From nobody Wed Feb 11 11:51:16 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id E164DC77B75 for ; Mon, 8 May 2023 15:42:53 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234532AbjEHPmw (ORCPT ); Mon, 8 May 2023 11:42:52 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52274 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234092AbjEHPmk (ORCPT ); Mon, 8 May 2023 11:42:40 -0400 Received: from mail-lf1-x12a.google.com (mail-lf1-x12a.google.com [IPv6:2a00:1450:4864:20::12a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4CE198A50 for ; Mon, 8 May 2023 08:42:38 -0700 (PDT) Received: by mail-lf1-x12a.google.com with SMTP id 2adb3069b0e04-4f139de8cefso28536558e87.0 for ; Mon, 08 May 2023 08:42:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1683560556; x=1686152556; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=rvH2mgmfNa1pox3nAUFcfk/E0s6xFf24zLPU7zpEAl4=; b=yVO1gn84v4If9WbSGTbrE0WAh8Y3QA2Pn1vmt8p7a+m9QCSVC/rYjwy2olmSS5tFWY RZSALy3XG+nEIUNnyoHY9H5O8Wh2xMV9oq5nXGLAA+GMRNs7gNzn5BrNDL42NtqfHv5O w8oxhNf5TOyPjUVar1x+h8g2hWaJgrG2mLgUo7/da2kNvbZSmxduiKXU/qa+EnW1oBNY hw6Ld6xI5UYE4E+l5SiuaD1ShjqDiJNRKAKL7FRTwKSVf5HAelko6qzxIwxgh0kNHGXl HQzgG5Ope7n9Z0Bal3es8WB90kjrwH0PgP4L8t3W6qjKJABj6Eq1rxnFFWmQxSAGDYrT 0FdQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1683560556; x=1686152556; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=rvH2mgmfNa1pox3nAUFcfk/E0s6xFf24zLPU7zpEAl4=; b=DdvDYdxApJfNfUdROfWFJY9xPXFdT4g4lA3bhIBhEgLEyaBgyzn54XBvJb7RmciRoo KeykFpym8svAadUafzz7F98hJ+Anm1/u678jTPcdIPqOoY+eCzbcF5CnsS6zHEqxeKfy puruUpYiNAMFcEWvAYZmwKCOETJHPXTcvvKDAlOKXS9AetsTh3EoP/fxLa3KewZBv3Xi +EwqJ2orXBVUrDvIjWeUMePPkSLe9TYp4N8EBJ4Uz4092xT5BlvMbLQRSxQg+/s8Tboe sUy3kDrGKOEdQvSCtZpXV5wGlvAy5BJrinZtZwQZr98aFsewNflit7mM5wo0hWh6MAyn Yo9w== X-Gm-Message-State: AC+VfDxN2pIvLxziIgQDO+oiJAgZsUFJH6XnO8deF0pdNuQqGMK3YlXV Nih8jHKmkAwZt+sTv8wQHZOxxw== X-Google-Smtp-Source: ACHHUZ6OtgtKNp6dHBAWQTcAg5cvYFVzzFhQ/VRY0x4wCgSmv8Cl0dj9UL5It5ZnUPYZu+kgn9Uq+Q== X-Received: by 2002:a2e:b63a:0:b0:2ac:75fa:eef0 with SMTP id s26-20020a2eb63a000000b002ac75faeef0mr2926926ljn.7.1683560556718; Mon, 08 May 2023 08:42:36 -0700 (PDT) Received: from ta1.c.googlers.com.com (61.215.228.35.bc.googleusercontent.com. [35.228.215.61]) by smtp.gmail.com with ESMTPSA id a21-20020a2e9815000000b002ad9b741959sm17720ljj.76.2023.05.08.08.42.35 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 08 May 2023 08:42:36 -0700 (PDT) From: Tudor Ambarus To: tytso@mit.edu Cc: adilger.kernel@dilger.ca, linux-ext4@vger.kernel.org, linux-kernel@vger.kernel.org, joneslee@google.com, Tudor Ambarus Subject: [RESEND PATCH v2 1/5] ext4: ioctl: Add missing linux/string.h header Date: Mon, 8 May 2023 15:42:26 +0000 Message-ID: <20230508154230.159654-2-tudor.ambarus@linaro.org> X-Mailer: git-send-email 2.40.1.521.gf1e218fcd8-goog In-Reply-To: <20230508154230.159654-1-tudor.ambarus@linaro.org> References: <20230508154230.159654-1-tudor.ambarus@linaro.org> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" ext4/ioctl.c uses strnlen(), strncpy(), memchr_inv() that are defined in linux/string.h, but those were being included by sheer luck, indirectly, via which includes . Add missing header. Signed-off-by: Tudor Ambarus --- fs/ext4/ioctl.c | 1 + 1 file changed, 1 insertion(+) diff --git a/fs/ext4/ioctl.c b/fs/ext4/ioctl.c index f9a430152063..6d5210b94ac2 100644 --- a/fs/ext4/ioctl.c +++ b/fs/ext4/ioctl.c @@ -20,6 +20,7 @@ #include #include #include +#include #include #include "ext4_jbd2.h" #include "ext4.h" --=20 2.40.1.521.gf1e218fcd8-goog From nobody Wed Feb 11 11:51:16 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 2AA9BC7EE24 for ; Mon, 8 May 2023 15:42:56 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234573AbjEHPmy (ORCPT ); Mon, 8 May 2023 11:42:54 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52278 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234437AbjEHPmk (ORCPT ); Mon, 8 May 2023 11:42:40 -0400 Received: from mail-lf1-x131.google.com (mail-lf1-x131.google.com [IPv6:2a00:1450:4864:20::131]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4A7418A47 for ; Mon, 8 May 2023 08:42:39 -0700 (PDT) Received: by mail-lf1-x131.google.com with SMTP id 2adb3069b0e04-4f24ceae142so1788775e87.3 for ; Mon, 08 May 2023 08:42:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1683560557; x=1686152557; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=FU6EHWNA/ZJjytuM5E9VAI+4DmX405CfGxj58LK4Eyo=; b=EAldLblQYvS+wVyknUHJoDFxAGwtiAf0rwgsoVXZytTk1LG0uIztmgbjlbGVWime5l ypalVaHtZ7PFNh6PDYY75A6zdQOnDrapGt6o7L4Hz2XZw9tkCctQe1+4N25aF6UrkgGQ Ohx7z0uZyJEmWBc1SQyYIY2abLBL1ov42NkeADA2OciImVZ1NUZw7LmWdFTESjuyjQqS FBdTpPhqgDueUqfQXWjxaIze6+4zOlvRsDt4xvdDPZeZ5cLQ/GKG/yLbygwOslZpkXoO cEy3wnkZxB7WxdTsgbrW4zOKm9gSSONVrGaf2xN4scBfQ5CRoIZKkQ8Q7lDPA/24T4KT 1gSw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1683560557; x=1686152557; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=FU6EHWNA/ZJjytuM5E9VAI+4DmX405CfGxj58LK4Eyo=; b=ZEfL90gPNEz6iNzwCDA27KNsfXMsybIl0WXwSqsr1vqd0W2///yej8V4DNPm2yBjfw JQeP91skQAtXLt730/UWy3nSuq8QM5Pb/cTWtG90QoIVbwRI7zNAnktxKihXh0tJfDT3 Ej4YNX4jszO27BBT+eoKTc7YEe6j6wilDYnCxD+oZEFdT7hczGzXTzt1YPEWolkZAJGP obsTlMd38JRYFzO6gqe6nfk2Qfzbo6iKsN+DH+MEgz4N5w4agyLqvc4Fy4wt05vevXnm Q904NtonUVBj6hWelsDxuKFeg5udnBjU8SCeGnjenRXh3NULZAAM5ZuS27G4UYglfxI5 oh1A== X-Gm-Message-State: AC+VfDw6SqLcHE4LX+ImzyI9+oMtPW6MpaKFvec2pK/8SymUmN6wiQa8 KorMXMOZhvUm9NKxJfbheG2H9w== X-Google-Smtp-Source: ACHHUZ4T7CTNraB+2LfhWsXpwhtPcNZgJHd9kL8CeDGEh5+f+CM7xQc4U3YoRg0WNDZ1pT4H20tdog== X-Received: by 2002:a2e:84c8:0:b0:2aa:4550:916c with SMTP id q8-20020a2e84c8000000b002aa4550916cmr2781982ljh.53.1683560557480; Mon, 08 May 2023 08:42:37 -0700 (PDT) Received: from ta1.c.googlers.com.com (61.215.228.35.bc.googleusercontent.com. [35.228.215.61]) by smtp.gmail.com with ESMTPSA id a21-20020a2e9815000000b002ad9b741959sm17720ljj.76.2023.05.08.08.42.36 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 08 May 2023 08:42:36 -0700 (PDT) From: Tudor Ambarus To: tytso@mit.edu Cc: adilger.kernel@dilger.ca, linux-ext4@vger.kernel.org, linux-kernel@vger.kernel.org, joneslee@google.com, Tudor Ambarus Subject: [RESEND PATCH v2 2/5] ext4: fsmap: Check fmh_iflags value directly on the user copied data Date: Mon, 8 May 2023 15:42:27 +0000 Message-ID: <20230508154230.159654-3-tudor.ambarus@linaro.org> X-Mailer: git-send-email 2.40.1.521.gf1e218fcd8-goog In-Reply-To: <20230508154230.159654-1-tudor.ambarus@linaro.org> References: <20230508154230.159654-1-tudor.ambarus@linaro.org> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" struct ext4_fsmap_head is the ext4 internal fsmap representation of struct fsmap_head. As the code was, the fmh_iflags validation was done on the fmh_iflags value of the internal fsmap representation. Since xhead.fmh_iflags is initialized with head.fmh_iflags and