Fix the bug reported at: https://syzkaller.appspot.com/bug?id=79d5768e9bfe362911ac1a5057a36fc6b5c30002 Darrick J. Wong proposed a similar patch to address the same bug at: https://lore.kernel.org/linux-ext4/3e125c64-da56-2a2b-1a20-fdcc5a0d3014@xxxxxxxxxx/ I think my version of the patch is better. It clearly indicates that lower out of bounds requests are ignored. The high key should be greater than the first data block for the ext4_getfsmap_datadev() handler, otherwise there's no data to return, thus we exit early and ignore the request. Darrick indirectly implied the same thing, but missed the case where the high_key->fmr_phisical is equal to the first data block. After the fix you'll find another patch that consolidates the validation of the user provided data. Instead of having the checks scattered among the fsmap representations, gather the code in a single method and do the checks directly on the data received from user. Similar patch can be done for xfs fsmap, but I'll wait for some feedback first. Tested the changes with kvm-xfstests: ext4/{027, 028, 029}, all passed, output below. Cheers, ta -------------------- Summary report KERNEL: kernel 6.2.0-rc8-xfstests-00003-gc34cc283e325 #13 SMP PREEMPT_DYNAMIC Wed Feb 22 12:35:39 UTC 2023 x86_64 CMDLINE: ext4/027 CPUS: 2 MEM: 1975.3 ext4/4k: 1 tests, 1 seconds ext4/027 Pass 1s ext4/1k: 1 tests, 1 seconds ext4/027 Pass 1s ext4/ext3: 1 tests, 2 seconds ext4/027 Pass 1s ext4/encrypt: 1 tests, 1 seconds ext4/027 Pass 0s ext4/nojournal: 1 tests, 1 seconds ext4/027 Pass 1s ext4/ext3conv: 1 tests, 1 seconds ext4/027 Pass 0s ext4/adv: 1 tests, 1 seconds ext4/027 Pass 1s ext4/dioread_nolock: 1 tests, 1 seconds ext4/027 Pass 1s ext4/data_journal: 1 tests, 1 seconds ext4/027 Pass 0s ext4/bigalloc: 1 tests, 1 seconds ext4/027 Pass 0s ext4/bigalloc_1k: 1 tests, 1 seconds ext4/027 Pass 0s Totals: 11 tests, 0 skipped, 0 failures, 0 errors, 6s FSTESTVER: blktests 4e07b0c (Fri, 15 Jul 2022 14:40:03 +0900) FSTESTVER: fio fio-3.31 (Tue, 9 Aug 2022 14:41:25 -0600) FSTESTVER: fsverity v1.5 (Sun, 6 Feb 2022 10:59:13 -0800) FSTESTVER: ima-evm-utils v1.3.2 (Wed, 28 Oct 2020 13:18:08 -0400) FSTESTVER: nvme-cli v1.16 (Thu, 11 Nov 2021 13:09:06 -0800) FSTESTVER: quota v4.05-43-gd2256ac (Fri, 17 Sep 2021 14:04:16 +0200) FSTESTVER: util-linux v2.38.1 (Thu, 4 Aug 2022 11:06:21 +0200) FSTESTVER: xfsprogs v5.19.0 (Fri, 12 Aug 2022 13:45:01 -0500) FSTESTVER: xfstests v2022.08.21-8-g289f50f8 (Sun, 21 Aug 2022 15:21:34 -0400) FSTESTVER: xfstests-bld bb566bcf (Wed, 24 Aug 2022 23:07:24 -0400) FSTESTVER: zz_build-distro bullseye FSTESTCFG: all FSTESTSET: ext4/027 FSTESTOPT: aex [ 59.553199] ACPI: PM: Preparing to enter system sleep state S5 [ 59.557660] reboot: Power down -------------------- Summary report KERNEL: kernel 6.2.0-rc8-xfstests-00003-gc34cc283e325 #13 SMP PREEMPT_DYNAMIC Wed Feb 22 12:35:39 UTC 2023 x86_64 CMDLINE: ext4/028 CPUS: 2 MEM: 1975.31 ext4/4k: 1 