bcachefs: fix overflow in fiemap

filefrag (and potentially other utilities that call fiemap) sometimes pass ULONG_MAX as the length. fiemap_prep clamps excessively large lengths - but the calculation of end can overflow if it occurs before calling fiemap_prep. When this happens, filefrag assumes it has read to the end and exits. Signed-off-by: Reed Riley <reed@riley.engineer> Signed-off-by: Kent Overstreet <kent.overstreet@linux.dev>
author: Reed Riley <reed@riley.engineer> 2024-05-04 22:12:23 +0000
committer: Kent Overstreet <kent.overstreet@linux.dev> 2024-05-06 10:58:17 -0400
commit: 9a0ec045110dbaad4b8d609142b534f913354101 (patch)
tree: d0731fffb8d616c2764a0a394114dc1944ecff49
parent: db42549d402cb44fe67c95d08f1a9ea902d32e7e (diff)
download: linux-9a0ec045110dbaad4b8d609142b534f913354101.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/fs/bcachefs/fs.c b/fs/bcachefs/fs.c
index fce690007edfce..6f114803c6f239 100644
--- a/fs/bcachefs/fs.c
+++ b/fs/bcachefs/fs.c
@@ -964,7 +964,6 @@ static int bch2_fiemap(struct inode *vinode, struct fiemap_extent_info *info,
 	struct btree_iter iter;
 	struct bkey_s_c k;
 	struct bkey_buf cur, prev;
-	struct bpos end = POS(ei->v.i_ino, (start + len) >> 9);
 	unsigned offset_into_extent, sectors;
 	bool have_extent = false;
 	u32 snapshot;
@@ -974,6 +973,7 @@ static int bch2_fiemap(struct inode *vinode, struct fiemap_extent_info *info,
 	if (ret)
 		return ret;
 
+	struct bpos end = POS(ei->v.i_ino, (start + len) >> 9);
 	if (start + len < start)
 		return -EINVAL;
author	Reed Riley <reed@riley.engineer>	2024-05-04 22:12:23 +0000
committer	Kent Overstreet <kent.overstreet@linux.dev>	2024-05-06 10:58:17 -0400
commit	9a0ec045110dbaad4b8d609142b534f913354101 (patch)
tree	d0731fffb8d616c2764a0a394114dc1944ecff49
parent	db42549d402cb44fe67c95d08f1a9ea902d32e7e (diff)
download	linux-9a0ec045110dbaad4b8d609142b534f913354101.tar.gz