not changed afterwards, do the validation of fmh_iflags directly on fsmap_head data, it spares some superfluous initializations in case the user provides a wrong value for fmh_iflags. Signed-off-by: Tudor Ambarus --- fs/ext4/fsmap.c | 2 -- fs/ext4/ioctl.c | 2 ++ 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/fs/ext4/fsmap.c b/fs/ext4/fsmap.c index cdf9bfe10137..7765293bfa5d 100644 --- a/fs/ext4/fsmap.c +++ b/fs/ext4/fsmap.c @@ -635,8 +635,6 @@ int ext4_getfsmap(struct super_block *sb, struct ext4_f= smap_head *head, int i; int error =3D 0; =20 - if (head->fmh_iflags & ~FMH_IF_VALID) - return -EINVAL; if (!ext4_getfsmap_is_valid_device(sb, &head->fmh_keys[0]) || !ext4_getfsmap_is_valid_device(sb, &head->fmh_keys[1])) return -EINVAL; diff --git a/fs/ext4/ioctl.c b/fs/ext4/ioctl.c index 6d5210b94ac2..a585d96567b5 100644 --- a/fs/ext4/ioctl.c +++ b/fs/ext4/ioctl.c @@ -873,6 +873,8 @@ static int ext4_ioc_getfsmap(struct super_block *sb, =20 if (copy_from_user(&head, arg, sizeof(struct fsmap_head))) return -EFAULT; + if (head.fmh_iflags & ~FMH_IF_VALID) + return -EINVAL; if (memchr_inv(head.fmh_reserved, 0, sizeof(head.fmh_reserved)) || memchr_inv(head.fmh_keys[0].fmr_reserved, 0, sizeof(head.fmh_keys[0].fmr_reserved)) || --=20 2.40.1.521.gf1e218fcd8-goog From nobody Wed Feb 11 11:51:16 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id E6E7BC77B7F for ; Mon, 8 May 2023 15:42:58 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234576AbjEHPm6 (ORCPT ); Mon, 8 May 2023 11:42:58 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52304 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234534AbjEHPml (ORCPT ); Mon, 8 May 2023 11:42:41 -0400 Received: from mail-lf1-x12c.google.com (mail-lf1-x12c.google.com [IPv6:2a00:1450:4864:20::12c]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2A9018A54 for ; Mon, 8 May 2023 08:42:40 -0700 (PDT) Received: by mail-lf1-x12c.google.com with SMTP id 2adb3069b0e04-4ec8133c59eso5316644e87.0 for ; Mon, 08 May 2023 08:42:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1683560558; x=1686152558; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=C65zGBFPLNFkVp/runw3DFG0fev35GhURpa6eUFcnx0=; b=lS7kGKZVzmjS1AsLR0asaenuwAAAoujI/myicSAo+9Q/8BJqyc4kjsVZFJ7bBCZNSs TTdlGZRPqdfVDsnLB7/tVG5llsOFHdKl8xCkvGNPoMEDxRxsC7KlrJieMWO+pScDGELc haOuapUw65E2wpn/VaQ3GruU7D1im7zadmD0LnpDDNso7QnUdlybgkICrYCC6JoKOwy2 nbfChkeXdp6aac9436VKcTuWyFHS7m/KQV6/baFX4B3EVhRUIQWVC083jk+s4/iYSjAr GCag4zPbzVE1xOC8vjNYaz3O8t+9noY7jRpZldpv98THKO/O1mfL1ZizL+irBbVnK+jn PrEw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1683560558; x=1686152558; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=C65zGBFPLNFkVp/runw3DFG0fev35GhURpa6eUFcnx0=; b=K2fh8sOBM8GkM3CHL+91HjnlCStyfS7hPWkTWvaa/0m9+HfiudUp6tFAXWygXsnS4D xvpqXQVuciWio3IIT9AhyTHE0lAESelQ0mPp0A7zE+Gvzjw9p32i/Z0nEk+IIsLVtL66 6LqUBqK5XzOihi8zM8kjQ8x2tZT46tUr5chGlg7OX6Wpo2I7fdbRLJ9CK9W3DMvig3en erotqIvnOqUEz6HScfzHepGqr0LwMJrp6TbrebQyJAIEyI5QBQFDJgxCq5o4MHFbL35j 1mUlMrZhxa4LKp/XCjIJgq8Qlogwndypvioni06sdnBP5PzCargN6G+VEGSzqznhKZ3B nQJQ== X-Gm-Message-State: AC+VfDyAshOrLDw6MOqChNNSUgnTL7RVhjU5vDS4m6vhdNvOQvd0tDiF aL+dpoTYFbvUu4A/oc9eXVf6VQ== X-Google-Smtp-Source: ACHHUZ4JS1d2tzIliPVw1WY/z5z8bAjtfYFoRhcIHYt69sZZf/3BhTO828TW4UkWaGW/6cLIMXpy+g== X-Received: by 2002:a2e:9f49:0:b0:2ac:8754:e534 with SMTP id v9-20020a2e9f49000000b002ac8754e534mr2920355ljk.6.1683560558429; Mon, 08 May 2023 08:42:38 -0700 (PDT) Received: from ta1.c.googlers.com.com (61.215.228.35.bc.googleusercontent.com. [35.228.215.61]) by smtp.gmail.com with ESMTPSA id a21-20020a2e9815000000b002ad9b741959sm17720ljj.76.2023.05.08.08.42.37 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 08 May 2023 08:42:37 -0700 (PDT) From: Tudor Ambarus To: tytso@mit.edu Cc: adilger.kernel@dilger.ca, linux-ext4@vger.kernel.org, linux-kernel@vger.kernel.org, joneslee@google.com, Tudor Ambarus Subject: [RESEND PATCH v2 3/5] ext4: fsmap: Consolidate fsmap_head checks Date: Mon, 8 May 2023 15:42:28 +0000 Message-ID: <20230508154230.159654-4-tudor.ambarus@linaro.org> X-Mailer: git-send-email 2.40.1.521.gf1e218fcd8-goog In-Reply-To: <20230508154230.159654-1-tudor.ambarus@linaro.org> References: <20230508154230.159654-1-tudor.ambarus@linaro.org> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" The sanity checks on the user provided data were scattered in three representations of the fsmap keys: 1/ the keys from struct fsmap_head in ext4_ioc_getfsmap() -> contain the data copied from the user. 2/ the keys from struct ext4_fsmap_head -> contain the ext4 internal representation of the keys. These are the same keys as in 1/ but with the fmr_physical and fmr_length shifted to right by sb->s_blocksize_bits, see ext4_fsmap_to_internal(). The sanity checks on these keys were done in ext4_getfsmap(), see where ext4_getfsmap_is_valid_device() and ext4_getfsmap_check_keys() are called. 3/ dkeys in ext4_getfsmap() -> local keys used to query the device. These are 2/ but with the low key bumped by fmr_length. The low key is bumped because userspace is allowed to use the last mapping from the previous call as the low key to the next. In consequence, the low key is incremented to ensure we return the next mapping. The low key from dkey was checked together with the high key fron 2/ by calling ext4_getfsmap_check_keys(). Having the sanity checks on user provided data scattered along these three representations of the keys is not only difficult to follow but also inefficient in case one of the checks returns an error because we waste CPU cycles by copying data and preparing other local structures that won't be used in case of errors. Since 2/ and 3/ are just adapted copies of 1/, do all the checks directly on 1/. Gather all the checks done on the user data in a single method and call it immediately after copying the data from user. One may notice that I introduced a local u64 l_fmr_phys in ext4_getfsmap_check_keys() where I bumped the low key by fmr_length in order to preserve the validation check that was done on the low key from 3/. With this we should have better clarity about the sanity checks and also better efficiency in case the user provides bad data. No change in functionality. Patch tested with the ext4 fsmap xfstests 027, 028, 029. All passed. Signed-off-by: Tudor Ambarus --- fs/ext4/fsmap.c | 48 ++++++++++++++++++++++++++++++++++++------------ fs/ext4/fsmap.h | 2 ++ fs/ext4/ioctl.c | 19 +++---------------- 3 files changed, 41 insertions(+), 28 deletions(-) diff --git a/fs/ext4/fsmap.c b/fs/ext4/fsmap.c index 7765293bfa5d..463e8165b1e9 100644 --- a/fs/ext4/fsmap.c +++ b/fs/ext4/fsmap.c @@ -9,6 +9,7 @@ #include "fsmap.h" #include "mballoc.h" #include +#include #include #include =20 @@ -571,7 +572,7 @@ static int ext4_getfsmap_datadev(struct super_block *sb, =20 /* Do we recognize the device? */ static bool