Commit 9a0ec045 authored by Reed Riley's avatar Reed Riley Committed by Kent Overstreet
Browse files

bcachefs: fix overflow in fiemap 



filefrag (and potentially other utilities that call fiemap) sometimes
pass ULONG_MAX as the length.  fiemap_prep clamps excessively large
lengths - but the calculation of end can overflow if it occurs before
calling fiemap_prep.  When this happens, filefrag assumes it has read to
the end and exits.

Signed-off-by: default avatarReed Riley <reed@riley.engineer>
Signed-off-by: default avatarKent Overstreet <kent.overstreet@linux.dev>
parent db42549d

fs/bcachefs/fs.c

+1 −1
Original line number Diff line number Diff line
@@ -964,7 +964,6 @@ static int bch2_fiemap(struct inode *vinode, struct fiemap_extent_info *info, 
	struct btree_iter iter;

	struct bkey_s_c k;

	struct bkey_buf cur, prev;

	struct bpos end = POS(ei->v.i_ino, (start + len) >> 9);

	unsigned offset_into_extent, sectors;

	bool have_extent = false;

	u32 snapshot;
@@ -974,6 +973,7 @@ static int bch2_fiemap(struct inode *vinode, struct fiemap_extent_info *info, 
	if (ret)

		return ret;



	struct bpos end = POS(ei->v.i_ino, (start + len) >> 9);

	if (start + len < start)

		return -EINVAL;