From: "Theodore Ts'o" <tytso@mit.edu>
To: Ahmet Eray Karadag <eraykrdg1@gmail.com>
Cc: adilger.kernel@dilger.ca, linux-ext4@vger.kernel.org,
linux-kernel@vger.kernel.org, david.hunter.linux@gmail.com,
skhan@linuxfoundation.org,
syzbot+f3185be57d7e8dda32b8@syzkaller.appspotmail.com,
Albin Babu Varghese <albinbabuvarghese20@gmail.com>
Subject: Re: [PATCH] Fix: ext4: add sanity check for inode inline write range
Date: Wed, 8 Oct 2025 08:34:18 -0400 [thread overview]
Message-ID: <20251008123418.GK386127@mit.edu> (raw)
In-Reply-To: <20251007234221.28643-2-eraykrdg1@gmail.com>
On Wed, Oct 08, 2025 at 02:42:22AM +0300, Ahmet Eray Karadag wrote:
> Add a simple check in ext4_try_to_write_inline_data() to prevent
> writes that extend past the inode's inline data area. The function
> now returns -EINVAL if pos + len exceeds i_inline_size.
The commit description doesn't match with what the patch does. The
patch changes ext4_write_inline_data_end() and not
ext4_try_to_write_inline(). Ext4_try_to_write_inline_data() called
from ext4_write_begin(), and it does this:
if (pos + len > ext4_get_max_inline_size(inode))
return ext4_convert_inline_data_to_extent(mapping, inode);
So the write extends past the inline data area, in ext4_write_begin(),
it will have already been converted to a non-inline function.
The ext4_write_inline_data_end() function is called from
ext4_write_end(), so you need to figure out why we hadn't configured
the file away from inline data in ext4_write_begin().
> Reported-by: syzbot+f3185be57d7e8dda32b8@syzkaller.appspotmail.com
> Link: https://syzkaller.appspot.com/bug?extid=f3185be57d7e8dda32b8
Did you just randomly bash the code until the syzbot reproducer
stopped failing? Please try to understand the code and the failure
much more deeply before attempting to change the code.
Cheers,
- Ted
next prev parent reply other threads:[~2025-10-08 12:34 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-10-07 23:42 [PATCH] Fix: ext4: add sanity check for inode inline write range Ahmet Eray Karadag
2025-10-08 0:47 ` Darrick J. Wong
2025-10-08 12:34 ` Theodore Ts'o [this message]
2025-10-08 13:40 ` Ahmet Eray Karadag
2025-10-09 14:21 ` David Hunter
2025-10-10 11:31 ` kernel test robot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20251008123418.GK386127@mit.edu \
--to=tytso@mit.edu \
--cc=adilger.kernel@dilger.ca \
--cc=albinbabuvarghese20@gmail.com \
--cc=david.hunter.linux@gmail.com \
--cc=eraykrdg1@gmail.com \
--cc=linux-ext4@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=skhan@linuxfoundation.org \
--cc=syzbot+f3185be57d7e8dda32b8@syzkaller.appspotmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox