On Fri, Apr 24, 2020 at 12:52:17PM +0530, Ritesh Harjani wrote:
> We better warn the fibmap user and not return a truncated and therefore
> an incorrect block map address if the bmap() returned block address
> is greater than INT_MAX (since user supplied integer pointer).
>
> It's better to WARN all user of ioctl_fibmap() and return a proper error
> code rather than silently letting a FS corruption happen if the user tries
> to fiddle around with the returned block map address.
>
> We fix this by returning an error code of -ERANGE and returning 0 as the
> block mapping address in case if it is > INT_MAX.
>
> Signed-off-by: Ritesh Harjani <riteshh@xxxxxxxxxxxxx>
> ---
> fs/ioctl.c | 5 +++++
> 1 file changed, 5 insertions(+)
>
> diff --git a/fs/ioctl.c b/fs/ioctl.c
> index f1d93263186c..3489f3a12c1d 100644
> --- a/fs/ioctl.c
> +++ b/fs/ioctl.c
> @@ -71,6 +71,11 @@ static int ioctl_fibmap(struct file *filp, int __user *p)
> block = ur_block;
> error = bmap(inode, &block);
>
> + if (block > INT_MAX) {
> + error = -ERANGE;
> + WARN(1, "would truncate fibmap result\n");
> + }
> +
WARN() is only for kernel bugs. This case would be a userspace bug, not a
kernel bug, right? If so, it should use pr_warn(), not WARN().
- Eric
