From nobody Wed Feb 11 11:53:50 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 036B4C61DA4 for ; Wed, 15 Mar 2023 11:21:34 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232144AbjCOLVc (ORCPT ); Wed, 15 Mar 2023 07:21:32 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35828 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231907AbjCOLUl (ORCPT ); Wed, 15 Mar 2023 07:20:41 -0400 Received: from mail-lj1-x22e.google.com (mail-lj1-x22e.google.com [IPv6:2a00:1450:4864:20::22e]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E796ED539 for ; Wed, 15 Mar 2023 04:20:17 -0700 (PDT) Received: by mail-lj1-x22e.google.com with SMTP id t14so19043636ljd.5 for ; Wed, 15 Mar 2023 04:20:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1678879216; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=FdbCGpzcwXFV3fnMO5Bmrr81xmSMDuWW3p9DWdnxYHE=; b=invwL+l/ceKSm9QLOoajkPlSvh2xoygCdaCZEWSJLhxgT7Ofd6fkQFA0o4iK5htY6P lWcb9GEU+o6XLCGmoF3BtJQZmZStIKeUoXuiWNC/x36Rh+O65g8FXI7qVMCQr8SU1e07 FCB9DMD+RwuGKcbxCjiIucK+dIreZYY2ChyjbuBEDbUuQa17mkx3Nv1G6HGGunAIX7WH BHuMTIXpVJL0jxepJer2y24lo0GxwsvcmZhJy5xyk4rYbt3r5mIsxx0FfMFWniEG5m3r 6X1stS2d2St8qqLcBIno+YfMqWZTxz7a1RQJYYiXSAqGj8JT3+0gLMYdq3QRVrqMCnnV 8RCA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1678879216; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=FdbCGpzcwXFV3fnMO5Bmrr81xmSMDuWW3p9DWdnxYHE=; b=cxmMd0jGn4EWECvPIufUk/nydfJVWpogtBKhmKbg56anao5AesgXUi57VlcbmJoH/w Jfw6ZOXKJiiRTUFED11uCgXzYKASrIgQvEFX9iQbfYRSZdVMoZZfYj/ipOZQHAZlAyZg ttyZq9ZcWn1Op89ZPHQ3iSl6lUR11PofmdJYUaGgXk5iX6wZXWrgNXVoCAC2hQfqm2dg 02+/A2V346cel6pnsEgGko+9IZlwQYuiOD9D08aNC9rfDndERihduxUYuo6X3c5nehRU uZJbrHX9n8YSgSC7SuVWlheMdyYISrtg1mUd3Z/JxjxU6Zfapm6/AKs8cboJpCPMmwo+ HTsA== X-Gm-Message-State: AO0yUKV0UVKuhDBUuGtKtC9kYOYG/Wf3jEt9aZ/Mruid2mYnQF+gpbB5 RCIT1+08xBxxRfOkiLTBbRD+3VPZVD9MwdkpeHM= X-Google-Smtp-Source: AK7set8gFNmM6XjQjWseytCpp8qBAUM8i1QLIEmEGYqkUZ9g5GZ/bfhdFrO5nitEJjJx/XMyj38qFg== X-Received: by 2002:a2e:a58b:0:b0:295:9f20:bcdf with SMTP id m11-20020a2ea58b000000b002959f20bcdfmr1022793ljp.9.1678879216366; Wed, 15 Mar 2023 04:20:16 -0700 (PDT) Received: from ta1.c.googlers.com.com (61.215.228.35.bc.googleusercontent.com. [35.228.215.61]) by smtp.gmail.com with ESMTPSA id k2-20020a2e92c2000000b00295da33c42dsm817410ljh.15.2023.03.15.04.20.15 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 15 Mar 2023 04:20:15 -0700 (PDT) From: Tudor Ambarus To: tytso@mit.edu, adilger.kernel@dilger.ca, jack@suse.cz, djwong@kernel.org Cc: linux-ext4@vger.kernel.org, linux-kernel@vger.kernel.org, leejones@google.com, Tudor Ambarus Subject: [PATCH v2 1/5] ext4: ioctl: Add missing linux/string.h header Date: Wed, 15 Mar 2023 11:20:07 +0000 Message-Id: <20230315112011.927091-2-tudor.ambarus@linaro.org> X-Mailer: git-send-email 2.40.0.rc1.284.g88254d51c5-goog In-Reply-To: <20230315112011.927091-1-tudor.ambarus@linaro.org> References: <20230315112011.927091-1-tudor.ambarus@linaro.org> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" ext4/ioctl.c uses strnlen(), strncpy(), memchr_inv() that are defined in linux/string.h, but those were being included by sheer luck, indirectly, via which includes . Add missing header. Signed-off-by: Tudor Ambarus --- v2: new patch fs/ext4/ioctl.c | 1 + 1 file changed, 1 insertion(+) diff --git a/fs/ext4/ioctl.c b/fs/ext4/ioctl.c index cc17205f7f49..2b412f1cbc10 100644 --- a/fs/ext4/ioctl.c +++ b/fs/ext4/ioctl.c @@ -20,6 +20,7 @@ #include #include #include +#include #include #include "ext4_jbd2.h" #include "ext4.h" --=20 2.40.0.rc1.284.g88254d51c5-goog From nobody Wed Feb 11 11:53:50 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id A5332C61DA4 for ; Wed, 15 Mar 2023 11:21:23 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230455AbjCOLVV (ORCPT ); Wed, 15 Mar 2023 07:21:21 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:34798 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231862AbjCOLUj (ORCPT ); Wed, 15 Mar 2023 07:20:39 -0400 Received: from mail-lj1-x233.google.com (mail-lj1-x233.google.com [IPv6:2a00:1450:4864:20::233]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 13A4C1E1E2 for ; Wed, 15 Mar 2023 04:20:18 -0700 (PDT) Received: by mail-lj1-x233.google.com with SMTP id a32so19045887ljq.1 for ; Wed, 15 Mar 2023 04:20:18 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1678879217; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=IUIBQeZLD1/U/OTUld+6Gx5O9QYoGGbr9KxfQ5s0UqY=; b=AItDdog7vDad4NG6hg0wN8/WcKP89JIGr1xI+3j+EwGdAurYhg8Ub8UL5PsSJCsAyC PtZIDR/4hWCq4sWavs2eMChzAUrgSFQNBKChOYytijclhgcuVJctvVkn+AkS0Fe/R5Lr MY2ERby+IbCllKs+XFajCoG3znoZVNLpkLN9x2hRWLawQfuDrEoBTrcct+CoPJaKoE9I U1gLZqN7Oqsa/4c/FUVDANoZBs/EUzJ1HAwbAzqutvUBLT/pe/Zduy2GiljK1rzM7IV3 S7nUieDROgBF+XAyOI1bcxm5pUab2eK73lRolJqrhAyUe61hIohCi+4Xpy18AgEw3qqS gmQg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1678879217; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=IUIBQeZLD1/U/OTUld+6Gx5O9QYoGGbr9KxfQ5s0UqY=; b=6IjUW/kMX7vNcZRvi0XO0gZBAjlNAbTJ8z5O085P4Ddcp6OwJnJooe1w7QPRmUiW5/ IxjDSfS46aDbMT8XXwoBruJXxIe2OkNQ1ix2KyjZrRzJl5FTaAV8/oklHHOzluabs6eM DuOiDMe1F1ye+2oRkLAs4zkRBS9mdz3RlU6msJ3egtZRqIoaP11InAV8EOHFsMVgCxvF kRDyW1BUNiOhqTk+ZBAKznXJCkO4/xZRSPYmqUi+aiWOxI0QhGwbMJ6wDQEBlSCytuKY Cmk45F1X5+sWBHY0SAWDmyYzYSzNHnoto3xCPVEwgYQEIDBrqxh1lsHHb1d1Ne/+IgEs 8icw== X-Gm-Message-State: AO0yUKWTJ8qXpvCouZ+vA0kfI85hZXZg7Tt05bL01VFYD8UA/0T5XheZ +kvb/I9Y2mpVbUq+pCHNRDbWvw== X-Google-Smtp-Source: AK7set/yBNSJIoaShXOc1c2uObsDThrYX2WB5Cd0hELWCCOdsKTmpHWENUh9MuGZuqSad5bOW/xHXg== X-Received: by 2002:a2e:be9a:0:b0:292:8283:2c03 with SMTP id a26-20020a2ebe9a000000b0029282832c03mr989045ljr.51.1678879217212; Wed, 15 Mar 2023 04:20:17 -0700 (PDT) Received: from ta1.c.googlers.com.com (61.215.228.35.bc.googleusercontent.com. [35.228.215.61]) by smtp.gmail.com with ESMTPSA id k2-20020a2e92c2000000b00295da33c42dsm817410ljh.15.2023.03.15.04.20.16 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 15 Mar 2023 04:20:16 -0700 (PDT) From: Tudor Ambarus To: tytso@mit.edu, adilger.kernel@dilger.ca, jack@suse.cz, djwong@kernel.org Cc: linux-ext4@vger.kernel.org, linux-kernel@vger.kernel.org, leejones@google.com, Tudor Ambarus Subject: [PATCH v2 2/5] ext4: fsmap: Check fmh_iflags value directly on the user copied data Date: Wed, 15 Mar 2023 11:20:08 +0000 Message-Id: <20230315112011.927091-3-tudor.ambarus@linaro.org> X-Mailer: git-send-email 2.40.0.rc1.284.g88254d51c5-goog In-Reply-To: <20230315112011.927091-1-tudor.ambarus@linaro.org> References: <20230315112011.927091-1-tudor.ambarus@linaro.org> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" struct ext4_fsmap_head is the ext4 internal fsmap representation of struct fsmap_head. As the code was, the fmh_iflags validation was done on the fmh_iflags value of the internal fsmap representation. Since xhead.fmh_iflags is initialized with head.fmh_iflags and not changed