On Sat, May 20, 2023 at 01:00:21AM +0100, David Howells wrote: > Make filemap_splice_read() check s_maxbytes analogously to filemap_read(). > > Signed-off-by: David Howells <dhowells@xxxxxxxxxx> > cc: Christoph Hellwig <hch@xxxxxx> > cc: Steve French <stfrench@xxxxxxxxxxxxx> > cc: Jens Axboe <axboe@xxxxxxxxx> > cc: Al Viro <viro@xxxxxxxxxxxxxxxxxx> > cc: David Hildenbrand <david@xxxxxxxxxx> > cc: John Hubbard <jhubbard@xxxxxxxxxx> > cc: linux-mm@xxxxxxxxx > cc: linux-block@xxxxxxxxxxxxxxx > cc: linux-fsdevel@xxxxxxxxxxxxxxx > --- > mm/filemap.c | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/mm/filemap.c b/mm/filemap.c > index a2006936a6ae..0fcb0b80c2e2 100644 > --- a/mm/filemap.c > +++ b/mm/filemap.c > @@ -2887,6 +2887,9 @@ ssize_t filemap_splice_read(struct file *in, loff_t *ppos, > bool writably_mapped; > int i, error = 0; > > + if (unlikely(*ppos >= in->f_mapping->host->i_sb->s_maxbytes)) Pointer deref galore Reviewed-by: Christian Brauner <brauner@xxxxxxxxxx>
