Tadeusz Struk 2da376228a ext4: limit length to bitmap_maxbytes - blocksize in punch_hole ... Syzbot found an issue [1] in ext4_fallocate(). The C reproducer [2] calls fallocate(), passing size 0xffeffeff000ul, and offset 0x1000000ul, which, when added together exceed the bitmap_maxbytes for the inode. This triggers a BUG in ext4_ind_remove_space(). According to the comments in this function the 'end' parameter needs to be one block after the last block to be removed. In the case when the BUG is triggered it points to the last block. Modify the ext4_punch_hole() function and add constraint that caps the length to satisfy the one before laster block requirement. LINK: [1] https://syzkaller.appspot.com/bug?id=b80bd9cf348aac724a4f4dff251800106d721331 LINK: [2] https://syzkaller.appspot.com/text?tag=ReproC&x=14ba0238700000 Fixes: a4bb6b64e3 ("ext4: enable "punch hole" functionality") Reported-by: syzbot+7a806094edd5d07ba029@syzkaller.appspotmail.com Signed-off-by: Tadeusz Struk <tadeusz.struk@linaro.org> Link: https://lore.kernel.org/r/20220331200515.153214-1-tadeusz.struk@linaro.org Signed-off-by: Theodore Ts'o <tytso@mit.edu> Cc: stable@kernel.org		2022-04-12 22:24:35 -04:00
..
9p	Revert "fs/9p: search open fids first"	2022-01-30 22:13:37 +09:00
adfs	fs/adfs: remove unneeded variable make code cleaner	2022-01-20 08:52:55 +02:00
affs
afs	proc: remove PDE_DATA() completely	2022-01-22 08:33:37 +02:00
autofs
befs
bfs
btrfs	for-5.17-rc4-tag	2022-02-15 09:14:05 -08:00
cachefiles	netfs, cachefiles: Add a method to query presence of data in the cache	2022-02-01 10:29:18 -06:00
ceph	ceph: set pool_ns in new inode layout for async creates	2022-01-26 20:17:50 +01:00
cifs	cifs: fix confusing unneeded warning message on smb2.1 and earlier	2022-02-16 17:16:49 -06:00
coda
configfs	fsnotify: fix fsnotify hooks in pseudo filesystems	2022-01-24 14:17:02 +01:00
cramfs
crypto
debugfs	debugfs: lockdown: Allow reading debugfs files that are not world readable	2022-01-06 15:47:41 +01:00
devpts	fsnotify: fix fsnotify hooks in pseudo filesystems	2022-01-24 14:17:02 +01:00
dlm	driver core changes for 5.17-rc1	2022-01-12 11:11:34 -08:00
ecryptfs
efivarfs
efs
erofs	erofs: fix small compressed files inlining	2022-02-04 12:37:12 +08:00
exfat	exfat: fix missing REQ_SYNC in exfat_update_bhs()	2022-01-10 11:00:04 +09:00
exportfs
ext2
ext4	ext4: limit length to bitmap_maxbytes - blocksize in punch_hole	2022-04-12 22:24:35 -04:00
f2fs	Fix from Christoph Hellwig merging the CONFIG_UNICODE_UTF8_DATA into the	2022-02-01 11:13:24 -08:00
fat	FAT: use io_schedule_timeout() instead of congestion_wait()	2022-01-20 08:52:54 +02:00
freevxfs
fscache	fscache: Fix the volume collision wait condition	2022-01-21 21:36:28 +00:00
fuse	virtio,vdpa,qemu_fw_cfg: features, cleanups, fixes	2022-01-18 10:05:48 +02:00
gfs2	gfs2 fixes:	2022-02-11 11:36:32 -08:00
hfs
hfsplus	hfsplus: use struct_group_attr() for memcpy() region	2022-01-20 08:52:54 +02:00
hostfs
hpfs
hugetlbfs	hugetlbfs: fix off-by-one error in hugetlb_vmdelete_list()	2022-01-15 16:30:30 +02:00
iomap	xfs, iomap: limit individual ioend chain lengths in writeback	2022-01-26 09:19:20 -08:00
isofs
jbd2	jbd2: remove CONFIG_JBD2_DEBUG to update t_max_wait	2022-02-25 21:28:58 -05:00
jffs2	Merge branch 'signal-for-v5.17' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace	2022-01-17 05:49:30 +02:00
jfs
kernfs
ksmbd	ksmbd: add support for key exchange	2022-02-04 00:12:22 -06:00
lockd	Notable bug fixes:	2022-02-02 10:14:31 -08:00
minix
netfs	netfs: Make ops->init_rreq() optional	2022-01-21 21:36:28 +00:00
nfs	NFS: Do not report writeback errors in nfs_getattr()	2022-02-16 15:15:22 -05:00
nfs_common
nfsd	Notable bug fixes:	2022-02-09 09:56:57 -08:00
nilfs2	Merge branch 'akpm' (patches from Andrew)	2022-01-20 10:41:01 +02:00
nls
notify	fanotify: Fix stale file descriptor in copy_event_to_user()	2022-02-01 12:52:07 +01:00
ntfs	fs/ntfs/attrib.c: fix one kernel-doc comment	2022-01-15 16:30:24 +02:00
ntfs3	mm: remove cleancache	2022-01-22 08:33:38 +02:00
ocfs2	ocfs2: fix a deadlock when commit trans	2022-01-30 09:56:58 +02:00
omfs
openpromfs
