linux/fs/ext4 at linux-6.16.y - linux - Gitea: Git with a cup of tea

michael/linux

Files

History

Zhang Yi f1dad89225 ext4: fix hole length calculation overflow in non-extent inodes

commit 02c7f7219a upstream.

In a filesystem with a block size larger than 4KB, the hole length
calculation for a non-extent inode in ext4_ind_map_blocks() can easily
exceed INT_MAX. Then it could return a zero length hole and trigger the
following waring and infinite in the iomap infrastructure.

  ------------[ cut here ]------------
  WARNING: CPU: 3 PID: 434101 at fs/iomap/iter.c:34 iomap_iter_done+0x148/0x190
  CPU: 3 UID: 0 PID: 434101 Comm: fsstress Not tainted 6.16.0-rc7+ #128 PREEMPT(voluntary)
  Hardware name: QEMU KVM Virtual Machine, BIOS unknown 2/2/2022
  pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
  pc : iomap_iter_done+0x148/0x190
  lr : iomap_iter+0x174/0x230
  sp : ffff8000880af740
  x29: ffff8000880af740 x28: ffff0000db8e6840 x27: 0000000000000000
  x26: 0000000000000000 x25: ffff8000880af830 x24: 0000004000000000
  x23: 0000000000000002 x22: 000001bfdbfa8000 x21: ffffa6a41c002e48
  x20: 0000000000000001 x19: ffff8000880af808 x18: 0000000000000000
  x17: 0000000000000000 x16: ffffa6a495ee6cd0 x15: 0000000000000000
  x14: 00000000000003d4 x13: 00000000fa83b2da x12: 0000b236fc95f18c
  x11: ffffa6a4978b9c08 x10: 0000000000001da0 x9 : ffffa6a41c1a2a44
  x8 : ffff8000880af5c8 x7 : 0000000001000000 x6 : 0000000000000000
  x5 : 0000000000000004 x4 : 000001bfdbfa8000 x3 : 0000000000000000
  x2 : 0000000000000000 x1 : 0000004004030000 x0 : 0000000000000000
  Call trace:
   iomap_iter_done+0x148/0x190 (P)
   iomap_iter+0x174/0x230
   iomap_fiemap+0x154/0x1d8
   ext4_fiemap+0x110/0x140 [ext4]
   do_vfs_ioctl+0x4b8/0xbc0
   __arm64_sys_ioctl+0x8c/0x120
   invoke_syscall+0x6c/0x100
   el0_svc_common.constprop.0+0x48/0xf0
   do_el0_svc+0x24/0x38
   el0_svc+0x38/0x120
   el0t_64_sync_handler+0x10c/0x138
   el0t_64_sync+0x198/0x1a0
  ---[ end trace 0000000000000000 ]---

Cc: stable@kernel.org
Fixes: facab4d971 ("ext4: return hole from ext4_map_blocks()")
Reported-by: Qu Wenruo <wqu@suse.com>
Closes: https://lore.kernel.org/linux-ext4/9b650a52-9672-4604-a765-bb6be55d1e4a@gmx.com/
Tested-by: Qu Wenruo <wqu@suse.com>
Signed-off-by: Zhang Yi <yi.zhang@huawei.com>
Link: https://patch.msgid.link/20250811064532.1788289-1-yi.zhang@huaweicloud.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

2025-08-28 16:34:15 +02:00

..

.kunitconfig

ext4: add .kunitconfig fragment to enable ext4-specific tests

2021-02-11 23:16:30 -05:00

acl.c

ext4: convert to ctime accessor functions

2023-07-24 10:29:54 +02:00

acl.h

Revert "ext4: apply umask if ACL support is disabled"

2024-05-02 18:25:39 -04:00

balloc.c

ext4: reorder capability check last

2025-03-18 00:15:25 -04:00

bitmap.c

ext4: remove sbi argument from ext4_chksum()

2025-05-20 10:31:12 -04:00

block_validity.c

ext4: make block validity check resistent to sb bh corruption

2025-04-12 22:01:37 -04:00

crypto.c

ext4: Move CONFIG_UNICODE defguards into the code flow

2024-06-07 17:00:45 +02:00

dir.c

ext4: fix OOB read when checking dotdot dir

2025-03-21 01:33:11 -04:00

ext4_extents.h

ext4: fix sparse warnings

2021-08-30 23:36:50 -04:00

ext4_jbd2.c

ext4: enable large folio for regular file

2025-05-20 10:31:12 -04:00

ext4_jbd2.h

ext4/jbd2: convert jbd2_journal_blocks_per_page() to support large folio

2025-05-20 10:31:12 -04:00

ext4.h

ext4: replace ext4_writepage_trans_blocks()

