f2fs: add a max block check for get_data_block_bmap

This patch adds a max block check for get_data_block_bmap. Trinity test program will send a block number as parameter into ioctl_fibmap, which will be used in get_node_path(), when the block number large than f2fs max blocks, it will trigger kernel bug. Signed-off-by: Yunlei He <heyunlei@huawei.com> Signed-off-by: Xue Liu <liuxueliu.liu@huawei.com> [Jaegeuk Kim: fix missing condition, pointed by Chao Yu] Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
2024-11-06 23:17:41 +00:00 · 2015-12-28 21:48:32 +08:00 · 2015-12-28 21:48:32 +08:00 · e40bd22303
commit e40bd22303
parent e465ea8aa2
3 changed files with 6 additions and 1 deletions
--- a/fs/f2fs/data.c
+++ b/fs/f2fs/data.c
@ -762,6 +762,10 @@ static int get_data_block_dio(struct inode *inode, sector_t iblock,
 static int get_data_block_bmap(struct inode *inode, sector_t iblock,
 			struct buffer_head *bh_result, int create)
 {
+	/* Block number less than F2FS MAX BLOCKS */
+	if (unlikely(iblock >= max_file_size(0)))
+		return -EFBIG;
+
 	return __get_data_block(inode, iblock, bh_result, create,
 						F2FS_GET_BLOCK_BMAP);
 }
--- a/fs/f2fs/f2fs.h
+++ b/fs/f2fs/f2fs.h
@ -1740,6 +1740,7 @@ static inline int f2fs_add_link(struct dentry *dentry, struct inode *inode)
 * super.c
 */
 int f2fs_commit_super(struct f2fs_sb_info *, bool);
+loff_t max_file_size(unsigned bits);
 int f2fs_sync_fs(struct super_block *, int);
 extern __printf(3, 4)
 void f2fs_msg(struct super_block *, const char *, const char *, ...);
--- a/fs/f2fs/super.c
+++ b/fs/f2fs/super.c
@ -900,7 +900,7 @@ static const struct export_operations f2fs_export_ops = {
 	.get_parent = f2fs_get_parent,
 };

-static loff_t max_file_size(unsigned bits)
+loff_t max_file_size(unsigned bits)
 {
 	loff_t result = (DEF_ADDRS_PER_INODE - F2FS_INLINE_XATTR_ADDRS);
 	loff_t leaf_count = ADDRS_PER_BLOCK;