tests, 1 seconds ext4/028 Pass 1s ext4/1k: 1 tests, 3 seconds ext4/028 Pass 3s ext4/ext3: 1 tests, 1 skipped, 1 seconds ext4/028 Skipped 1s ext4/encrypt: 0 tests, 0 seconds ext4/nojournal: 1 tests, 4 seconds ext4/028 Pass 4s ext4/ext3conv: 1 tests, 5 seconds ext4/028 Pass 4s ext4/adv: 1 tests, 4 seconds ext4/028 Pass 4s ext4/dioread_nolock: 1 tests, 1 seconds ext4/028 Pass 1s ext4/data_journal: 1 tests, 1 seconds ext4/028 Pass 1s ext4/bigalloc: 1 tests, 5 seconds ext4/028 Pass 5s ext4/bigalloc_1k: 1 tests, 3 seconds ext4/028 Pass 2s Totals: 10 tests, 1 skipped, 0 failures, 0 errors, 26s FSTESTVER: blktests 4e07b0c (Fri, 15 Jul 2022 14:40:03 +0900) FSTESTVER: fio fio-3.31 (Tue, 9 Aug 2022 14:41:25 -0600) FSTESTVER: fsverity v1.5 (Sun, 6 Feb 2022 10:59:13 -0800) FSTESTVER: ima-evm-utils v1.3.2 (Wed, 28 Oct 2020 13:18:08 -0400) FSTESTVER: nvme-cli v1.16 (Thu, 11 Nov 2021 13:09:06 -0800) FSTESTVER: quota v4.05-43-gd2256ac (Fri, 17 Sep 2021 14:04:16 +0200) FSTESTVER: util-linux v2.38.1 (Thu, 4 Aug 2022 11:06:21 +0200) FSTESTVER: xfsprogs v5.19.0 (Fri, 12 Aug 2022 13:45:01 -0500) FSTESTVER: xfstests v2022.08.21-8-g289f50f8 (Sun, 21 Aug 2022 15:21:34 -0400) FSTESTVER: xfstests-bld bb566bcf (Wed, 24 Aug 2022 23:07:24 -0400) FSTESTVER: zz_build-distro bullseye FSTESTCFG: all FSTESTSET: ext4/028 FSTESTOPT: aex [ 76.557142] EXT4-fs (vdg): unmounting filesystem 3149a29d-9b44-4c17-82a6-c86addd7f1bb. [ 76.592295] ACPI: PM: Preparing to enter system sleep state S5 [ 76.597019] reboot: Power down -------------------- Summary report KERNEL: kernel 6.2.0-rc8-xfstests-00003-gc34cc283e325 #13 SMP PREEMPT_DYNAMIC Wed Feb 22 12:35:39 UTC 2023 x86_64 CMDLINE: -c logdev ext4/029 CPUS: 2 MEM: 1975.31 ext4/logdev: 1 tests, 1 seconds ext4/029 Pass 1s Totals: 1 tests, 0 skipped, 0 failures, 0 errors, 1s FSTESTVER: blktests 4e07b0c (Fri, 15 Jul 2022 14:40:03 +0900) FSTESTVER: fio fio-3.31 (Tue, 9 Aug 2022 14:41:25 -0600) FSTESTVER: fsverity v1.5 (Sun, 6 Feb 2022 10:59:13 -0800) FSTESTVER: ima-evm-utils v1.3.2 (Wed, 28 Oct 2020 13:18:08 -0400) FSTESTVER: nvme-cli v1.16 (Thu, 11 Nov 2021 13:09:06 -0800) FSTESTVER: quota v4.05-43-gd2256ac (Fri, 17 Sep 2021 14:04:16 +0200) FSTESTVER: util-linux v2.38.1 (Thu, 4 Aug 2022 11:06:21 +0200) FSTESTVER: xfsprogs v5.19.0 (Fri, 12 Aug 2022 13:45:01 -0500) FSTESTVER: xfstests v2022.08.21-8-g289f50f8 (Sun, 21 Aug 2022 15:21:34 -0400) FSTESTVER: xfstests-bld bb566bcf (Wed, 24 Aug 2022 23:07:24 -0400) FSTESTVER: zz_build-distro bullseye FSTESTCFG: logdev FSTESTSET: ext4/029 FSTESTOPT: aex [ 8.217384] reboot: Power down Tudor Ambarus (3): ext4: fsmap: Fix crash caused by poor key validation ext4: fsmap: Consolidate fsmap_head checks ext4: fsmap: Remove duplicated initialization fs/ext4/fsmap.c | 56 +++++++++++++++++++++++++++++++++++-------------- fs/ext4/fsmap.h | 3 +++ fs/ext4/ioctl.c | 17 +++------------ 3 files changed, 46 insertions(+), 30 deletions(-) -- 2.39.2.637.g21b0678d19-goog
