| Message ID | 20250506012009.3896990-2-yi.zhang@huaweicloud.com |
|---|---|
| State | Awaiting Upstream |
| Headers | show |
| Series | [v2,1/4] ext4: fix out of bounds punch offset | expand |
On 2025/5/6 9:20, Zhang Yi wrote: > From: Zhang Yi <yi.zhang@huawei.com> > > For the extents based inodes, the maxbytes should be sb->s_maxbytes > instead of sbi->s_bitmap_maxbytes. Additionally, for the calculation of > max_end, the -sb->s_blocksize operation is necessary only for > indirect-block based inodes. Correct the maxbytes and max_end value to > correct the behavior of punch hole. > > Fixes: 2da376228a24 ("ext4: limit length to bitmap_maxbytes - blocksize in punch_hole") > Signed-off-by: Zhang Yi <yi.zhang@huawei.com> Looks good to me. Reviewed-by: Baokun Li <libaokun1@huawei.com> > --- > fs/ext4/inode.c | 12 +++++++++--- > 1 file changed, 9 insertions(+), 3 deletions(-) > > diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c > index 4ec4a80b6879..5691966a19e1 100644 > --- a/fs/ext4/inode.c > +++ b/fs/ext4/inode.c > @@ -4006,7 +4006,7 @@ int ext4_punch_hole(struct file *file, loff_t offset, loff_t length) > struct inode *inode = file_inode(file); > struct super_block *sb = inode->i_sb; > ext4_lblk_t start_lblk, end_lblk; > - loff_t max_end = EXT4_SB(sb)->s_bitmap_maxbytes - sb->s_blocksize; > + loff_t max_end = sb->s_maxbytes; > loff_t end = offset + length; > handle_t *handle; > unsigned int credits; > @@ -4015,14 +4015,20 @@ int ext4_punch_hole(struct file *file, loff_t offset, loff_t length) > trace_ext4_punch_hole(inode, offset, length, 0); > WARN_ON_ONCE(!inode_is_locked(inode)); > > + /* > + * For indirect-block based inodes, make sure that the hole within > + * one block before last range. > + */ > + if (!ext4_test_inode_flag(inode, EXT4_INODE_EXTENTS)) > + max_end = EXT4_SB(sb)->s_bitmap_maxbytes - sb->s_blocksize; > + > /* No need to punch hole beyond i_size */ > if (offset >= inode->i_size || offset >= max_end) > return 0; > > /* > * If the hole extends beyond i_size, set the hole to end after > - * the page that contains i_size, and also make sure that the hole > - * within one block before last range. > + * the page that contains i_size. > */ > if (end > inode->i_size) > end = round_up(inode->i_size, PAGE_SIZE);
On Tue 06-05-25 09:20:07, Zhang Yi wrote: > From: Zhang Yi <yi.zhang@huawei.com> > > For the extents based inodes, the maxbytes should be sb->s_maxbytes > instead of sbi->s_bitmap_maxbytes. Additionally, for the calculation of > max_end, the -sb->s_blocksize operation is necessary only for > indirect-block based inodes. Correct the maxbytes and max_end value to > correct the behavior of punch hole. > > Fixes: 2da376228a24 ("ext4: limit length to bitmap_maxbytes - blocksize in punch_hole") > Signed-off-by: Zhang Yi <yi.zhang@huawei.com> Looks good. Feel free to add: Reviewed-by: Jan Kara <jack@suse.cz> Honza > --- > fs/ext4/inode.c | 12 +++++++++--- > 1 file changed, 9 insertions(+), 3 deletions(-) > > diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c > index 4ec4a80b6879..5691966a19e1 100644 > --- a/fs/ext4/inode.c > +++ b/fs/ext4/inode.c > @@ -4006,7 +4006,7 @@ int ext4_punch_hole(struct file *file, loff_t offset, loff_t length) > struct inode *inode = file_inode(file); > struct super_block *sb = inode->i_sb; > ext4_lblk_t start_lblk, end_lblk; > - loff_t max_end = EXT4_SB(sb)->s_bitmap_maxbytes - sb->s_blocksize; > + loff_t max_end = sb->s_maxbytes; > loff_t end = offset + length; > handle_t *handle; > unsigned int credits; > @@ -4015,14 +4015,20 @@ int ext4_punch_hole(struct file *file, loff_t offset, loff_t length) > trace_ext4_punch_hole(inode, offset, length, 0); > WARN_ON_ONCE(!inode_is_locked(inode)); > > + /* > + * For indirect-block based inodes, make sure that the hole within > + * one block before last range. > + */ > + if (!ext4_test_inode_flag(inode, EXT4_INODE_EXTENTS)) > + max_end = EXT4_SB(sb)->s_bitmap_maxbytes - sb->s_blocksize; > + > /* No need to punch hole beyond i_size */ > if (offset >= inode->i_size || offset >= max_end) > return 0; > > /* > * If the hole extends beyond i_size, set the hole to end after > - * the page that contains i_size, and also make sure that the hole > - * within one block before last range. > + * the page that contains i_size. > */ > if (end > inode->i_size) > end = round_up(inode->i_size, PAGE_SIZE); > -- > 2.46.1 >
diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c index 4ec4a80b6879..5691966a19e1 100644 --- a/fs/ext4/inode.c +++ b/fs/ext4/inode.c @@ -4006,7 +4006,7 @@ int ext4_punch_hole(struct file *file, loff_t offset, loff_t length) struct inode *inode = file_inode(file); struct super_block *sb = inode->i_sb; ext4_lblk_t start_lblk, end_lblk; - loff_t max_end = EXT4_SB(sb)->s_bitmap_maxbytes - sb->s_blocksize; + loff_t max_end = sb->s_maxbytes; loff_t end = offset + length; handle_t *handle; unsigned int credits; @@ -4015,14 +4015,20 @@ int ext4_punch_hole(struct file *file, loff_t offset, loff_t length) trace_ext4_punch_hole(inode, offset, length, 0); WARN_ON_ONCE(!inode_is_locked(inode)); + /* + * For indirect-block based inodes, make sure that the hole within + * one block before last range. + */ + if (!ext4_test_inode_flag(inode, EXT4_INODE_EXTENTS)) + max_end = EXT4_SB(sb)->s_bitmap_maxbytes - sb->s_blocksize; + /* No need to punch hole beyond i_size */ if (offset >= inode->i_size || offset >= max_end) return 0; /* * If the hole extends beyond i_size, set the hole to end after - * the page that contains i_size, and also make sure that the hole - * within one block before last range. + * the page that contains i_size. */ if (end > inode->i_size) end = round_up(inode->i_size, PAGE_SIZE);