[PATCH v2] mm/fadvise: validate offset in generic_fadvise

[PATCH v2] mm/fadvise: validate offset in generic_fadvise

[klourencodev]

From: Kevin Lourenco <klourencodev@gmail.com>

When converted to (u64) for page calculations, a negative offset can
produce extremely large page indices. This may lead to issues in certain
advice modes (excessive readahead or cache invalidation).

Reject negative offsets with -EINVAL for consistent argument validation
and to avoid silent misbehavior.

POSIX and the man page do not clearly define behavior for negative
offset/len. FreeBSD rejects negative offsets as well, so failing with
-EINVAL is consistent with existing practice. The man page can be
updated separately to document the Linux behavior.

Signed-off-by: Kevin Lourenco <klourencodev@gmail.com>
---
 mm/fadvise.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/mm/fadvise.c b/mm/fadvise.c
index 67028e30aa91..b63fe21416ff 100644
--- a/mm/fadvise.c
+++ b/mm/fadvise.c
@@ -43,7 +43,7 @@ int generic_fadvise(struct file *file, loff_t offset, loff_t len, int advice)
 		return -ESPIPE;
 
 	mapping = file->f_mapping;
-	if (!mapping || len < 0)
+	if (!mapping || len < 0 || offset < 0)
 		return -EINVAL;
 
 	bdi = inode_to_bdi(mapping->host);
-- 
2.52.0

Re: [PATCH v2] mm/fadvise: validate offset in generic_fadvise

[David Hildenbrand (Arm)]

On 2/8/26 14:57, klourencodev@gmail.com wrote:
> From: Kevin Lourenco <klourencodev@gmail.com>
> 
> When converted to (u64) for page calculations, a negative offset can
> produce extremely large page indices. This may lead to issues in certain
> advice modes (excessive readahead or cache invalidation).
> 
> Reject negative offsets with -EINVAL for consistent argument validation
> and to avoid silent misbehavior.
> 
> POSIX and the man page do not clearly define behavior for negative
> offset/len. FreeBSD rejects negative offsets as well, so failing with
> -EINVAL is consistent with existing practice. The man page can be
> updated separately to document the Linux behavior.
> 
> Signed-off-by: Kevin Lourenco <klourencodev@gmail.com>
> ---

Acked-by: David Hildenbrand (Arm) <david@kernel.org>

-- 
Cheers,

David

Re: [PATCH v2] mm/fadvise: validate offset in generic_fadvise

[Jan Kara]

On Sun 08-02-26 14:57:38, klourencodev@gmail.com wrote:
> From: Kevin Lourenco <klourencodev@gmail.com>
> 
> When converted to (u64) for page calculations, a negative offset can
> produce extremely large page indices. This may lead to issues in certain
> advice modes (excessive readahead or cache invalidation).
> 
> Reject negative offsets with -EINVAL for consistent argument validation
> and to avoid silent misbehavior.
> 
> POSIX and the man page do not clearly define behavior for negative
> offset/len. FreeBSD rejects negative offsets as well, so failing with
> -EINVAL is consistent with existing practice. The man page can be
> updated separately to document the Linux behavior.
> 
> Signed-off-by: Kevin Lourenco <klourencodev@gmail.com>

Indeed. That looks like an oversight. Feel free to add:

Reviewed-by: Jan Kara <jack@suse.cz>

								Honza

> ---
>  mm/fadvise.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/mm/fadvise.c b/mm/fadvise.c
> index 67028e30aa91..b63fe21416ff 100644
> --- a/mm/fadvise.c
> +++ b/mm/fadvise.c
> @@ -43,7 +43,7 @@ int generic_fadvise(struct file *file, loff_t offset, loff_t len, int advice)
>  		return -ESPIPE;
>  
>  	mapping = file->f_mapping;
> -	if (!mapping || len < 0)
> +	if (!mapping || len < 0 || offset < 0)
>  		return -EINVAL;
>  
>  	bdi = inode_to_bdi(mapping->host);
> -- 
> 2.52.0
> 
-- 
Jan Kara <jack@suse.com>
SUSE Labs, CR