ext4_getfsmap_is_valid_device(struct super_block *sb, - struct ext4_fsmap *fm) + struct fsmap *fm) { if (fm->fmr_device =3D=3D 0 || fm->fmr_device =3D=3D UINT_MAX || fm->fmr_device =3D=3D new_encode_dev(sb->s_bdev->bd_dev)) @@ -583,17 +584,19 @@ static bool ext4_getfsmap_is_valid_device(struct supe= r_block *sb, } =20 /* Ensure that the low key is less than the high key. */ -static bool ext4_getfsmap_check_keys(struct ext4_fsmap *low_key, - struct ext4_fsmap *high_key) +static bool ext4_getfsmap_check_keys(struct fsmap *low_key, + struct fsmap *high_key) { + u64 l_fmr_phys =3D low_key->fmr_physical + low_key->fmr_length; + if (low_key->fmr_device > high_key->fmr_device) return false; if (low_key->fmr_device < high_key->fmr_device) return true; =20 - if (low_key->fmr_physical > high_key->fmr_physical) + if (l_fmr_phys > high_key->fmr_physical) return false; - if (low_key->fmr_physical < high_key->fmr_physical) + if (l_fmr_phys < high_key->fmr_physical) return true; =20 if (low_key->fmr_owner > high_key->fmr_owner) @@ -604,6 +607,34 @@ static bool ext4_getfsmap_check_keys(struct ext4_fsmap= *low_key, return false; } =20 +int ext4_fsmap_check_head(struct super_block *sb, struct fsmap_head *head) +{ + const struct fsmap *l =3D &head->fmh_keys[0]; + const struct fsmap *h =3D &head->fmh_keys[1]; + + if (head->fmh_iflags & ~FMH_IF_VALID) + return -EINVAL; + if (memchr_inv(head->fmh_reserved, 0, sizeof(head->fmh_reserved)) || + memchr_inv(l->fmr_reserved, 0, sizeof(l->fmr_reserved)) || + memchr_inv(h->fmr_reserved, 0, sizeof(h->fmr_reserved))) + return -EINVAL; + /* + * ext4 doesn't report file extents at all, so the only valid + * file offsets are the magic ones (all zeroes or all ones). + */ + if (l->fmr_offset || (h->fmr_offset !=3D 0 && h->fmr_offset !=3D -1ULL)) + return -EINVAL; + + if (!ext4_getfsmap_is_valid_device(sb, l) || + !ext4_getfsmap_is_valid_device(sb, h)) + return -EINVAL; + + if (!ext4_getfsmap_check_keys(l, h)) + return -EINVAL; + + return 0; +} + #define EXT4_GETFSMAP_DEVS 2 /* * Get filesystem's extents as described in head, and format for @@ -635,10 +666,6 @@ int ext4_getfsmap(struct super_block *sb, struct ext4_= fsmap_head *head, int i; int error =3D 0; =20 - if (!ext4_getfsmap_is_valid_device(sb, &head->fmh_keys[0]) || - !ext4_getfsmap_is_valid_device(sb, &head->fmh_keys[1])) - return -EINVAL; - head->fmh_entries =3D 0; =20 /* Set up our device handlers. */ @@ -671,9 +698,6 @@ int ext4_getfsmap(struct super_block *sb, struct ext4_f= smap_head *head, dkeys[0].fmr_length =3D 0; memset(&dkeys[1], 0xFF, sizeof(struct ext4_fsmap)); =20 - if (!ext4_getfsmap_check_keys(dkeys, &head->fmh_keys[1])) - return -EINVAL; - info.gfi_next_fsblk =3D head->fmh_keys[0].fmr_physical + head->fmh_keys[0].fmr_length; info.gfi_formatter =3D formatter; diff --git a/fs/ext4/fsmap.h b/fs/ext4/fsmap.h index ac642be2302e..e7c510afd672 100644 --- a/fs/ext4/fsmap.h +++ b/fs/ext4/fsmap.h @@ -8,6 +8,7 @@ #define __EXT4_FSMAP_H__ =20 struct fsmap; +struct fsmap_head; =20 /* internal fsmap representation */ struct ext4_fsmap { @@ -32,6 +33,7 @@ void ext4_fsmap_from_internal(struct super_block *sb, str= uct fsmap *dest, struct ext4_fsmap *src); void ext4_fsmap_to_internal(struct super_block *sb, struct ext4_fsmap *des= t, struct fsmap *src); +int ext4_fsmap_check_head(struct super_block *sb, struct fsmap_head *head); =20 /* fsmap to userspace formatter - copy to user & advance pointer */ typedef