orangefs	orangefs: Fix the size of a memory allocation in orangefs_bufmap_alloc()	2021-12-31 14:37:43 -05:00
overlayfs	overlayfs fixes for 5.17-rc3	2022-02-01 11:23:02 -08:00
proc	fs/proc: task_mmu.c: don't read mapcount for migration entry	2022-02-11 17:55:00 -08:00
pstore	pstore update for v5.17-rc1	2022-01-10 11:48:37 -08:00
qnx4
qnx6
quota	quota: make dquot_quota_sync return errors from ->sync_fs	2022-01-30 08:59:47 -08:00
ramfs
reiserfs
romfs
smbfs_common	smb3: add new defines from protocol specification	2022-01-18 16:50:47 -06:00
squashfs	squashfs: provide backing_dev_info in order to disable read-ahead	2022-01-15 16:30:24 +02:00
sysfs
sysv
tracefs	Tracing updates for 5.17:	2022-01-16 10:15:32 +02:00
ubifs
udf	udf: Restore i_lenAlloc when inode expansion fails	2022-01-24 14:45:02 +01:00
ufs
unicode	Fix from Christoph Hellwig merging the CONFIG_UNICODE_UTF8_DATA into the	2022-02-01 11:13:24 -08:00
vboxsf
verity
xfs	Fixes for 5.17-rc3:	2022-02-05 09:21:55 -08:00
zonefs
aio.c	aio: move aio sysctl to aio.c	2022-01-22 08:33:34 +02:00
anon_inodes.c
attr.c
bad_inode.c
binfmt_aout.c
binfmt_elf.c	fs/binfmt_elf: fix PT_LOAD p_align values for loaders	2022-02-11 17:55:00 -08:00
binfmt_elf_fdpic.c
binfmt_flat.c
binfmt_misc.c	Fix regression due to "fs: move binfmt_misc sysctl to its own file"	2022-02-09 09:50:02 -08:00
binfmt_script.c
buffer.c
char_dev.c
compat_binfmt_elf.c
coredump.c	fs/coredump: move coredump sysctls into its own file	2022-01-22 08:33:36 +02:00
d_path.c
dax.c
dcache.c	fs: move dcache sysctls to its own file	2022-01-22 08:33:36 +02:00
direct-io.c
drop_caches.c
eventfd.c
eventpoll.c	eventpoll: simplify sysctl declaration with register_sysctl()	2022-01-22 08:33:35 +02:00
exec.c	fs/coredump: move coredump sysctls into its own file	2022-01-22 08:33:36 +02:00
fcntl.c
fhandle.c
file.c
file_table.c	fs/file_table: fix adding missing kmemleak_not_leak()	2022-02-17 10:23:19 -08:00
filesystems.c
fs-writeback.c	fscache rewrite	2022-01-12 13:45:12 -08:00
fs_context.c	vfs: fs_context: fix up param length parsing in legacy_parse_param	2022-01-18 09:23:19 +02:00
fs_parser.c
fs_pin.c
fs_struct.c
fs_types.c
fsopen.c
init.c
inode.c	fs: move inode sysctls to its own file	2022-01-22 08:33:35 +02:00
internal.h
io-wq.c	io_uring-5.17-2022-01-21	2022-01-21 16:07:21 +02:00
io-wq.h	Merge branch 'signal-for-v5.17' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace	2022-01-17 05:49:30 +02:00
io_uring.c	mm: io_uring: allow oom-killer from io_uring_setup	2022-02-07 08:44:01 -07:00
ioctl.c	fs/ioctl: remove unnecessary __user annotation	2022-01-15 16:30:25 +02:00
Kconfig	ksmbd: add support for key exchange	2022-02-04 00:12:22 -06:00
Kconfig.binfmt
kernel_read_file.c
libfs.c	unicode: clean up the Kconfig symbol confusion	2022-01-20 19:57:24 -05:00
locks.c	fs: move locking sysctls where they are used	2022-01-22 08:33:36 +02:00
Makefile	Fix from Christoph Hellwig merging the CONFIG_UNICODE_UTF8_DATA into the	2022-02-01 11:13:24 -08:00
mbcache.c
mount.h
mpage.c	mm: remove cleancache	2022-01-22 08:33:38 +02:00
namei.c	\n	2022-01-28 17:51:31 +02:00
namespace.c	fs: add kernel doc for mnt_{hold,unhold}_writers()	2022-02-14 08:35:32 +01:00
no-block.c
nsfs.c
open.c
pipe.c	fs: move pipe sysctls to is own file	2022-01-22 08:33:36 +02:00
pnode.c
pnode.h
posix_acl.c
proc_namespace.c
read_write.c
readdir.c
remap_range.c	fs: Convert vfs_dedupe_file_range_compare to folios	2022-01-08 00:28:41 -05:00
select.c	select: Fix indefinitely sleeping task in poll_schedule_timeout()	2022-01-11 09:03:05 -08:00
seq_file.c
signalfd.c	Merge branch 'signal-for-v5.17' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace	2022-01-17 05:49:30 +02:00
splice.c
stack.c
stat.c
statfs.c
super.c	vfs: make freeze_super abort when sync_filesystem returns error	2022-01-30 08:59:47 -08:00
sync.c	vfs: make sync_filesystem return errors from ->sync_fs	2022-01-30 08:59:47 -08:00
sysctls.c	fs: move namespace sysctls and declare fs base directory	2022-01-22 08:33:36 +02:00
timerfd.c
userfaultfd.c	mm: move anon_vma declarations to linux/mm_inline.h	2022-01-15 16:30:27 +02:00
utimes.c
xattr.c