Call remap_verify_area() on the source file as well as the destination. When called from vfs_dedupe_file_range() the check as already been performed, but not so if called from layered fs (overlayfs, etc...) Could ommit the redundant check in vfs_dedupe_file_range(), but leave for now to get error early (for fear of breaking backward compatibility). This call shouldn't be performance sensitive. Signed-off-by: Miklos Szeredi <mszeredi@xxxxxxxxxx> --- fs/remap_range.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/fs/remap_range.c b/fs/remap_range.c index e6099beefa97..77dba3a49e65 100644 --- a/fs/remap_range.c +++ b/fs/remap_range.c @@ -456,8 +456,16 @@ loff_t vfs_dedupe_file_range_one(struct file *src_file, loff_t src_pos, if (ret) return ret; + /* + * This is redundant if called from vfs_dedupe_file_range(), but other + * callers need it and it's not performance sesitive... + */ + ret = remap_verify_area(src_file, src_pos, len, false); + if (ret) + goto out_drop_write; + ret = remap_verify_area(dst_file, dst_pos, len, true); - if (ret < 0) + if (ret) goto out_drop_write; ret = -EPERM; -- 2.26.2