2025-08-23 16:49:41 +02:00

extents_status.c

ext4: clairfy the rules for modifying extents

2025-05-15 13:14:56 -04:00

extents_status.h

ext4: don't pass full mapping flags to ext4_es_insert_extent()

2024-11-12 23:54:14 -05:00

extents.c

ext4: replace ext4_writepage_trans_blocks()

2025-08-23 16:49:41 +02:00

fast_commit.c

ext4: remove sbi argument from ext4_chksum()

2025-05-20 10:31:12 -04:00

fast_commit.h

ext4 fast_commit: make use of name_snapshot primitives

2025-01-27 19:24:43 -05:00

file.c

ext4: Add multi-fsblock atomic write support with bigalloc

2025-05-20 10:31:12 -04:00

fsmap.c

ext4: fix reserved gdt blocks handling in fsmap

2025-08-28 16:34:15 +02:00

fsmap.h

ext4: fsmap: fix the block/inode bitmap comment

2021-06-24 09:48:29 -04:00

fsync.c

ext4: add ext4_emergency_state() helper function

2025-03-13 10:16:34 -04:00

hash.c

ext4: hash: simplify kzalloc(n * 1, ...) to kzalloc(n, ...)

2025-03-21 01:10:10 -04:00

ialloc.c

ext4: limit the maximum folio order

2025-08-20 18:41:23 +02:00

indirect.c

ext4: fix hole length calculation overflow in non-extent inodes

2025-08-28 16:34:15 +02:00

inline.c

ext4: replace ext4_writepage_trans_blocks()

2025-08-23 16:49:41 +02:00

inode-test.c

ext4: add missing MODULE_DESCRIPTION()

2024-07-05 16:07:24 -04:00

inode.c

ext4: check fast symlink for ea_inode correctly

2025-08-28 16:34:15 +02:00

ioctl.c

ext4: remove sb argument from ext4_superblock_csum()

2025-05-20 10:31:12 -04:00

Kconfig

ext4: switch to using the crc32c library

2024-12-01 17:23:02 -08:00

Makefile

ext4: move ext4 crypto code to its own file crypto.c

2022-05-21 22:24:24 -04:00

mballoc-test.c

ext4: initialize superblock fields in the kballoc-test.c kunit tests

2025-08-20 18:41:37 +02:00

mballoc.c

ext4: fix largest free orders lists corruption on mb_optimize_scan switch

2025-08-20 18:41:37 +02:00

mballoc.h

ext4: fix FS_IOC_GETFSMAP handling

2024-11-12 23:52:47 -05:00

migrate.c

ext4: fix i_data_sem unlock order in ext4_ind_migrate()

2024-09-03 22:14:17 -04:00

mmp.c

ext4: remove sbi argument from ext4_chksum()

2025-05-20 10:31:12 -04:00

move_extent.c

ext4: replace ext4_writepage_trans_blocks()

2025-08-23 16:49:41 +02:00

namei.c

ext4: remove sbi argument from ext4_chksum()

2025-05-20 10:31:12 -04:00

orphan.c

ext4: use kmalloc_array() for array space allocation

2025-08-28 16:34:15 +02:00

page-io.c

ext4: fix inode use after free in ext4_end_io_rsv_work()

2025-08-15 16:39:09 +02:00

readpage.c

ext4: make ext4_mpage_readpages() support large folios

2025-05-20 10:31:11 -04:00

resize.c

ext4: remove sb argument from ext4_superblock_csum()

2025-05-20 10:31:12 -04:00

super.c

ext4: don't try to clear the orphan_present feature block device is r/o

2025-08-28 16:34:15 +02:00

symlink.c

ext4_get_link(): fix breakage in RCU mode

2024-02-25 02:10:32 -05:00

sysfs.c

ext4: Make sb update interval tunable

2025-03-21 01:12:33 -04:00

truncate.h

ext4: Convert to use mapping->invalidate_lock

2021-07-13 14:29:00 +02:00

verity.c

fs: Convert aops->write_begin to take a folio

2024-08-07 11:33:21 +02:00

xattr_hurd.c

fs: port xattr to mnt_idmap

2023-01-19 09:24:28 +01:00

xattr_security.c

fs: port xattr to mnt_idmap

2023-01-19 09:24:28 +01:00

xattr_trusted.c

fs: port xattr to mnt_idmap

2023-01-19 09:24:28 +01:00

xattr_user.c

fs: port xattr to mnt_idmap

2023-01-19 09:24:28 +01:00

xattr.c

ext4: replace ext4_writepage_trans_blocks()

2025-08-23 16:49:41 +02:00

xattr.h

ext4: fix out-of-bound read in ext4_xattr_inode_dec_ref_all()

2025-03-18 00:15:19 -04:00