[RHEL7,COMMIT] fs/fuse kio: fix length overflow in FALLOC_FL_KEEP_SIZE

Submitted by Konstantin Khorenko on June 6, 2019, 12:14 p.m.

Details

Message ID 201906061214.x56CECqF015772@finist-ce7.sw.ru
State New
Series "Series without cover letter"
Headers show

Commit Message

Konstantin Khorenko June 6, 2019, 12:14 p.m.
The commit is pushed to "branch-rh7-3.10.0-957.12.2.vz7.96.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-957.12.2.vz7.96.12
------>
commit f6741b4f66dfcad52654a8d52a13e0045760e9fc
Author: Pavel Butsykin <pbutsykin@virtuozzo.com>
Date:   Thu Jun 6 15:14:12 2019 +0300

    fs/fuse kio: fix length overflow in FALLOC_FL_KEEP_SIZE
    
    Fixes: a4c0a32b5b78 ("fs/fuse kio: cosmetic changes in pcs_fuse_prep_rw()")
    https://pmc.acronis.com/browse/VSTOR-23781
    
    Signed-off-by: Pavel Butsykin <pbutsykin@virtuozzo.com>
    Acked-by: Alexey Kuznetsov <kuznet@virtuozzo.com>
---
 fs/fuse/kio/pcs/pcs_fuse_kdirect.c | 2 ++
 1 file changed, 2 insertions(+)

Patch hide | download patch | download mbox

diff --git a/fs/fuse/kio/pcs/pcs_fuse_kdirect.c b/fs/fuse/kio/pcs/pcs_fuse_kdirect.c
index 60c47aaf592e..bdaca666f6e9 100644
--- a/fs/fuse/kio/pcs/pcs_fuse_kdirect.c
+++ b/fs/fuse/kio/pcs/pcs_fuse_kdirect.c
@@ -1049,6 +1049,8 @@  static void pcs_fuse_submit(struct pcs_fuse_cluster *pfc, struct fuse_req *req,
 		}
 
 		if (inarg->mode & FALLOC_FL_KEEP_SIZE) {
+			if (inarg->offset > di->fileinfo.attr.size)
+				break; /* NOPE */
 			if (inarg->offset + inarg->length > di->fileinfo.attr.size)
 				inarg->length = di->fileinfo.attr.size - inarg->offset;
 		}

Comments

Pavel Butsykin June 7, 2019, 8:01 a.m.
On 06.06.2019 15:14, Konstantin Khorenko wrote:
> The commit is pushed to "branch-rh7-3.10.0-957.12.2.vz7.96.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
> after rh7-3.10.0-957.12.2.vz7.96.12
> ------>
> commit f6741b4f66dfcad52654a8d52a13e0045760e9fc
> Author: Pavel Butsykin <pbutsykin@virtuozzo.com>
> Date:   Thu Jun 6 15:14:12 2019 +0300
> 
>      fs/fuse kio: fix length overflow in FALLOC_FL_KEEP_SIZE
>      
>      Fixes: a4c0a32b5b78 ("fs/fuse kio: cosmetic changes in pcs_fuse_prep_rw()")

This applies only to the first patch, but not to the second. This bug was always
and has nothing to do with: a4c0a32b5b78 ("fs/fuse kio: cosmetic changes in 
pcs_fuse_prep_rw()")


>      https://pmc.acronis.com/browse/VSTOR-23781
>      
>      Signed-off-by: Pavel Butsykin <pbutsykin@virtuozzo.com>
>      Acked-by: Alexey Kuznetsov <kuznet@virtuozzo.com>
> ---
>   fs/fuse/kio/pcs/pcs_fuse_kdirect.c | 2 ++
>   1 file changed, 2 insertions(+)
> 
> diff --git a/fs/fuse/kio/pcs/pcs_fuse_kdirect.c b/fs/fuse/kio/pcs/pcs_fuse_kdirect.c
> index 60c47aaf592e..bdaca666f6e9 100644
> --- a/fs/fuse/kio/pcs/pcs_fuse_kdirect.c
> +++ b/fs/fuse/kio/pcs/pcs_fuse_kdirect.c
> @@ -1049,6 +1049,8 @@ static void pcs_fuse_submit(struct pcs_fuse_cluster *pfc, struct fuse_req *req,
>   		}
>   
>   		if (inarg->mode & FALLOC_FL_KEEP_SIZE) {
> +			if (inarg->offset > di->fileinfo.attr.size)
> +				break; /* NOPE */
>   			if (inarg->offset + inarg->length > di->fileinfo.attr.size)
>   				inarg->length = di->fileinfo.attr.size - inarg->offset;
>   		}
>