int (*ext4_fsmap_format_t)(struct ext4_fsmap *, void *); diff --git a/fs/ext4/ioctl.c b/fs/ext4/ioctl.c index a585d96567b5..11d83ee6ba89 100644 --- a/fs/ext4/ioctl.c +++ b/fs/ext4/ioctl.c @@ -873,22 +873,9 @@ static int ext4_ioc_getfsmap(struct super_block *sb, =20 if (copy_from_user(&head, arg, sizeof(struct fsmap_head))) return -EFAULT; - if (head.fmh_iflags & ~FMH_IF_VALID) - return -EINVAL; - if (memchr_inv(head.fmh_reserved, 0, sizeof(head.fmh_reserved)) || - memchr_inv(head.fmh_keys[0].fmr_reserved, 0, - sizeof(head.fmh_keys[0].fmr_reserved)) || - memchr_inv(head.fmh_keys[1].fmr_reserved, 0, - sizeof(head.fmh_keys[1].fmr_reserved))) - return -EINVAL; - /* - * ext4 doesn't report file extents at all, so the only valid - * file offsets are the magic ones (all zeroes or all ones). - */ - if (head.fmh_keys[0].fmr_offset || - (head.fmh_keys[1].fmr_offset !=3D 0 && - head.fmh_keys[1].fmr_offset !=3D -1ULL)) - return -EINVAL; + error =3D ext4_fsmap_check_head(sb, &head); + if (error) + return error; =20 xhead.fmh_iflags =3D head.fmh_iflags; xhead.fmh_count =3D head.fmh_count; --=20 2.40.1.521.gf1e218fcd8-goog From nobody Wed Feb 11 11:51:16 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 87FD6C77B75 for ; Mon, 8 May 2023 15:43:01 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234581AbjEHPnA (ORCPT ); Mon, 8 May 2023 11:43:00 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52332 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234553AbjEHPmo (ORCPT ); Mon, 8 May 2023 11:42:44 -0400 Received: from mail-lj1-x233.google.com (mail-lj1-x233.google.com [IPv6:2a00:1450:4864:20::233]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 13BB78A65 for ; Mon, 8 May 2023 08:42:41 -0700 (PDT) Received: by mail-lj1-x233.google.com with SMTP id 38308e7fff4ca-2ac8c0fbb16so37364001fa.2 for ; Mon, 08 May 2023 08:42:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1683560559; x=1686152559; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=4pU3MyVcxC4FE8IDtgLQ5EJoKHTuAszvsZF+J0+YFmc=; b=fmyVwJV0lEr0gOVyjK7Zs2yARkiugtEIIx+DYwUHmOOFSBDoPcMej6cUQyGzl7KLDZ yVI9Uma+a53XuOlTYYnz5PJwx+iMR2eYE0NaxjvsG4gU3/ft0QFxfmCC7mImKNr6c3Zk qCddFae2O/g0P6kz1m37dO7vwePj7a0RorxuJxXhhvV1JuBdIEfzlzvWMPtcIiyn6wUV 0IoKg5z1KQfJYr03iHosJVOonWWN/otaOmg6zqJlDt5bj5hRHCXa/nM113+/3UnpRZQP I+7fPr47yTjvKIKXtPKIouvfpH4ePrF9J95Oh4iX6lh25MxWW6IHYFOv8qTWCpC6i3wp YYag== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1683560559; x=1686152559; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=4pU3MyVcxC4FE8IDtgLQ5EJoKHTuAszvsZF+J0+YFmc=; b=UIYX182GiEGyn9NraDH5SuI0+TwFNGCmNCcSCHTBgO5IeQ+9PY5+VgzTfBA1sVSig3 4SWXpabONrEweIVMFxN7wSqq5LooOo2cFsj1JqeYSU4FALYhNl+CpfHtsur2XAYDq25u Wc+j4ogl+VqowLKIi5AHCZCY0aYg+Lce57f8VgSP+ioopYQAFI4veBAtM7dxSHt6+wPU i/9H48cksY7VVlJVuMZ6r24iG6Wzr1GOgPMsqV7Vh7GWX2I2hUf/k22KV9eT6MKeDgoV vsdP0SGSp5D4cdxdeqrPluWdYcNEbDPHpmvz3gHroKjFoCyciJ6VTgTQJ1ARP8pcnLfJ 8GmA== X-Gm-Message-State: AC+VfDzTO909h5kuJgcRq0J5xVV59Z7n/6R4+ZQtInIe6wXaINVkwI1j ZYz4Uxd2HFeODvnUAgG7bfsCrA== X-Google-Smtp-Source: ACHHUZ6h6kvu6HAI2NpYck49HN3F1+F+0o3+VKGFl6dAG8ccfxCIlDuj80J+MkzIA7jF5MgIUTxxaw== X-Received: by 2002:a2e:9d14:0:b0:2a8:a6a5:e26e with SMTP id t20-20020a2e9d14000000b002a8a6a5e26emr2931590lji.20.1683560559390; Mon, 08 May 2023 08:42:39 -0700 (PDT) Received: from ta1.c.googlers.com.com (61.215.228.35.bc.googleusercontent.com. [35.228.215.61]) by smtp.gmail.com with ESMTPSA id