From patchwork Wed Feb 9 05:57:25 2011 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: [1/4] ext4: fix trim length underflow with small trim length. Date: Tue, 08 Feb 2011 19:57:25 -0000 From: Tao Ma X-Patchwork-Id: 82429 Message-Id: <1297231048-3458-1-git-send-email-tm@tao.ma> To: linux-ext4@vger.kernel.org From: Tao Ma In 0f0a25b, we adjust 'len' with s_first_data_block - start, but it could underflow in case blocksize=1K, fstrim_range.len=512 and fstrim_range.start = 0. In this case, when we run the code: len -= first_data_blk - start; len will be underflow to -1ULL. In the end, although we are safe that last_group check later will limit the trim to the whole volume, but that isn't what the user really want. So this patch fix it. It also adds the check for 'start' like ext3 so that we can break immediately if the start is invalid. Signed-off-by: Tao Ma --- fs/ext4/mballoc.c | 4 ++++ 1 files changed, 4 insertions(+), 0 deletions(-) diff --git a/fs/ext4/mballoc.c b/fs/ext4/mballoc.c index 02cff4a..94e9f23 100644 --- a/fs/ext4/mballoc.c +++ b/fs/ext4/mballoc.c @@ -4839,6 +4839,9 @@ int ext4_trim_fs(struct super_block *sb, struct fstrim_range *range) if (unlikely(minlen > EXT4_BLOCKS_PER_GROUP(sb))) return -EINVAL; + if (start >= ext4_blocks_count(EXT4_SB(sb)->s_es) || + start + len <= first_data_blk) + goto out; if (start < first_data_blk) { len -= first_data_blk - start; start = first_data_blk; @@ -4883,5 +4886,6 @@ int ext4_trim_fs(struct super_block *sb, struct fstrim_range *range) } range->len = trimmed * sb->s_blocksize; +out: return ret; }