| Submitter | Tao Ma |
|---|---|
| Date | June 30, 2011, 2:50 p.m. |
| Message ID | <1309445439-3753-1-git-send-email-tm@tao.ma> |
| Download | mbox | patch |
| Permalink | /patch/102767/ |
| State | Superseded |
| Headers | show |
Comments
On Thu, 30 Jun 2011, Tao Ma wrote: > From: Tao Ma <boyu.mt@taobao.com> > > In 0f0a25b, we adjust 'len' with s_first_data_block - start, but > it could underflow in case blocksize=1K, fstrim_range.len=512 and > fstrim_range.start = 0. In this case, when we run the code: > len -= first_data_blk - start; len will be underflow to -1ULL. > In the end, although we are safe that last_group check later will limit > the trim to the whole volume, but that isn't what the user really want. > > So this patch fix it. It also adds the check for 'start' like ext3 so that > we can break immediately if the start is invalid. Hi Tao, thanks for the resend! > > Signed-off-by: Tao Ma <boyu.mt@taobao.com> > --- > fs/ext4/mballoc.c | 4 ++++ > 1 files changed, 4 insertions(+), 0 deletions(-) > > diff --git a/fs/ext4/mballoc.c b/fs/ext4/mballoc.c > index 6ed859d..2336424 100644 > --- a/fs/ext4/mballoc.c > +++ b/fs/ext4/mballoc.c > @@ -4904,6 +4904,9 @@ int ext4_trim_fs(struct super_block *sb, struct fstrim_range *range) > > if (unlikely(minlen > EXT4_BLOCKS_PER_GROUP(sb))) > return -EINVAL; > + if (start >= ext4_blocks_count(EXT4_SB(sb)->s_es) || > + start + len <= first_data_blk) > + goto out; We should really return -EINVAL in case that start is beyond the filesystem. However we can not return -EINVAL in case that start+len is before the first data block, because it would require user to know fs internals. So simply doing this, should be enough: if (start + len <= first_data_blk) goto out; and the code later if (first_group > last_group) return -EINVAL; will handle the rest. Thanks! -Lukas > if (start < first_data_blk) { > len -= first_data_blk - start; > start = first_data_blk; > @@ -4952,5 +4955,6 @@ int ext4_trim_fs(struct super_block *sb, struct fstrim_range *range) > } > range->len = trimmed * sb->s_blocksize; > > +out: > return ret; > } >
Hi Lukas, On 07/01/2011 05:45 PM, Lukas Czerner wrote: > On Thu, 30 Jun 2011, Tao Ma wrote: > >> From: Tao Ma <boyu.mt@taobao.com> >> >> In 0f0a25b, we adjust 'len' with s_first_data_block - start, but >> it could underflow in case blocksize=1K, fstrim_range.len=512 and >> fstrim_range.start = 0. In this case, when we run the code: >> len -= first_data_blk - start; len will be underflow to -1ULL. >> In the end, although we are safe that last_group check later will limit >> the trim to the whole volume, but that isn't what the user really want. >> >> So this patch fix it. It also adds the check for 'start' like ext3 so that >> we can break immediately if the start is invalid. > > Hi Tao, > > thanks for the resend! > >> >> Signed-off-by: Tao Ma <boyu.mt@taobao.com> >> --- >> fs/ext4/mballoc.c | 4 ++++ >> 1 files changed, 4 insertions(+), 0 deletions(-) >> >> diff --git a/fs/ext4/mballoc.c b/fs/ext4/mballoc.c >> index 6ed859d..2336424 100644 >> --- a/fs/ext4/mballoc.c >> +++ b/fs/ext4/mballoc.c >> @@ -4904,6 +4904,9 @@ int ext4_trim_fs(struct super_block *sb, struct fstrim_range *range) >> >> if (unlikely(minlen > EXT4_BLOCKS_PER_GROUP(sb))) >> return -EINVAL; >> + if (start >= ext4_blocks_count(EXT4_SB(sb)->s_es) || >> + start + len <= first_data_blk) >> + goto out; > > We should really return -EINVAL in case that start is beyond the > filesystem. However we can not return -EINVAL in case that start+len is > before the first data block, because it would require user to know fs > internals. uh, actually I have checked what ext3 does and in case of start > block_count, ext3 returns 0, not EINVAL and I made it to work like ext3. So we should change it also? Thanks Tao > > So simply doing