a21-20020a2e9815000000b002ad9b741959sm17720ljj.76.2023.05.08.08.42.38 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 08 May 2023 08:42:38 -0700 (PDT) From: Tudor Ambarus To: tytso@mit.edu Cc: adilger.kernel@dilger.ca, linux-ext4@vger.kernel.org, linux-kernel@vger.kernel.org, joneslee@google.com, Tudor Ambarus Subject: [RESEND PATCH v2 4/5] ext4: fsmap: Do the validation checks on constified fsmap data Date: Mon, 8 May 2023 15:42:29 +0000 Message-ID: <20230508154230.159654-5-tudor.ambarus@linaro.org> X-Mailer: git-send-email 2.40.1.521.gf1e218fcd8-goog In-Reply-To: <20230508154230.159654-1-tudor.ambarus@linaro.org> References: <20230508154230.159654-1-tudor.ambarus@linaro.org> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" Now that we do the sanity checks directly on the data copied from user, we can also constify the fsmap data while the checks are in progress. Do the validation checks on constified data, it imposes that the fsmap data is not updated during validation and assures readers that nothing strange happens during the validation sequence of calls. Signed-off-by: Tudor Ambarus --- fs/ext4/fsmap.c | 8 ++++---- fs/ext4/fsmap.h | 3 ++- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/fs/ext4/fsmap.c b/fs/ext4/fsmap.c index 463e8165b1e9..655379c96fcf 100644 --- a/fs/ext4/fsmap.c +++ b/fs/ext4/fsmap.c @@ -572,7 +572,7 @@ static int ext4_getfsmap_datadev(struct super_block *sb, =20 /* Do we recognize the device? */ static bool ext4_getfsmap_is_valid_device(struct super_block *sb, - struct fsmap *fm) + const struct fsmap *fm) { if (fm->fmr_device =3D=3D 0 || fm->fmr_device =3D=3D UINT_MAX || fm->fmr_device =3D=3D new_encode_dev(sb->s_bdev->bd_dev)) @@ -584,8 +584,8 @@ static bool ext4_getfsmap_is_valid_device(struct super_= block *sb, } =20 /* Ensure that the low key is less than the high key. */ -static bool ext4_getfsmap_check_keys(struct fsmap *low_key, - struct fsmap *high_key) +static bool ext4_getfsmap_check_keys(const struct fsmap *low_key, + const struct fsmap *high_key) { u64 l_fmr_phys =3D low_key->fmr_physical + low_key->fmr_length; =20 @@ -607,7 +607,7 @@ static bool ext4_getfsmap_check_keys(struct fsmap *low_= key, return false; } =20 -int ext4_fsmap_check_head(struct super_block *sb, struct fsmap_head *head) +int ext4_fsmap_check_head(struct super_block *sb, const struct fsmap_head = *head) { const struct fsmap *l =3D &head->fmh_keys[0]; const struct fsmap *h =3D &head->fmh_keys[1]; diff --git a/fs/ext4/fsmap.h b/fs/ext4/fsmap.h index e7c510afd672..8325258def7b 100644 --- a/fs/ext4/fsmap.h +++ b/fs/ext4/fsmap.h @@ -33,7 +33,8 @@ void ext4_fsmap_from_internal(struct super_block *sb, str= uct fsmap *dest, struct ext4_fsmap *src); void ext4_fsmap_to_internal(struct super_block *sb, struct ext4_fsmap *des= t, struct fsmap *src); -int ext4_fsmap_check_head(struct super_block *sb, struct fsmap_head *head); +int ext4_fsmap_check_head(struct super_block *sb, + const struct fsmap_head *head); =20 /* fsmap to userspace formatter - copy to user & advance pointer */ typedef int (*ext4_fsmap_format_t)(struct ext4_fsmap *, void *); --=20 2.40.1.521.gf1e218fcd8-goog From nobody Wed Feb 11 11:51:16 2026 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id DB916C77B7F for ; Mon, 8 May 2023 15:43:04 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234511AbjEHPnD (ORCPT ); Mon, 8 May 2023 11:43:03 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52340 