afterwards, do the validation of fmh_iflags directly on fsmap_head data, it spares some superfluous initializations in case the user provides a wrong value for fmh_iflags. Signed-off-by: Tudor Ambarus --- v2: new patch fs/ext4/fsmap.c | 2 -- fs/ext4/ioctl.c | 2 ++ 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/fs/ext4/fsmap.c b/fs/ext4/fsmap.c index cdf9bfe10137..7765293bfa5d 100644 --- a/fs/ext4/fsmap.c +++ b/fs/ext4/fsmap.c @@ -635,8 +635,6 @@ int ext4_getfsmap(struct super_block *sb, struct ext4_f= smap_head *head, int i; int error =3D 0; =20 - if (head->fmh_iflags & ~FMH_IF_VALID) - return -EINVAL; if (!ext4_getfsmap_is_valid_device(sb, &head->fmh_keys[0]) || !ext4_getfsmap_is_valid_device(sb, &head->fmh_keys[1])) return -EINVAL; diff --git a/fs/ext4/ioctl.c b/fs/ext4/ioctl.c index 2b412f1cbc10..77b0198a0f48 100644 --- a/fs/ext4/ioctl.c +++ b/fs/ext4/ioctl.c @@ -873,6 +873,8 @@ static int ext4_ioc_getfsmap(struct super_block *sb, =20 if (copy_from_user(&head, arg, sizeof(struct fsmap_head))) return -EFAULT; + if (head.fmh_iflags & ~FMH_IF_VALID) + return -EINVAL; if (memchr_inv(head.fmh_reserved, 0, sizeof(head.fmh_reserved)) || memchr_inv(head.fmh_keys[0].fmr_reserved, 0, sizeof(head.fmh_keys[0].fmr_reserved)) || --=20 2.40.0.rc1.284.g88254d51c5-goog From nobody Wed Feb 11 11:53:50 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7CC13C61DA4 for ; Wed, 15 Mar 2023 11:21:41 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232148AbjCOLVk (ORCPT ); Wed, 15 Mar 2023 07:21:40 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:34962 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231792AbjCOLUm (ORCPT ); Wed, 15 Mar 2023 07:20:42 -0400 Received: from mail-lj1-x235.google.com (mail-lj1-x235.google.com [IPv6:2a00:1450:4864:20::235]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 6FCB820A2D for ; Wed, 15 Mar 2023 04:20:19 -0700 (PDT) Received: by mail-lj1-x235.google.com with SMTP id t14so19043713ljd.5 for ; Wed, 15 Mar 2023 04:20:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1678879218; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=FRjHvXYdzY6RBtzYq78wcB3v20K0fYO5Lj3dEieV5ms=; b=Zk5/OvPNEUGHZNzXPFS7SNxNeHRC+swL26wjcpKA4SeZortr3LkXkcgftDcBVXtvLB u/hJeXix0zwZnjbiWZYWYBkghvHBL5YzRrhiAlV59V1YZHbZp2qelFoLlFY5kgAZWgdH 8JM7LgDcCSBaBLKg/Hw68F4QSJ69DUQRmIJT0AZ2onoRInB44ocRTZ8LbL4DGiHK7Edt t/MKTghgcARYiGzIhxh3KwCikfk4rSya0h2Rmd8HPtECXN/BggQoIZJR2mkvoaDGP8a9 /opvsR1ejLoPN4GwKdJyrprV9SYvXIrALvfcmnQ2Rh0tpkmxUXQWMgJq7qJ7f77T01kB tMYA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1678879218; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=FRjHvXYdzY6RBtzYq78wcB3v20K0fYO5Lj3dEieV5ms=; b=HJZu2TCjG52KIp5smlC1/rJExAgXO+giIQFlGnNpNH9WboE9dxSA1HohKQDzqeNvOp OFR9Vdp6nJzkKGQ3nFrLe4FLeSyKwzVg2d/X1JSaRmOF2w9Jzqhs9XY5vj5Hsj2I5mCl HbtrcwLh/H5yy3he9gq5UEyNR5HFjPe4nqz+NdLxei6YcVJbrjxuv52cOzqb5vwe+kl9 +nsq8+OJ8Zf8P76azqteZiozpzL9ga8hxnmnAibrJomrl/jv4D+KFgBQSukdxn+xoB3S W2/SVPYJkzcFvg+hPh2ITpEhP+VgTpOY0B50Rf7+En0wATqXp1YvaKESw45B17DEhPaV VkYQ== X-Gm-Message-State: AO0yUKVyAwMHaMEK2ls0LyujTHZvbXeCpXXQnbL+ugEBSpZM/4Ox5GYr D5dfEzMUYd9iI/GuVYpOqH7mAA== X-Google-Smtp-Source: AK7set9zGO7zsvAJEftiW/xAdoX2qB+imoDPktguVuYNRtCIguMHy+bE8WursDqHZzA2KC1V5mPgvg== X-Received: by 2002:a05:651c:b07:b0:295:941c:7b2 with SMTP id b7-20020a05651c0b0700b00295941c07b2mr1001129ljr.12.1678879218115; Wed, 15 Mar 2023 04:20:18 -0700 (PDT) Received: from ta1.c.googlers.com.com (61.215.228.35.bc.googleusercontent.com. [35.228.215.61]) by smtp.gmail.com with ESMTPSA id k2-20020a2e92c2000000b00295da33c42dsm817410ljh.15.2023.03.15.04.20.17 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 15 Mar 2023 04:20:17 -0700 (PDT) From: Tudor Ambarus To: tytso@mit.edu, adilger.kernel@dilger.ca, jack@suse.cz, djwong@kernel.org Cc: linux-ext4@vger.kernel.org, linux-kernel@vger.kernel.org, leejones@google.com, Tudor Ambarus Subject: [PATCH v2 3/5] ext4: fsmap: Consolidate fsmap_head checks Date: Wed, 15 Mar 2023 11:20:09 +0000 Message-Id: <20230315112011.927091-4-tudor.ambarus@linaro.org> X-Mailer: git-send-email 2.40.0.rc1.284.g88254d51c5-goog In-Reply-To: <20230315112011.927091-1-tudor.ambarus@linaro.org> References: <20230315112011.927091-1-tudor.ambarus@linaro.org> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" The sanity checks on the user provided data were scattered in three representations of the fsmap keys: 1/ the keys from struct fsmap_head in ext4_ioc_getfsmap() -> contain the data copied from the user. 2/ the keys from struct ext4_fsmap_head -> contain the ext4 internal representation of the keys. These are the same keys as in 1/ but with the fmr_physical and fmr_length shifted to right by sb->s_blocksize_bits, see ext4_fsmap_to_internal(). The sanity checks on these keys were done in ext4_getfsmap(), see where ext4_getfsmap_is_valid_device() and ext4_getfsmap_check_keys() are called. 3/ dkeys in ext4_getfsmap() -> local keys used to query the device. These are 2/ but with the low key bumped by fmr_length. The low key is bumped because userspace is allowed to use the last mapping from the previous call as the low key to the next. In consequence, the low key is incremented to ensure we return the next mapping. The low key from dkey was checked together with the high key fron 2/ by calling ext4_getfsmap_check_keys(). Having the sanity checks on user provided data scattered along these three representations of the keys is not only difficult to follow but also inefficient in case one of the checks returns an error because we waste CPU cycles by copying data and preparing other local structures that won't be used in case of errors. Since 2/ and 3/ are just adapted copies of 1/, do all the checks directly on 1/. Gather all the checks done on the user data in a single method and call it immediately after copying the data from user. One may notice that I introduced a local u64 l_fmr_phys in ext4_getfsmap_check_keys() where I bumped the low key by fmr_length in order to preserve the validation check that was done on the low key from 3/. With this we should have better clarity about the sanity checks and also better efficiency in case the user provides bad data. No change in functionality. Patch tested with the ext4 fsmap xfstests 027, 028, 029. All passed. Signed-off-by: Tudor Ambarus --- v2: - split patch for easier review - rewrite commit message fs/ext4/fsmap.c | 48 ++++++++++++++++++++++++++++++++++++------------ fs/ext4/fsmap.h | 2 ++ fs/ext4/ioctl.c | 19 +++---------------- 3 files changed, 41 insertions(+), 28 deletions(-) diff --git a/fs/ext4/fsmap.c b/fs/ext4/fsmap.c index 7765293bfa5d..463e8165b1e9 100644 --- a/fs/ext4/fsmap.c +++ b/fs/ext4/fsmap.c @@ -9,6 +9,7 @@ #include "fsmap.h" #include "mballoc.h" #include +#include #include #include =20 @@ -571,7 +572,7 @@ static int ext4_getfsmap_datadev(struct super_block *sb, =20 /* Do we recognize