this, should be enough: > > if (start + len <= first_data_blk) > goto out; > > and the code later > > if (first_group > last_group) > return -EINVAL; > > will handle the rest. > > Thanks! > -Lukas > > >> if (start < first_data_blk) { >> len -= first_data_blk - start; >> start = first_data_blk; >> @@ -4952,5 +4955,6 @@ int ext4_trim_fs(struct super_block *sb, struct fstrim_range *range) >> } >> range->len = trimmed * sb->s_blocksize; >> >> +out: >> return ret; >> } >> > -- To unsubscribe from this list: send the line "unsubscribe linux-ext4" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On Fri, 1 Jul 2011, Tao Ma wrote: > Hi Lukas, > On 07/01/2011 05:45 PM, Lukas Czerner wrote: > > On Thu, 30 Jun 2011, Tao Ma wrote: > > > >> From: Tao Ma <boyu.mt@taobao.com> > >> > >> In 0f0a25b, we adjust 'len' with s_first_data_block - start, but > >> it could underflow in case blocksize=1K, fstrim_range.len=512 and > >> fstrim_range.start = 0. In this case, when we run the code: > >> len -= first_data_blk - start; len will be underflow to -1ULL. > >> In the end, although we are safe that last_group check later will limit > >> the trim to the whole volume, but that isn't what the user really want. > >> > >> So this patch fix it. It also adds the check for 'start' like ext3 so that > >> we can break immediately if the start is invalid. > > > > Hi Tao, > > > > thanks for the resend! > > > >> > >> Signed-off-by: Tao Ma <boyu.mt@taobao.com> > >> --- > >> fs/ext4/mballoc.c | 4 ++++ > >> 1 files changed, 4 insertions(+), 0 deletions(-) > >> > >> diff --git a/fs/ext4/mballoc.c b/fs/ext4/mballoc.c > >> index 6ed859d..2336424 100644 > >> --- a/fs/ext4/mballoc.c > >> +++ b/fs/ext4/mballoc.c > >> @@ -4904,6 +4904,9 @@ int ext4_trim_fs(struct super_block *sb, struct fstrim_range *range) > >> > >> if (unlikely(minlen > EXT4_BLOCKS_PER_GROUP(sb))) > >> return -EINVAL; > >> + if (start >= ext4_blocks_count(EXT4_SB(sb)->s_es) || > >> + start + len <= first_data_blk) > >> + goto out; > > > > We should really return -EINVAL in case that start is beyond the > > filesystem. However we can not return -EINVAL in case that start+len is > > before the first data block, because it would require user to know fs > > internals. > uh, actually I have checked what ext3 does and in case of start > > block_count, ext3 returns 0, not EINVAL and I made it to work like ext3. > So we should change it also? I have already sent a patch a while ago. It should be in Jan's queue. -Lukas > > Thanks > Tao > > > > So simply doing this, should be enough: > > > > if (start + len <= first_data_blk) > > goto out; > > > > and the code later > > > > if (first_group > last_group) > > return -EINVAL; > > > > will handle the rest. > > > > Thanks! > > -Lukas > > > > > >> if (start < first_data_blk) { > >> len -= first_data_blk - start; > >> start = first_data_blk; > >> @@ -4952,5 +4955,6 @@ int ext4_trim_fs(struct super_block *sb, struct fstrim_range *range) > >> } > >> range->len = trimmed * sb->s_blocksize; > >> > >> +out: > >> return ret; > >> } > >> > > > > -- To unsubscribe from this list: send the line "unsubscribe linux-ext4" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Patch
diff --git a/fs/ext4/mballoc.c b/fs/ext4/mballoc.c index 6ed859d..2336424 100644 --- a/fs/ext4/mballoc.c +++ b/fs/ext4/mballoc.c @@ -4904,6 +4904,9 @@ int ext4_trim_fs(struct super_block *sb, struct fstrim_range *range) if (unlikely(minlen > EXT4_BLOCKS_PER_GROUP(sb))) return -EINVAL; + if (start >= ext4_blocks_count(EXT4_SB(sb)->s_es) || + start + len <= first_data_blk) + goto out; if (start < first_data_blk) { len -= first_data_blk - start; start = first_data_blk; @@ -4952,5 +4955,6 @@ int ext4_trim_fs(struct super_block *sb, struct fstrim_range *range) } range->len = trimmed * sb->s_blocksize; +out: return ret; }