diff mbox

[3.13.y.z,extended,stable] Patch "ext4: FIBMAP ioctl causes BUG_ON due to handle EXT_MAX_BLOCKS" has been added to staging queue

Message ID 1402425989-25628-1-git-send-email-kamal@canonical.com
State New
Headers show

Commit Message

Kamal Mostafa June 10, 2014, 6:46 p.m. UTC 
This is a note to let you know that I have just added a patch titled

    ext4: FIBMAP ioctl causes BUG_ON due to handle EXT_MAX_BLOCKS

to the linux-3.13.y-queue branch of the 3.13.y.z extended stable tree 
which can be found at:

 http://kernel.ubuntu.com/git?p=ubuntu/linux.git;a=shortlog;h=refs/heads/linux-3.13.y-queue

This patch is scheduled to be released in version 3.13.11.3.

If you, or anyone else, feels it should not be added to this tree, please 
reply to this email.

For more information about the 3.13.y.z tree, see
https://wiki.ubuntu.com/Kernel/Dev/ExtendedStable

Thanks.
-Kamal

------

From bb3dcbf71721ff455b770f476e58e06014872d3d Mon Sep 17 00:00:00 2001
From: Kazuya Mio <k-mio@sx.jp.nec.com>
Date: Mon, 7 Apr 2014 10:53:28 -0400
Subject: ext4: FIBMAP ioctl causes BUG_ON due to handle EXT_MAX_BLOCKS

commit 4adb6ab3e0fa71363a5ef229544b2d17de6600d7 upstream.

When we try to get 2^32-1 block of the file which has the extent
(ee_block=2^32-2, ee_len=1) with FIBMAP ioctl, it causes BUG_ON
in ext4_ext_put_gap_in_cache().

To avoid the problem, ext4_map_blocks() needs to check the file logical block
number. ext4_ext_put_gap_in_cache() called via ext4_map_blocks() cannot
handle 2^32-1 because the maximum file logical block number is 2^32-2.

Note that ext4_ind_map_blocks() returns -EIO when the block number is invalid.
So ext4_map_blocks() should also return the same errno.

Signed-off-by: Kazuya Mio <k-mio@sx.jp.nec.com>
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
---
 fs/ext4/inode.c | 4 ++++
 1 file changed, 4 insertions(+)

--
1.9.1
diff mbox

Patch

diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c
index 18e1871..8ccbe9a 100644
--- a/fs/ext4/inode.c
+++ b/fs/ext4/inode.c
@@ -521,6 +521,10 @@  int ext4_map_blocks(handle_t *handle, struct inode *inode,
 	if (unlikely(map->m_len > INT_MAX))
 		map->m_len = INT_MAX;

+	/* We can handle the block number less than EXT_MAX_BLOCKS */
+	if (unlikely(map->m_lblk >= EXT_MAX_BLOCKS))
+		return -EIO;
+
 	/* Lookup extent status tree firstly */
 	if (ext4_es_lookup_extent(inode, map->m_lblk, &es)) {
 		ext4_es_lru_add(inode);