MIRRORS/linux-yocto
1
0
Fork 0
mirror of git://git.yoctoproject.org/linux-yocto.git synced 2025-10-22 23:13:01 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity
5a924f7ed6
linux-yocto/fs/ext4
History
Zhang Yi 5412c47f3c ext4: fix hole length calculation overflow in non-extent inodes 
commit 02c7f7219ac0e2277b3379a3a0e9841ef464b6d4 upstream.

In a filesystem with a block size larger than 4KB, the hole length
calculation for a non-extent inode in ext4_ind_map_blocks() can easily
exceed INT_MAX. Then it could return a zero length hole and trigger the
following waring and infinite in the iomap infrastructure.

  ------------[ cut here ]------------
  WARNING: CPU: 3 PID: 434101 at fs/iomap/iter.c:34 iomap_iter_done+0x148/0x190
  CPU: 3 UID: 0 PID: 434101 Comm: fsstress Not tainted 6.16.0-rc7+ #128 PREEMPT(voluntary)
  Hardware name: QEMU KVM Virtual Machine, BIOS unknown 2/2/2022
  pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
  pc : iomap_iter_done+0x148/0x190
  lr : iomap_iter+0x174/0x230
  sp : ffff8000880af740
  x29: ffff8000880af740 x28: ffff0000db8e6840 x27: 0000000000000000
  x26: 0000000000000000 x25: ffff8000880af830 x24: 0000004000000000
  x23: 0000000000000002 x22: 000001bfdbfa8000 x21: ffffa6a41c002e48
  x20: 0000000000000001 x19: ffff8000880af808 x18: 0000000000000000
  x17: 0000000000000000 x16: ffffa6a495ee6cd0 x15: 0000000000000000
  x14: 00000000000003d4 x13: 00000000fa83b2da x12: 0000b236fc95f18c
  x11: ffffa6a4978b9c08 x10: 0000000000001da0 x9 : ffffa6a41c1a2a44
  x8 : ffff8000880af5c8 x7 : 0000000001000000 x6 : 0000000000000000
  x5 : 0000000000000004 x4 : 000001bfdbfa8000 x3 : 0000000000000000
  x2 : 0000000000000000 x1 : 0000004004030000 x0 : 0000000000000000
  Call trace:
   iomap_iter_done+0x148/0x190 (P)
   iomap_iter+0x174/0x230
   iomap_fiemap+0x154/0x1d8
   ext4_fiemap+0x110/0x140 [ext4]
   do_vfs_ioctl+0x4b8/0xbc0
   __arm64_sys_ioctl+0x8c/0x120
   invoke_syscall+0x6c/0x100
   el0_svc_common.constprop.0+0x48/0xf0
   do_el0_svc+0x24/0x38
   el0_svc+0x38/0x120
   el0t_64_sync_handler+0x10c/0x138
   el0t_64_sync+0x198/0x1a0
  ---[ end trace 0000000000000000 ]---

Cc: stable@kernel.org
Fixes: facab4d971 ("ext4: return hole from ext4_map_blocks()")
Reported-by: Qu Wenruo <wqu@suse.com>
Closes: https://lore.kernel.org/linux-ext4/9b650a52-9672-4604-a765-bb6be55d1e4a@gmx.com/
Tested-by: Qu Wenruo <wqu@suse.com>
Signed-off-by: Zhang Yi <yi.zhang@huawei.com>
Link: https://patch.msgid.link/20250811064532.1788289-1-yi.zhang@huaweicloud.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2025-08-28 16:26:06 +02:00
..
.kunitconfig
acl.c
acl.h
balloc.c ext4: reorder capability check last 2025-06-04 14:40:05 +02:00
bitmap.c
block_validity.c ext4: make block validity check resistent to sb bh corruption 2025-05-02 07:47:06 +02:00
crypto.c
dir.c ext4: fix OOB read when checking dotdot dir 2025-04-10 14:33:43 +02:00
ext4_extents.h
ext4_jbd2.c
ext4_jbd2.h
ext4.h ext4: factor out ext4_get_maxbytes() 2025-06-27 11:07:29 +01:00
extents_status.c ext4: make ext4_es_insert_extent() return void 2024-08-11 12:35:52 +02:00
extents_status.h ext4: make ext4_es_insert_extent() return void 2024-08-11 12:35:52 +02:00
extents.c ext4: factor out ext4_get_maxbytes() 2025-06-27 11:07:29 +01:00
fast_commit.c ext4: use handle to mark fc as ineligible in __track_dentry_update() 2024-10-17 15:21:54 +02:00
fast_commit.h
file.c ext4: factor out ext4_get_maxbytes() 2025-06-27 11:07:29 +01:00
fsmap.c ext4: fix reserved gdt blocks handling in fsmap 2025-08-28 16:26:06 +02:00
fsmap.h
fsync.c
hash.c
ialloc.c ext4: avoid negative min_clusters in find_group_orlov() 2024-10-17 15:20:59 +02:00
indirect.c ext4: fix hole length calculation overflow in non-extent inodes 2025-08-28 16:26:06 +02:00
inline.c ext4: do not BUG when INLINE_DATA_FL lacks system.data xattr 2025-08-28 16:25:59 +02:00
inode-test.c
inode.c ext4: check fast symlink for ea_inode correctly 2025-08-28 16:26:05 +02:00
ioctl.c
Kconfig
Makefile
mballoc.c ext4: fix largest free orders lists corruption on mb_optimize_scan switch 2025-08-28 16:26:03 +02:00
mballoc.h ext4: fix FS_IOC_GETFSMAP handling 2024-12-14 19:53:58 +01:00
migrate.c ext4: fix i_data_sem unlock order in ext4_ind_migrate() 2024-10-17 15:21:48 +02:00
mmp.c
move_extent.c ext4: update orig_path in ext4_find_extent() 2024-10-17 15:21:54 +02:00
namei.c ext4: fix off-by-one error in do_split 2025-04-25 10:43:40 +02:00
orphan.c ext4: use kmalloc_array() for array space allocation 2025-08-28 16:26:06 +02:00
page-io.c ext4: handle redirtying in ext4_bio_write_page() 2024-09-08 07:53:13 +02:00
readpage.c
resize.c
super.c ext4: don't try to clear the orphan_present feature block device is r/o 2025-08-28 16:26:06 +02:00
symlink.c
sysfs.c
truncate.h
verity.c
xattr_hurd.c
xattr_security.c
xattr_trusted.c
xattr_user.c
xattr.c ext4: ignore xattrs past end 2025-04-25 10:43:30 +02:00
xattr.h