Received: by 2002:a05:6a10:2726:0:0:0:0 with SMTP id ib38csp3145607pxb; Mon, 4 Apr 2022 08:48:06 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyo6FQUwcpZFszFDhdjz5dShuedpAGpgDmskw61z6903EiQFo3ml5kQM8qVGkR7xxV4QyXU X-Received: by 2002:aa7:d553:0:b0:416:4dfc:126d with SMTP id u19-20020aa7d553000000b004164dfc126dmr784362edr.213.1649087286499; Mon, 04 Apr 2022 08:48:06 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1649087286; cv=none; d=google.com; s=arc-20160816; b=Ut4vbCwbr2i4zZ5qAaY5ynXa/F2MHPYIN6wb1zIPC2QuFVQjEKqJX6EAwotFgJqzpc KkiVmCD447yYEYLseW1LqhQR+l6GKUcLvL4ujbPRQg642f9OkpcIl7Qft0+K6m5W3+Yj zL3unYsoCH8LQrW9YQLF7csNywWlvs26ed7OkVJNriv7c0g05ter7ATqgVa8QCcf+UVo PNVKGZYBEX+eZ9XF0e/F7AlKPEliGyYDdTVWr5US3012eyNBzFSdS/KHRvvIXvbGmNqL E8JOUdgdAuyvTnwlumiZhW5kOqHdeRF+1MmoMwexXKdKyZu9HtyjJPuWwGhwGGkbcU3U L07w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from; bh=CTG5IjsXses9MrC+D/eOEzOHyb666G0sMybQNXYxrAs=; b=b4z9tb4237Q3zSzaQiy2sNg7jdDeu/MIxTGmOHxyAVynqCrPKty35UpgVBdsVOi6IM aqVuxz9euoXJ/8rIo3YQNmN67cNA3DOtN79ez/jnqkAPkcpZDK0G4U/jtmOEydva2MxQ eUUW0IGFiNRUb6CkbuEJ2j1SSTd4LKSBQE/2vCQEmNDOOGEo4KdH7mAWidF8HoN1acXH nX1nibFWxcIIspMVIai1YT5a1SQW00lk8VRYTcEEodvoaLD8qODi4M2Zxsq3soVAgs6p M6DLmGlRUvwtKNvK5w7pMRfstMaPm+bDuDinf/HJTFx1ANl6fqHngNnkTBArK66q4XCk pp9g== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-ext4-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-ext4-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=mit.edu Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id z9-20020a05640235c900b00418c2b5be27si7971532edc.265.2022.04.04.08.47.34; Mon, 04 Apr 2022 08:48:06 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-ext4-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-ext4-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-ext4-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=mit.edu Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S237998AbiDCOz1 (ORCPT + 99 others); Sun, 3 Apr 2022 10:55:27 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60920 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236786AbiDCOz0 (ORCPT ); Sun, 3 Apr 2022 10:55:26 -0400 Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 1AB89FF4; Sun, 3 Apr 2022 07:53:31 -0700 (PDT) Received: from cwcc.thunk.org (pool-108-7-220-252.bstnma.fios.verizon.net [108.7.220.252]) (authenticated bits=0) (User authenticated as tytso@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id 233ErMCs020996 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sun, 3 Apr 2022 10:53:22 -0400 Received: by cwcc.thunk.org (Postfix, from userid 15806) id 1FBF915C003E; Sun, 3 Apr 2022 10:53:22 -0400 (EDT) From: "Theodore Ts'o" To: Tadeusz Struk , linux-ext4@vger.kernel.org Cc: "Theodore Ts'o" , linux-kernel@vger.kernel.org, stable@vger.kernel.org, Ritesh Harjani , Andreas Dilger , syzbot+7a806094edd5d07ba029@syzkaller.appspotmail.com Subject: Re: [PATCH v3] ext4: limit length to bitmap_maxbytes - blocksize in punch_hole Date: Sun, 3 Apr 2022 10:53:17 -0400 Message-Id: <164899700423.964485.7890254685030914129.b4-ty@mit.edu> X-Mailer: git-send-email 2.31.0 In-Reply-To: <20220331200515.153214-1-tadeusz.struk@linaro.org> References: <20220331200515.153214-1-tadeusz.struk@linaro.org> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED, SPF_HELO_NONE,SPF_NONE,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-ext4@vger.kernel.org On Thu, 31 Mar 2022 13:05:15 -0700, Tadeusz Struk wrote: > Syzbot found an issue [1] in ext4_fallocate(). > The C reproducer [2] calls fallocate(), passing size 0xffeffeff000ul, > and offset 0x1000000ul, which, when added together exceed the > bitmap_maxbytes for the inode. This triggers a BUG in > ext4_ind_remove_space(). According to the comments in this function > the 'end' parameter needs to be one block after the last block to be > removed. In the case when the BUG is triggered it points to the last > block. Modify the ext4_punch_hole() function and add constraint that > caps the length to satisfy the one before laster block requirement. > > [...] Applied, thanks! [1/1] ext4: limit length to bitmap_maxbytes - blocksize in punch_hole commit: dfc99c5e84e46c610a7bf81dc4a3a126253be459 Best regards, -- Theodore Ts'o