVzQ uVqwkCbQuFOFbCW56qChzN/UTcPEcJ3VJRKKAKIhLCFH8PD3DG0ZcK6opSPrupgvtqlM Ru0fucmGfXELPihFvefdtKq7t9bSHDc5Dc6gLzabm4btKw6qe4J003ftYf3vvSY639Qe GhOrIy8BOyVOrLZIEUV28wEBYWyBs+iv3QHS4SwTFMxR4HjoN8spJFWbDM1i6TIspz8+ o3VB3poGctAm71vE/edKZ/hKBgXNanXxgYrhylTBDBcyrPcnA5aQZA1AQaG7Dr0xcvUp s6Kw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=Bgb19ns4uv6kCrQDg8aIIgRvVQ+xaItlKh1vWLuVpNA=; b=mSivOE1aW5wv/NKjAeDO6z9GGaEw/imV5GYUNM4x6eA8XmFPgJZtfcoHN9PHlVUxRH ZVqgtyhbtvzaHHPFUlV+rGmerln3In//0QO0wp+jgRDkbjphh4ZRHdzLl0bUMln96h0x WDU6pl1pQ3TyOUYrn7yBm47q+yz7UHc1beEOYraCJblYB74992cH6JIExjd0deK4e9RS qVOMiVghoFcbLgtLMa6n1tQLha1Na62GpLX4gHGeoykd3z2WR5SnOTMy3+Axg/chg5Kc BU4TTswmwxcc1DKBIVeKbJrqRvdWL60bkLSdW5u7WFFz90FXKKsQJe+aqoq5w1xMJZKC v9EA== X-Gm-Message-State: AOAM533RZoU3qt41e0f2nSYmU6wNAacbBoljMnKpDae/oBDXraMjfyPD 2GBI3WoN3+WZHzOn2bI7uxSKHQ== X-Received: by 2002:a63:2022:0:b0:349:beed:bfd8 with SMTP id g34-20020a632022000000b00349beedbfd8mr25833177pgg.175.1647380363719; Tue, 15 Mar 2022 14:39:23 -0700 (PDT) Received: from localhost.localdomain ([50.39.160.154]) by smtp.gmail.com with ESMTPSA id ob13-20020a17090b390d00b001becfd7c6f3sm155424pjb.27.2022.03.15.14.39.22 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 15 Mar 2022 14:39:22 -0700 (PDT) From: Tadeusz Struk To: syzbot+fcc629d1a1ae8d3fe8a5@syzkaller.appspotmail.com Cc: syzkaller-bugs@googlegroups.com, adilger.kernel@dilger.ca, linux-ext4@vger.kernel.org, tytso@mit.edu, Tadeusz Struk Subject: [PATCH v2] ext4: check if offset+length is within valid fallocate Date: Tue, 15 Mar 2022 14:38:57 -0700 Message-Id: <20220315213857.268414-1-tadeusz.struk@linaro.org> X-Mailer: git-send-email 2.35.1 In-Reply-To: <00000000000042d70e05da43401f@google.com> References: <00000000000042d70e05da43401f@google.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,RDNS_NONE,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-ext4@vger.kernel.org #syz test: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git master ============================================== diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c index 01c9e4f743ba..355384007d11 100644 --- a/fs/ext4/inode.c +++ b/fs/ext4/inode.c @@ -3924,7 +3924,8 @@ int ext4_punch_hole(struct inode *inode, loff_t offset, loff_t length) struct super_block *sb = inode->i_sb; ext4_lblk_t first_block, stop_block; struct address_space *mapping = inode->i_mapping; - loff_t first_block_offset, last_block_offset; + loff_t first_block_offset, last_block_offset, max_length; + struct ext4_sb_info *sbi = EXT4_SB(inode->i_sb); handle_t *handle; unsigned int credits; int ret = 0, ret2 = 0; @@ -3967,6 +3968,16 @@ int ext4_punch_hole(struct inode *inode, loff_t offset, loff_t length) offset; } + /* + * For punch hole the length + offset needs to be at least within + * one block before last + */ + max_length = sbi->s_bitmap_maxbytes - inode->i_sb->s_blocksize; + if (offset + length >= max_length) { + ret = -ENOSPC; + goto out_mutex; + } + if (offset & (sb->s_blocksize - 1) || (offset + length) & (sb->s_blocksize - 1)) { /* -- 2.35.1