projects / linux-block.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: dbe27f0)
ext4: ensure i_size is smaller than maxbytes
authorZhang Yi <yi.zhang@huawei.com>
Tue, 6 May 2025 01:20:09 +0000 (09:20 +0800)
committerTheodore Ts'o <tytso@mit.edu>
Tue, 20 May 2025 14:31:06 +0000 (10:31 -0400)
The inode i_size cannot be larger than maxbytes, check it while loading
inode from the disk.

Signed-off-by: Zhang Yi <yi.zhang@huawei.com>
Reviewed-by: Jan Kara <jack@suse.cz>
Reviewed-by: Baokun Li <libaokun1@huawei.com>
Link: https://patch.msgid.link/20250506012009.3896990-4-yi.zhang@huaweicloud.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Cc: stable@kernel.org
fs/ext4/inode.c patch | blob | blame | history

diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c
index 01038b4ecee0dbba0ccebadd6e4fccf4be962cb5..ca1f7a0dd8f8a4708ca76e8fd70b2528567a6864 100644 (file)
--- a/fs/ext4/inode.c
+++ b/fs/ext4/inode.c
@@ -4966,7 +4966,8 @@ struct inode *__ext4_iget(struct super_block *sb, unsigned long ino,
                ei->i_file_acl |=
                        ((__u64)le16_to_cpu(raw_inode->i_file_acl_high)) << 32;
        inode->i_size = ext4_isize(sb, raw_inode);
-       if ((size = i_size_read(inode)) < 0) {
+       size = i_size_read(inode);
+       if (size < 0 || size > ext4_get_maxbytes(inode)) {
                ext4_error_inode(inode, function, line, 0,
                                 "iget: bad i_size value: %lld", size);
                ret = -EFSCORRUPTED;
Linux 6.x block layer and io_uring tree(s)