the device? */ static bool ext4_getfsmap_is_valid_device(struct super_block *sb, - struct ext4_fsmap *fm) + struct fsmap *fm) { if (fm->fmr_device =3D=3D 0 || fm->fmr_device =3D=3D UINT_MAX || fm->fmr_device =3D=3D new_encode_dev(sb->s_bdev->bd_dev)) @@ -583,17 +584,19 @@ static bool ext4_getfsmap_is_valid_device(struct supe= r_block *sb, } =20 /* Ensure that the low key is less than the high key. */ -static bool ext4_getfsmap_check_keys(struct ext4_fsmap *low_key, - struct ext4_fsmap *high_key) +static bool ext4_getfsmap_check_keys(struct fsmap *low_key, + struct fsmap *high_key) { + u64 l_fmr_phys =3D low_key->fmr_physical + low_key->fmr_length; + if (low_key->fmr_device > high_key->fmr_device) return false; if (low_key->fmr_device < high_key->fmr_device) return true; =20 - if (low_key->fmr_physical > high_key->fmr_physical) + if (l_fmr_phys > high_key->fmr_physical) return false; - if (low_key->fmr_physical < high_key->fmr_physical) + if (l_fmr_phys < high_key->fmr_physical) return true; =20 if (low_key->fmr_owner > high_key->fmr_owner) @@ -604,6 +607,34 @@ static bool ext4_getfsmap_check_keys(struct ext4_fsmap= *low_key, return false; } =20 +int ext4_fsmap_check_head(struct super_block *sb, struct fsmap_head *head) +{ + const struct fsmap *l =3D &head->fmh_keys[0]; + const struct fsmap *h =3D &head->fmh_keys[1]; + + if (head->fmh_iflags & ~FMH_IF_VALID) + return -EINVAL; + if (memchr_inv(head->fmh_reserved, 0, sizeof(head->fmh_reserved)) || + memchr_inv(l->fmr_reserved, 0, sizeof(l->fmr_reserved)) || + memchr_inv(h->fmr_reserved, 0, sizeof(h->fmr_reserved))) + return -EINVAL; + /* + * ext4 doesn't report file extents at all, so the only valid + * file offsets are the magic ones (all zeroes or all ones). + */ + if (l->fmr_offset || (h->fmr_offset !=3D 0 && h->fmr_offset !=3D -1ULL)) + return -EINVAL; + + if (!ext4_getfsmap_is_valid_device(sb, l) || + !ext4_getfsmap_is_valid_device(sb, h)) + return -EINVAL; + + if (!ext4_getfsmap_check_keys(l, h)) + return -EINVAL; + + return 0; +} + #define EXT4_GETFSMAP_DEVS 2 /* * Get filesystem's extents as described in head, and format for @@ -635,10 +666,6 @@ int ext4_getfsmap(struct super_block *sb, struct ext4_= fsmap_head *head, int i; int error =3D 0; =20 - if (!ext4_getfsmap_is_valid_device(sb, &head->fmh_keys[0]) || - !ext4_getfsmap_is_valid_device(sb, &head->fmh_keys[1])) - return -EINVAL; - head->fmh_entries =3D 0; =20 /* Set up our device handlers. */ @@ -671,9 +698,6 @@ int ext4_getfsmap(struct super_block *sb, struct ext4_f= smap_head *head, dkeys[0].fmr_length =3D 0; memset(&dkeys[1], 0xFF, sizeof(struct ext4_fsmap)); =20 - if (!ext4_getfsmap_check_keys(dkeys, &head->fmh_keys[1])) - return -EINVAL; - info.gfi_next_fsblk =3D head->fmh_keys[0].fmr_physical + head->fmh_keys[0].fmr_length; info.gfi_formatter =3D formatter; diff --git a/fs/ext4/fsmap.h b/fs/ext4/fsmap.h index ac642be2302e..e7c510afd672 100644 --- a/fs/ext4/fsmap.h +++ b/fs/ext4/fsmap.h @@ -8,6 +8,7 @@ #define __EXT4_FSMAP_H__ =20 struct fsmap; +struct fsmap_head; =20 /* internal fsmap representation */ struct ext4_fsmap { @@ -32,6 +33,7 @@ void ext4_fsmap_from_internal(struct super_block *sb, str= uct fsmap *dest, struct ext4_fsmap *src); void ext4_fsmap_to_internal(struct super_block *sb, struct ext4_fsmap *des= t, struct fsmap *src); +int ext4_fsmap_check_head(struct super_block *sb, struct fsmap_head *head); =20 /* fsmap to userspace formatter - copy to