| Message ID | 20250506012009.3896990-4-yi.zhang@huaweicloud.com |
|---|---|
| State | Awaiting Upstream |
| Headers | show |
| Series | [v2,1/4] ext4: fix out of bounds punch offset | expand |
On 2025/5/6 9:20, Zhang Yi wrote: > From: Zhang Yi <yi.zhang@huawei.com> > > The inode i_size cannot be larger than maxbytes, check it while loading > inode from the disk. > > Signed-off-by: Zhang Yi <yi.zhang@huawei.com> > Reviewed-by: Jan Kara <jack@suse.cz> Looks good to me. Reviewed-by: Baokun Li <libaokun1@huawei.com> > --- > fs/ext4/inode.c | 3 ++- > 1 file changed, 2 insertions(+), 1 deletion(-) > > diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c > index 5691966a19e1..072b61140d12 100644 > --- a/fs/ext4/inode.c > +++ b/fs/ext4/inode.c > @@ -4922,7 +4922,8 @@ struct inode *__ext4_iget(struct super_block *sb, unsigned long ino, > ei->i_file_acl |= > ((__u64)le16_to_cpu(raw_inode->i_file_acl_high)) << 32; > inode->i_size = ext4_isize(sb, raw_inode); > - if ((size = i_size_read(inode)) < 0) { > + size = i_size_read(inode); > + if (size < 0 || size > ext4_get_maxbytes(inode)) { > ext4_error_inode(inode, function, line, 0, > "iget: bad i_size value: %lld", size); > ret = -EFSCORRUPTED;
diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c index 5691966a19e1..072b61140d12 100644 --- a/fs/ext4/inode.c +++ b/fs/ext4/inode.c @@ -4922,7 +4922,8 @@ struct inode *__ext4_iget(struct super_block *sb, unsigned long ino, ei->i_file_acl |= ((__u64)le16_to_cpu(raw_inode->i_file_acl_high)) << 32; inode->i_size = ext4_isize(sb, raw_inode); - if ((size = i_size_read(inode)) < 0) { + size = i_size_read(inode); + if (size < 0 || size > ext4_get_maxbytes(inode)) { ext4_error_inode(inode, function, line, 0, "iget: bad i_size value: %lld", size); ret = -EFSCORRUPTED;