We better warn the fibmap user and not return a truncated and therefore
an incorrect block map address if the bmap() returned block address
is greater than INT_MAX (since user supplied integer pointer).
It's better to WARN all user of ioctl_fibmap() and return a proper error
code rather than silently letting a FS corruption happen if the user tries
to fiddle around with the returned block map address.
We fix this by returning an error code of -ERANGE and returning 0 as the
block mapping address in case if it is > INT_MAX.
Signed-off-by: Ritesh Harjani <riteshh@xxxxxxxxxxxxx>
---
fs/ioctl.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/fs/ioctl.c b/fs/ioctl.c
index f1d93263186c..3489f3a12c1d 100644
--- a/fs/ioctl.c
+++ b/fs/ioctl.c
@@ -71,6 +71,11 @@ static int ioctl_fibmap(struct file *filp, int __user *p)
block = ur_block;
error = bmap(inode, &block);
+ if (block > INT_MAX) {
+ error = -ERANGE;
+ WARN(1, "would truncate fibmap result\n");
+ }
+
if (error)
ur_block = 0;
else
--
2.21.0