user & advance pointer */ typedef int (*ext4_fsmap_format_t)(struct ext4_fsmap *, void *); diff --git a/fs/ext4/ioctl.c b/fs/ext4/ioctl.c index 77b0198a0f48..a1a11832f011 100644 --- a/fs/ext4/ioctl.c +++ b/fs/ext4/ioctl.c @@ -873,22 +873,9 @@ static int ext4_ioc_getfsmap(struct super_block *sb, =20 if (copy_from_user(&head, arg, sizeof(struct fsmap_head))) return -EFAULT; - if (head.fmh_iflags & ~FMH_IF_VALID) - return -EINVAL; - if (memchr_inv(head.fmh_reserved, 0, sizeof(head.fmh_reserved)) || - memchr_inv(head.fmh_keys[0].fmr_reserved, 0, - sizeof(head.fmh_keys[0].fmr_reserved)) || - memchr_inv(head.fmh_keys[1].fmr_reserved, 0, - sizeof(head.fmh_keys[1].fmr_reserved))) - return -EINVAL; - /* - * ext4 doesn't report file extents at all, so the only valid - * file offsets are the magic ones (all zeroes or all ones). - */ - if (head.fmh_keys[0].fmr_offset || - (head.fmh_keys[1].fmr_offset !=3D 0 && - head.fmh_keys[1].fmr_offset !=3D -1ULL)) - return -EINVAL; + error =3D ext4_fsmap_check_head(sb, &head); + if (error) + return error; =20 xhead.fmh_iflags =3D head.fmh_iflags; xhead.fmh_count =3D head.fmh_count; --=20 2.40.0.rc1.284.g88254d51c5-goog From nobody Wed Feb 11 11:53:50 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id AD034C61DA4 for ; Wed, 15 Mar 2023 11:21:31 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232095AbjCOLV3 (ORCPT ); Wed, 15 Mar 2023 07:21:29 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35858 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231902AbjCOLUl (ORCPT ); Wed, 15 Mar 2023 07:20:41 -0400 Received: from mail-lj1-x22f.google.com (mail-lj1-x22f.google.com [IPv6:2a00:1450:4864:20::22f]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A7DED25E29 for ; Wed, 15 Mar 2023 04:20:20 -0700 (PDT) Received: by mail-lj1-x22f.google.com with SMTP id t14so19043743ljd.5 for ; Wed, 15 Mar 2023 04:20:20 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1678879218; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=qcQzXxRlB4R8bjUx2JPwloCJknWzyZI/8Ri1y7i2H+0=; b=SUZ73EPhQzBmnB9wlCxQPgnzUTUs98qCj9QX1OTzyNmQB3KpC1WGqlH/YZKJLWaLiU 9WQCPY7lrAKNmhFm/7qhhWUGl+8oH1lucjZAjDQ7jMrb5h7QiGoi2Ja6/aXs/fTa/udo sTBwcnlxvAT0cj+EWa4lxtYsnlzQNpZ0ZW7CpFySnpgtls6hTiMfa2TRP3rxosD0nCAx mjxd+kSK5IGKGjfbF7wRFHYTW95XDjaUr3MtBKMlVrcNcl75LPoo5Mmyo35/2NVVU5JV /Mz3k+GOJPyysu2JMBKHukfAIjX9KWcKlDOHyHKnTZu1eU2+9lh+KKDfDpuelM+xkpFc iDRw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1678879218; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=qcQzXxRlB4R8bjUx2JPwloCJknWzyZI/8Ri1y7i2H+0=; b=4OVFBEcv5pqVsGc2yrNeUhy+in5jNeAq+ItnMA7hucdfXLMSvmrz+Qo/jrHwiYybRp HuppNghTOSQt6zDlj60bNGfxxS/FJiLF/5ctTitfeBrxNhdMhSOrv/rOQHjjahUd1zJ0 0tjZTOpfpiuYD4d9t4LzTsAZ0Z+HqK6Xy+Uq500gwbNMPdHAAswTlyXglTIyMBUeNfzX HvfLchQ22sXGKnseq6l7lGu6G7QIRXrVNHJBwgcSgDrSZCcuzCiiItSfjjY6IdEq4aHX TnA9wNMNbY6l+w/gAIesmvqMul8cKJe+0L8RvFiLmJMa3ID01WcbSjp/wnYMu42LrGxG g8fA== X-Gm-Message-State: AO0yUKUZ1AdKc1cZ29vQxWp0JaZTAznl40sEuA4T0M8YSs6/ouwTSWOo 1HdcZdp9Gv9WmcNLf5LD1HpfrQ== X-Google-Smtp-Source: AK7set+dSPQUBEC2PZNxPjdDMKR1xAxJO7NIAsPa4q7mhxsTIDizU4SC6Lvmt+PVU4YiiEgYm/J5wA== X-Received: by 2002:a05:651c:504:b0:295:ac00:2f2d with SMTP id o4-20020a05651c050400b00295ac002f2dmr974108ljp.10.1678879218731; Wed, 15 Mar 2023 04:20:18 -0700 (PDT) Received: from ta1.c.googlers.com.com (61.215.228.35.bc.googleusercontent.com. [35.228.215.61]) by smtp.gmail.com with ESMTPSA id