From: David Sterba <dsterba@suse.cz>
To: dsterba@suse.cz, Qu Wenruo <wqu@suse.com>,
linux-btrfs@vger.kernel.org, Josef Bacik <josef@toxicpanda.com>
Subject: Re: [PATCH v5 1/4] btrfs: extent_io: do extra check for extent buffer read write functions
Date: Thu, 20 Aug 2020 17:18:04 +0200 [thread overview]
Message-ID: <20200820151804.GZ2026@twin.jikos.cz> (raw)
In-Reply-To: <20200820144647.GY2026@twin.jikos.cz>
On Thu, Aug 20, 2020 at 04:46:47PM +0200, David Sterba wrote:
> On Thu, Aug 20, 2020 at 05:58:53PM +0800, Qu Wenruo wrote:
> check_add_overflow(start, len) || start + len > eb->len
--- a/fs/btrfs/extent_io.c
+++ b/fs/btrfs/extent_io.c
@@ -13,6 +13,7 @@
#include <linux/pagevec.h>
#include <linux/prefetch.h>
#include <linux/cleancache.h>
+#include <linux/overflow.h>
#include "extent_io.h"
#include "extent-io-tree.h"
#include "extent_map.h"
@@ -5641,9 +5642,10 @@ static void report_eb_range(const struct extent_buffer *eb, unsigned long start,
static inline int check_eb_range(const struct extent_buffer *eb,
unsigned long start, unsigned long len)
{
+ unsigned long offset;
+
/* start, start + len should not go beyond eb->len nor overflow */
- if (unlikely(start > eb->len || start + len > eb->len ||
- len > eb->len)) {
+ if (unlikely(check_add_overflow(start, len, &offset) || offset > eb->len)) {
report_eb_range(eb, start, len);
return -EINVAL;
}
---
next prev parent reply other threads:[~2020-08-20 15:19 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-08-19 6:35 [PATCH v5 0/4] btrfs: Enhanced runtime defence against fuzzed images Qu Wenruo
2020-08-19 6:35 ` [PATCH v5 1/4] btrfs: extent_io: do extra check for extent buffer read write functions Qu Wenruo
2020-08-19 17:11 ` David Sterba
2020-08-19 23:14 ` Qu Wenruo
2020-08-20 9:50 ` David Sterba
2020-08-20 9:58 ` Qu Wenruo
2020-08-20 14:46 ` David Sterba
2020-08-20 15:18 ` David Sterba [this message]
2020-08-20 23:39 ` Qu Wenruo
2020-08-19 6:35 ` [PATCH v5 2/4] btrfs: extent-tree: kill BUG_ON() in __btrfs_free_extent() and do better comment Qu Wenruo
2020-08-19 6:35 ` [PATCH v5 3/4] btrfs: extent-tree: kill the BUG_ON() in insert_inline_extent_backref() Qu Wenruo
2020-08-19 6:35 ` [PATCH v5 4/4] btrfs: ctree: checking key orders before merged tree blocks Qu Wenruo
2020-08-27 14:47 ` [PATCH v5 0/4] btrfs: Enhanced runtime defence against fuzzed images David Sterba
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200820151804.GZ2026@twin.jikos.cz \
--to=dsterba@suse.cz \
--cc=josef@toxicpanda.com \
--cc=linux-btrfs@vger.kernel.org \
--cc=wqu@suse.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox