From: Trond Myklebust <trond.myklebust@xxxxxxxxxxxxxxx> We do check that the read offset is less than the filesystem limit, however for good measure we should also check that it is positive or zero, and return EINVAL if that is not the case. Signed-off-by: Trond Myklebust <trond.myklebust@xxxxxxxxxxxxxxx> --- mm/filemap.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/mm/filemap.c b/mm/filemap.c index c69227ccdabb..99ed5d291a6a 100644 --- a/mm/filemap.c +++ b/mm/filemap.c @@ -2600,6 +2600,8 @@ ssize_t filemap_read(struct kiocb *iocb, struct iov_iter *iter, loff_t isize, end_offset; loff_t last_pos = ra->prev_pos; + if (unlikely(iocb->ki_pos < 0)) + return -EINVAL; if (unlikely(iocb->ki_pos >= inode->i_sb->s_maxbytes)) return 0; if (unlikely(!iov_iter_count(iter))) -- 2.46.0
