1. Patchew
  2. linux
  3. View series

[PATCH] Fix wrong max check in bch2_opt_validate

Piotr Zalewski posted 1 patch 3 weeks, 2 days ago 
fs/bcachefs/opts.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
[PATCH] Fix wrong max check in bch2_opt_validate
Posted by Piotr Zalewski 3 weeks, 2 days ago 
Use opt->max-1 in bch2_opt_validate when option type is BCH_OPT_STR. When
option type is BCH_OPT_STR, real option's max is one less than the max
value stored in option structure.

Reported-by: syzbot+bee87a0c3291c06aa8c6@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=bee87a0c3291c06aa8c6
Fixes: 63c4b2545382 ("bcachefs: Better superblock opt validation")
Signed-off-by: Piotr Zalewski <pZ010001011111@proton.me>
---
 fs/bcachefs/opts.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/fs/bcachefs/opts.c b/fs/bcachefs/opts.c
index 83f55cf99d46..bffcbe6a6fd0 100644
--- a/fs/bcachefs/opts.c
+++ b/fs/bcachefs/opts.c
@@ -290,6 +290,8 @@ static int bch2_mount_opt_lookup(const char *name)
 
 int bch2_opt_validate(const struct bch_option *opt, u64 v, struct printbuf *err)
 {
+	const u64 opt_max = opt->type == BCH_OPT_STR ? opt->max - 1 : opt->max;
+
 	if (v < opt->min) {
 		if (err)
 			prt_printf(err, "%s: too small (min %llu)",
@@ -297,10 +299,10 @@ int bch2_opt_validate(const struct bch_option *opt, u64 v, struct printbuf *err)
 		return -BCH_ERR_ERANGE_option_too_small;
 	}
 
-	if (opt->max && v >= opt->max) {
+	if (opt->max && v >= opt_max) {
 		if (err)
 			prt_printf(err, "%s: too big (max %llu)",
-			       opt->attr.name, opt->max);
+			       opt->attr.name, opt_max);
 		return -BCH_ERR_ERANGE_option_too_big;
 	}
 
-- 
2.47.0
Re: [PATCH] Fix wrong max check in bch2_opt_validate
Posted by Piotr Zalewski 2 weeks, 4 days ago 
Hi Kent,

Did you see this?

Best regards

On Friday, November 1st, 2024 at 12:22 AM, Piotr Zalewski <pZ010001011111@proton.me> wrote:

> Use opt->max-1 in bch2_opt_validate when option type is BCH_OPT_STR. When
>
> option type is BCH_OPT_STR, real option's max is one less than the max
> value stored in option structure.
>
> Reported-by: syzbot+bee87a0c3291c06aa8c6@syzkaller.appspotmail.com
> Closes: https://syzkaller.appspot.com/bug?extid=bee87a0c3291c06aa8c6
> Fixes: 63c4b2545382 ("bcachefs: Better superblock opt validation")
> Signed-off-by: Piotr Zalewski pZ010001011111@proton.me
>
> ---
> fs/bcachefs/opts.c | 6 ++++--
> 1 file changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/fs/bcachefs/opts.c b/fs/bcachefs/opts.c
> index 83f55cf99d46..bffcbe6a6fd0 100644
> --- a/fs/bcachefs/opts.c
> +++ b/fs/bcachefs/opts.c
> @@ -290,6 +290,8 @@ static int bch2_mount_opt_lookup(const char *name)
>
> int bch2_opt_validate(const struct bch_option *opt, u64 v, struct printbuf *err)
> {
> + const u64 opt_max = opt->type == BCH_OPT_STR ? opt->max - 1 : opt->max;
>
> +
> if (v < opt->min) {
>
> if (err)
> prt_printf(err, "%s: too small (min %llu)",
> @@ -297,10 +299,10 @@ int bch2_opt_validate(const struct bch_option *opt, u64 v, struct printbuf *err)
> return -BCH_ERR_ERANGE_option_too_small;
> }
>
> - if (opt->max && v >= opt->max) {
>
> + if (opt->max && v >= opt_max) {
>
> if (err)
> prt_printf(err, "%s: too big (max %llu)",
> - opt->attr.name, opt->max);
>
> + opt->attr.name, opt_max);
>
> return -BCH_ERR_ERANGE_option_too_big;
> }
>
> --
> 2.47.0
>
Re: [PATCH] Fix wrong max check in bch2_opt_validate
Posted by Kent Overstreet 2 weeks, 4 days ago 
On Wed, Nov 06, 2024 at 08:11:13AM +0000, Piotr Zalewski wrote:
> Hi Kent,
> 
> Did you see this?

Whoops, I did miss it the first time.

I think it'd be better to fix it in the OPT_STR() macro though.
Re: [PATCH] Fix wrong max check in bch2_opt_validate
Posted by Piotr Zalewski 2 weeks, 4 days ago 




Sent with Proton Mail secure email.

On Wednesday, November 6th, 2024 at 6:52 PM, Kent Overstreet <kent.overstreet@linux.dev> wrote:

> On Wed, Nov 06, 2024 at 08:11:13AM +0000, Piotr Zalewski wrote:
> 
> > Hi Kent,
> > 
> > Did you see this?
> 
> 
> Whoops, I did miss it the first time.

np

> I think it'd be better to fix it in the OPT_STR() macro though.

If changed in OPT_STR() macro it would also require a change in
bch2_opt_to_text:434 (it also does -1 there).

Best regards
Re: [PATCH] Fix wrong max check in bch2_opt_validate
Posted by Kent Overstreet 2 weeks, 4 days ago 
On Wed, Nov 06, 2024 at 06:58:04PM +0000, Piotr Zalewski wrote:
> 
> 
> 
> 
> 
> Sent with Proton Mail secure email.
> 
> On Wednesday, November 6th, 2024 at 6:52 PM, Kent Overstreet <kent.overstreet@linux.dev> wrote:
> 
> > On Wed, Nov 06, 2024 at 08:11:13AM +0000, Piotr Zalewski wrote:
> > 
> > > Hi Kent,
> > > 
> > > Did you see this?
> > 
> > 
> > Whoops, I did miss it the first time.
> 
> np
> 
> > I think it'd be better to fix it in the OPT_STR() macro though.
> 
> If changed in OPT_STR() macro it would also require a change in
> bch2_opt_to_text:434 (it also does -1 there).

*nod*

I think we should do it that way then, we don't want opt->max meaning
different things in different contexts if we can avoid it

Patchew 2.1-devel-b67e4c2

© 2016 - 2024 Red Hat, Inc.