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234310AbjEHPmp (ORCPT ); Mon, 8 May 2023 11:42:45 -0400 Received: from mail-lf1-x12e.google.com (mail-lf1-x12e.google.com [IPv6:2a00:1450:4864:20::12e]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2A9408A43 for ; Mon, 8 May 2023 08:42:42 -0700 (PDT) Received: by mail-lf1-x12e.google.com with SMTP id 2adb3069b0e04-4f14ec8d72aso3241063e87.1 for ; Mon, 08 May 2023 08:42:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; t=1683560560; x=1686152560; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=1nrim1zdDFQGC8ucuVD6kdQKx65cnjU9kvIcHKJk3bs=; b=rGZ5zhtzAbKteLvucWXGxvVFURj5Zw0i1inuECygKNPfCPIxZmobqmxHOmLB49jMBg CKc5PnMw2RMkXiO0QChNhfTaVDfbQmHDYE6eWf1dP+GsFVr0y+g0i1FHzZxO/h4MMSEc 2NzJDvsm2CZ4aSBvVSLB9rykycg+GHZb0BZaqgdw6YotfR8J2g/4PJOCGcwJ1vERcj3r g3qKW6edrYi97lgV+DMopOU9Gsc3QB3+I6n4UNG7URVN2jZxhuPAvf6LJ5qRg86DUbWc w/4WYvsLI6CHNL+97mgsFTybO9Pj5KNne0ot39Huw2hVrlUaIaAIlbx1CbyUoJB48Hc7 w2RQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1683560560; x=1686152560; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=1nrim1zdDFQGC8ucuVD6kdQKx65cnjU9kvIcHKJk3bs=; b=DlGCVZAO9gorVKPzSbLZaWQJD0MyG2m/XndN1RWp/zcgualSWPDhL8leDmNMM3qdxI Qmq1Ujxcs8lddMWsKP7kKCFkzfM4SVqF27rIN9C/mTb+qxW1oTw9m7F7oomAU8AhNJ64 Nj9gex6es5wNyBfO0C7BDEsGu7jGaj9CBYBoAn3hKj3Md1NuPcGn2VnP+msZty5xmC3Q K2Am1lA6l0VdEuSZBywgwWhsMsnTYPjjKHoPJOppYeP74VCKTzNWbnUtCd+vpQEO+H9h QV8k8cynuNeobR6dbG2J441gLw3mT/fhBO5U/dlC2JgFjNWK8XFeUogJwe0alYvZStw1 C7iw== X-Gm-Message-State: AC+VfDwh6E2docBXlOzejMYTpdb8GZmRS9JmEXlwsshTw+lT+ZPWfmcz QrL5ZicGZGMj3uXVuILsGQsquw== X-Google-Smtp-Source: ACHHUZ5/Ui+nUjGEebamLnyNX3oMp1mH8IBeJRxonyA/xSJNajver9SOel/kQ9W2YN+d2fPkvo2oVA== X-Received: by 2002:a2e:2e06:0:b0:2a8:e73c:8405 with SMTP id u6-20020a2e2e06000000b002a8e73c8405mr3316677lju.42.1683560560428; Mon, 08 May 2023 08:42:40 -0700 (PDT) Received: from ta1.c.googlers.com.com (61.215.228.35.bc.googleusercontent.com. [35.228.215.61]) by smtp.gmail.com with ESMTPSA id a21-20020a2e9815000000b002ad9b741959sm17720ljj.76.2023.05.08.08.42.39 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 08 May 2023 08:42:39 -0700 (PDT) From: Tudor Ambarus To: tytso@mit.edu Cc: adilger.kernel@dilger.ca, linux-ext4@vger.kernel.org, linux-kernel@vger.kernel.org, joneslee@google.com, Tudor Ambarus Subject: [RESEND PATCH v2 5/5] ext4: fsmap: Remove duplicated initialization Date: Mon, 8 May 2023 15:42:30 +0000 Message-ID: <20230508154230.159654-6-tudor.ambarus@linaro.org> X-Mailer: git-send-email 2.40.1.521.gf1e218fcd8-goog In-Reply-To: <20230508154230.159654-1-tudor.ambarus@linaro.org> References: <20230508154230.159654-1-tudor.ambarus@linaro.org> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Type: text/plain; charset="utf-8" All members of struct ext4_fsmap_head were already initialized with zero in the caller, ext4_ioc_getfsmap(), remove duplicated initialization. Signed-off-by: Tudor Ambarus --- fs/ext4/fsmap.c | 2 -- 1 file changed, 2 deletions(-) diff --git a/fs/ext4/fsmap.c b/fs/ext4/fsmap.c index 655379c96fcf..d19d85be3404 100644 --- a/fs/ext4/fsmap.c +++ b/fs/ext4/fsmap.c @@ -666,8 +666,6 @@ int ext4_getfsmap(struct super_block *sb, struct ext4_f= smap_head *head, int i; int error =3D 0; =20 - head->fmh_entries =3D 0; - /* Set up our device handlers. */ memset(handlers, 0, sizeof(handlers)); handlers[0].gfd_dev =3D new_encode_dev(sb->s_bdev->bd_dev); --=20 2.40.1.521.gf1e218fcd8-goog