k2-20020a2e92c2000000b00295da33c42dsm817410ljh.15.2023.03.15.04.20.18 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 15 Mar 2023 04:20:18 -0700 (PDT) From: Tudor Ambarus To: tytso@mit.edu, adilger.kernel@dilger.ca, jack@suse.cz, djwong@kernel.org Cc: linux-ext4@vger.kernel.org, linux-kernel@vger.kernel.org, leejones@google.com, Tudor Ambarus Subject: [PATCH v2 4/5] ext4: fsmap: Do the validation checks on constified fsmap data Date: Wed, 15 Mar 2023 11:20:10 +0000 Message-Id: <20230315112011.927091-5-tudor.ambarus@linaro.org> X-Mailer: git-send-email 2.40.0.rc1.284.g88254d51c5-goog In-Reply-To: <20230315112011.927091-1-tudor.ambarus@linaro.org> References: <20230315112011.927091-1-tudor.ambarus@linaro.org> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" Now that we do the sanity checks directly on the data copied from user, we can also constify the fsmap data while the checks are in progress. Do the validation checks on constified data, it imposes that the fsmap data is not updated during validation and assures readers that nothing strange happens during the validation sequence of calls. Signed-off-by: Tudor Ambarus --- v2: new patch fs/ext4/fsmap.c | 8 ++++---- fs/ext4/fsmap.h | 3 ++- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/fs/ext4/fsmap.c b/fs/ext4/fsmap.c index 463e8165b1e9..655379c96fcf 100644 --- a/fs/ext4/fsmap.c +++ b/fs/ext4/fsmap.c @@ -572,7 +572,7 @@ static int ext4_getfsmap_datadev(struct super_block *sb, =20 /* Do we recognize the device? */ static bool ext4_getfsmap_is_valid_device(struct super_block *sb, - struct fsmap *fm) + const struct fsmap *fm) { if (fm->fmr_device =3D=3D 0 || fm->fmr_device =3D=3D UINT_MAX || fm->fmr_device =3D=3D new_encode_dev(sb->s_bdev->bd_dev)) @@ -584,8 +584,8 @@ static bool ext4_getfsmap_is_valid_device(struct super_= block *sb, } =20 /* Ensure that the low key is less than the high key. */ -static bool ext4_getfsmap_check_keys(struct fsmap *low_key, - struct fsmap *high_key) +static bool ext4_getfsmap_check_keys(const struct fsmap *low_key, + const struct fsmap *high_key) { u64 l_fmr_phys =3D low_key->fmr_physical + low_key->fmr_length; =20 @@ -607,7 +607,7 @@ static bool ext4_getfsmap_check_keys(struct fsmap *low_= key, return false; } =20 -int ext4_fsmap_check_head(struct super_block *sb, struct fsmap_head *head) +int ext4_fsmap_check_head(struct super_block *sb, const struct fsmap_head = *head) { const struct fsmap *l =3D &head->fmh_keys[0]; const struct fsmap *h =3D &head->fmh_keys[1]; diff --git a/fs/ext4/fsmap.h b/fs/ext4/fsmap.h index e7c510afd672..8325258def7b 100644 --- a/fs/ext4/fsmap.h +++ b/fs/ext4/fsmap.h @@ -33,7 +33,8 @@ void ext4_fsmap_from_internal(struct super_block *sb, str= uct fsmap *dest, struct ext4_fsmap *src); void ext4_fsmap_to_internal(struct super_block *sb, struct ext4_fsmap *des= t, struct fsmap *src); -int ext4_fsmap_check_head(struct super_block *sb, struct fsmap_head *head); +int ext4_fsmap_check_head(struct super_block *sb, + const struct fsmap_head *head); =20 /* fsmap to userspace formatter - copy to user & advance pointer */ typedef int (*ext4_fsmap_format_t)(struct ext4_fsmap *, void *); --=20 2.40.0.rc1.284.g88254d51c5-goog From nobody Wed Feb 11 11:53:50 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9D2EEC6FD1D for ; Wed, 15 Mar 2023 11:21:37 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231717AbjCOLVf (ORCPT ); Wed, 15 Mar 2023 07:21:35 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35856 