From: Peng Tao <bergwolf@gmail.com>
To: Akira Fujita <a-fujita@rs.jp.nec.com>
Cc: Theodore Tso <tytso@mit.edu>, linux-ext4@vger.kernel.org
Subject: Re: [PATCH 1/4]ext4: Fix wrong comparisons in mext_check_arguments()
Date: Thu, 03 Sep 2009 00:02:43 +0800 [thread overview]
Message-ID: <4A9E9723.50803@gmail.com> (raw)
In-Reply-To: <4A9DE3DE.2010509@rs.jp.nec.com>
Hi, Akira,
Akira Fujita wrote:
> ext4: Fix wrong comparisons in mext_check_arguments()
>
> From: Akira Fujita <a-fujita@rs.jp.nec.com>
>
> mext_check_arguments() in move_extents.c has wrong comparisons.
> orig_start which is passed from user-space is block unit,
> but i_size of inode is byte unit, therefore the checks do not work fine.
> This mis-check leads to the overflow of 'len' and then hits BUG_ON()
> in ext4_move_extens(). The patch fixes this issue.
While the bug is true, I wander if it checks all conditions, because i_size isn't
blocksize aligned.
>
> Signed-off-by: Akira Fujita <a-fujita@rs.jp.nec.com>
> ---
> fs/ext4/move_extent.c | 39 ++++++++++++++++++++++++---------------
> 1 files changed, 24 insertions(+), 15 deletions(-)
>
> diff --git a/fs/ext4/move_extent.c b/fs/ext4/move_extent.c
> index 5821e0b..60ed567 100644
> --- a/fs/ext4/move_extent.c
> +++ b/fs/ext4/move_extent.c
> @@ -972,43 +972,52 @@ mext_check_arguments(struct inode *orig_inode,
> }
>
> if (orig_inode->i_size > donor_inode->i_size) {
> - if (orig_start >= donor_inode->i_size) {
> + if (orig_start << orig_inode->i_blkbits >=
> + donor_inode->i_size) {
> ext4_debug("ext4 move extent: orig start offset "
> "[%llu] should be less than donor file size "
> "[%lld] [ino:orig %lu, donor_inode %lu]\n",
> - orig_start, donor_inode->i_size,
> - orig_inode->i_ino, donor_inode->i_ino);
> + orig_start << orig_inode->i_blkbits,
> + donor_inode->i_size, orig_inode->i_ino,
> + donor_inode->i_ino);
> return -EINVAL;
> }
> -
> - if (orig_start + *len > donor_inode->i_size) {
> + if ((orig_start + *len) << orig_inode->i_blkbits >
> + donor_inode->i_size) {
> ext4_debug("ext4 move extent: End offset [%llu] should "
> "be less than donor file size [%lld]."
> "So adjust length from %llu to %lld "
> "[ino:orig %lu, donor %lu]\n",
> - orig_start + *len, donor_inode->i_size,
> - *len, donor_inode->i_size - orig_start,
> + (orig_start + *len) << orig_inode->i_blkbits,
> + donor_inode->i_size,
> + *len, (donor_inode->i_size >>
> + orig_inode->i_blkbits) - orig_start,
> orig_inode->i_ino, donor_inode->i_ino);
> - *len = donor_inode->i_size - orig_start;
> + *len = (donor_inode->i_size >> orig_inode->i_blkbits) -
> + orig_start;
> }
> } else {
> - if (orig_start >= orig_inode->i_size) {
> + if (orig_start << orig_inode->i_blkbits >=
> + orig_inode->i_size) {
> ext4_debug("ext4 move extent: start offset [%llu] "
> "should be less than original file size "
> "[%lld] [inode:orig %lu, donor %lu]\n",
> - orig_start, orig_inode->i_size,
> - orig_inode->i_ino, donor_inode->i_ino);
> + orig_start << orig_inode->i_blkbits,
> + orig_inode->i_size, orig_inode->i_ino,
> + donor_inode->i_ino);
> return -EINVAL;
> }
> -
> - if (orig_start + *len > orig_inode->i_size) {
> + if ((orig_start + *len) << orig_inode->i_blkbits >
> + orig_inode->i_size) {
> ext4_debug("ext4 move extent: Adjust length "
> "from %llu to %lld. Because it should be "
> "less than original file size "
> "[ino:orig %lu, donor %lu]\n",
> - *len, orig_inode->i_size - orig_start,
> + *len, (orig_inode->i_size >>
> + orig_inode->i_blkbits) - orig_start,
> orig_inode->i_ino, donor_inode->i_ino);
> - *len = orig_inode->i_size - orig_start;
> + *len = (orig_inode->i_size >> orig_inode->i_blkbits) -
> + orig_start;
> }
> }
> --
> To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
>
--
Best Regards,
Peng Tao
State Key Laboratory of Networking and Switching Technology
Beijing Univ. of Posts and Telecoms.
next prev parent reply other threads:[~2009-09-02 16:02 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-09-02 3:17 [PATCH 1/4]ext4: Fix wrong comparisons in mext_check_arguments() Akira Fujita
2009-09-02 16:02 ` Peng Tao [this message]
2009-09-06 2:10 ` Theodore Tso
2009-09-16 4:56 ` Akira Fujita
2009-09-16 18:37 ` Theodore Tso
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4A9E9723.50803@gmail.com \
--to=bergwolf@gmail.com \
--cc=a-fujita@rs.jp.nec.com \
--cc=linux-ext4@vger.kernel.org \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.