On Fri, Jan 28, 2022 at 01:48:48AM +0000, Chuck Lever III wrote: > > > > On Jan 27, 2022, at 7:36 PM, Dave Chinner <david@xxxxxxxxxxxxx> wrote: > > > > On Thu, Jan 27, 2022 at 11:08:31AM -0500, Chuck Lever wrote: > >> IOW it assumes the caller has already sanity-checked the value. > > > > Every filesystem assumes that the iattr that is passed to ->setattr > > by notify_change() has been sanity checked and the parameters are > > within the valid VFS supported ranges, not just XFS. Perhaps this > > check should be in notify_change, not in the callers? > > My (limited) understanding of the VFS code is that functions at > the notify_change() level expect that its callers will have > already sanitized the input -- those callers are largely the > system call routines. That's why I chose to address this in NFSD. > > Maybe inode_newsize_ok() needs to check for negative size values? Yeah, that would seem reasonable - the size passed to it is a loff_t, and it's not checked for overflows/negative values. So if it checked for offset < 0 if would catch this.... Cheers, Dave. -- Dave Chinner david@xxxxxxxxxxxxx