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231938AbjCOLUl (ORCPT ); Wed, 15 Mar 2023 07:20:41 -0400 Received: from mail-lj1-x22b.google.com (mail-lj1-x22b.google.com [IPv6:2a00:1450:4864:20::22b]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A791E24125 for ; Wed, 15 Mar 2023 04:20:19 -0700 (PDT) Received: by mail-lj1-x22b.google.com with SMTP id a32so19035570ljr.9 for ; Wed, 15 Mar 2023 04:20:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1678879219; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=BD1TrUFsitp4Y2rIDkz8d+k4TLKMnp8ZdEcKQDmrU+A=; b=lRxITs9OiKl1Ysyh+/cM4h+R29EIH/VYT53jOTSvhWdSSbHqQrKxsmgdKVjD0eD0KH VrelXQehTqmK+63LekoeNIeonFqFwlorEgEoX+pfFs5aQOKVgQRFmeMlU6oyGyIX24Zj GN+H+tEyk7BNC7TbGKHX6cvYKS6hBnWOQkDQxHt/03OCsB/yT0nRkA92YN2h1SDSklmf WSBzJYOIrl3HAJY9aQ/taUVqK8MH2fgDm4Yz3IknVnL+QBJhJ4c2VRZk9aBh4lpJB66L 8/nD6gJoTbaQhr9lPmnVD5gOWPSHiiCAanke4AqyE8/M81+qupJOgXczbLKSvTmFbtcw h6pw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1678879219; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=BD1TrUFsitp4Y2rIDkz8d+k4TLKMnp8ZdEcKQDmrU+A=; b=cIyK7I7Lrmuon9j3DIR5RkEBCKqKPQBkY6HVk+KMxfHcGkca1gTZPsDGYcjC0Maqo7 Kd2ogoVxo0O17HuZb4MpqJPQM+hZOATZ+5PXOClRzVG2Okof5wQcCpmxfRzvjcVhGYkf /3p8+qw+zt6sdoju74bUrlF9IF5pDJ40qFvwZj7M674YH1HCCsJh2L0keFniojK9psfc ARiZTWNCRABZPNZnTt41v9/tNYtHRMsntCWdLdwoMPzbIWyrwhcbBujzLf+9F75/7+ue vWgXsRdUDRPSc+/RP0En8XUTlIbUoUOGYglVdyYypg6U1Gnj91ht26W0GHsbACJ9KEtJ SCyw== X-Gm-Message-State: AO0yUKWrVxNfOwCWk1EkWEmlYWXbsLsruoP/9ES60cYZMcKwstUqFkGC geiYZqJ9ry8hrHGVSy4gQJg++klOXKPoGfHhuHI= X-Google-Smtp-Source: AK7set/dxpOdZZEzCrboesb2MjWDhhCWhkYufq+wCWXPN7sdwtZgkVykEfKSk498WuC7ZTbgmmx8QQ== X-Received: by 2002:a05:651c:19a5:b0:294:7360:7966 with SMTP id bx37-20020a05651c19a500b0029473607966mr1035521ljb.30.1678879219323; Wed, 15 Mar 2023 04:20:19 -0700 (PDT) Received: from ta1.c.googlers.com.com (61.215.228.35.bc.googleusercontent.com. [35.228.215.61]) by smtp.gmail.com with ESMTPSA id k2-20020a2e92c2000000b00295da33c42dsm817410ljh.15.2023.03.15.04.20.18 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 15 Mar 2023 04:20:18 -0700 (PDT) From: Tudor Ambarus To: tytso@mit.edu, adilger.kernel@dilger.ca, jack@suse.cz, djwong@kernel.org Cc: linux-ext4@vger.kernel.org, linux-kernel@vger.kernel.org, leejones@google.com, Tudor Ambarus Subject: [PATCH v2 5/5] ext4: fsmap: Remove duplicated initialization Date: Wed, 15 Mar 2023 11:20:11 +0000 Message-Id: <20230315112011.927091-6-tudor.ambarus@linaro.org> X-Mailer: git-send-email 2.40.0.rc1.284.g88254d51c5-goog In-Reply-To: <20230315112011.927091-1-tudor.ambarus@linaro.org> References: <20230315112011.927091-1-tudor.ambarus@linaro.org> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" All members of struct ext4_fsmap_head were already initialized with zero in the caller, ext4_ioc_getfsmap(), remove duplicated initialization. Signed-off-by: Tudor Ambarus --- v2: no changes fs/ext4/fsmap.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/fs/ext4/fsmap.c b/fs/ext4/fsmap.c index 655379c96fcf..d19d85be3404 100644 --- a/fs/ext4/fsmap.c +++ b/fs/ext4/fsmap.c @@ -666,8 +666,6 @@ int ext4_getfsmap(struct super_block *sb, struct ext4_f= smap_head *head, int i; int error =3D 0; =20 - head->fmh_entries =3D 0; - /* Set up our device handlers. */ memset(handlers, 0, sizeof(handlers)); handlers[0].gfd_dev =3D new_encode_dev(sb->s_bdev->bd_dev); --=20 2.40.0.rc1.284.g88254d51c5-goog