Luís Henriques
2023-May-29 15:26 UTC
[Ocfs2-devel] [PATCH] ocfs2: check new file size on fallocate call
When changing a file size with fallocate() the new size isn't being
checked. In particular, the FSIZE ulimit isn't being checked, which makes
fstest generic/228 fail. Simply adding a call to inode_newsize_ok() fixes
this issue.
Signed-off-by: Lu?s Henriques <lhenriques at suse.de>
---
fs/ocfs2/file.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/fs/ocfs2/file.c b/fs/ocfs2/file.c
index efb09de4343d..b173c36bcab3 100644
--- a/fs/ocfs2/file.c
+++ b/fs/ocfs2/file.c
@@ -2100,14 +2100,20 @@ static long ocfs2_fallocate(struct file *file, int mode,
loff_t offset,
struct ocfs2_space_resv sr;
int change_size = 1;
int cmd = OCFS2_IOC_RESVSP64;
+ int ret = 0;
if (mode & ~(FALLOC_FL_KEEP_SIZE | FALLOC_FL_PUNCH_HOLE))
return -EOPNOTSUPP;
if (!ocfs2_writes_unwritten_extents(osb))
return -EOPNOTSUPP;
- if (mode & FALLOC_FL_KEEP_SIZE)
+ if (mode & FALLOC_FL_KEEP_SIZE) {
change_size = 0;
+ } else {
+ ret = inode_newsize_ok(inode, offset + len);
+ if (ret)
+ return ret;
+ }
if (mode & FALLOC_FL_PUNCH_HOLE)
cmd = OCFS2_IOC_UNRESVSP64;
Mark Fasheh
2023-May-31 03:32 UTC
[Ocfs2-devel] [PATCH] ocfs2: check new file size on fallocate call
On Mon, May 29, 2023 at 8:26?AM Lu?s Henriques <lhenriques at suse.de> wrote:> > When changing a file size with fallocate() the new size isn't being > checked. In particular, the FSIZE ulimit isn't being checked, which makes > fstest generic/228 fail. Simply adding a call to inode_newsize_ok() fixes > this issue. > > Signed-off-by: Lu?s Henriques <lhenriques at suse.de>Looks good, thanks Luis. Reviewed-by: Mark Fasheh <mark at fasheh.com>
Joseph Qi
2023-May-31 06:00 UTC
[Ocfs2-devel] [PATCH] ocfs2: check new file size on fallocate call
On 5/29/23 11:26 PM, Lu?s Henriques wrote:> When changing a file size with fallocate() the new size isn't being > checked. In particular, the FSIZE ulimit isn't being checked, which makes > fstest generic/228 fail. Simply adding a call to inode_newsize_ok() fixes > this issue. > > Signed-off-by: Lu?s Henriques <lhenriques at suse.de> > --- > fs/ocfs2/file.c | 8 +++++++- > 1 file changed, 7 insertions(+), 1 deletion(-) > > diff --git a/fs/ocfs2/file.c b/fs/ocfs2/file.c > index efb09de4343d..b173c36bcab3 100644 > --- a/fs/ocfs2/file.c > +++ b/fs/ocfs2/file.c > @@ -2100,14 +2100,20 @@ static long ocfs2_fallocate(struct file *file, int mode, loff_t offset, > struct ocfs2_space_resv sr; > int change_size = 1; > int cmd = OCFS2_IOC_RESVSP64; > + int ret = 0; > > if (mode & ~(FALLOC_FL_KEEP_SIZE | FALLOC_FL_PUNCH_HOLE)) > return -EOPNOTSUPP;This means we only support keep-size and pouch_hole. And it seems pouch_hole will also imply keep-size.> if (!ocfs2_writes_unwritten_extents(osb)) > return -EOPNOTSUPP; > > - if (mode & FALLOC_FL_KEEP_SIZE) > + if (mode & FALLOC_FL_KEEP_SIZE) { > change_size = 0; > + } else {Seems this will be a dead branch? Thanks, Joseph> + ret = inode_newsize_ok(inode, offset + len); > + if (ret) > + return ret; > + } > > if (mode & FALLOC_FL_PUNCH_HOLE) > cmd = OCFS2_IOC_UNRESVSP64;
Joseph Qi
2023-May-31 08:32 UTC
[Ocfs2-devel] [PATCH] ocfs2: check new file size on fallocate call
On 5/29/23 11:26 PM, Lu?s Henriques wrote:> When changing a file size with fallocate() the new size isn't being > checked. In particular, the FSIZE ulimit isn't being checked, which makes > fstest generic/228 fail. Simply adding a call to inode_newsize_ok() fixes > this issue. > > Signed-off-by: Lu?s Henriques <lhenriques at suse.de>Reviewed-by: Joseph Qi <joseph.qi at linux.alibaba.com>> --- > fs/ocfs2/file.c | 8 +++++++- > 1 file changed, 7 insertions(+), 1 deletion(-) > > diff --git a/fs/ocfs2/file.c b/fs/ocfs2/file.c > index efb09de4343d..b173c36bcab3 100644 > --- a/fs/ocfs2/file.c > +++ b/fs/ocfs2/file.c > @@ -2100,14 +2100,20 @@ static long ocfs2_fallocate(struct file *file, int mode, loff_t offset, > struct ocfs2_space_resv sr; > int change_size = 1; > int cmd = OCFS2_IOC_RESVSP64; > + int ret = 0; > > if (mode & ~(FALLOC_FL_KEEP_SIZE | FALLOC_FL_PUNCH_HOLE)) > return -EOPNOTSUPP; > if (!ocfs2_writes_unwritten_extents(osb)) > return -EOPNOTSUPP; > > - if (mode & FALLOC_FL_KEEP_SIZE) > + if (mode & FALLOC_FL_KEEP_SIZE) { > change_size = 0; > + } else { > + ret = inode_newsize_ok(inode, offset + len); > + if (ret) > + return ret; > + } > > if (mode & FALLOC_FL_PUNCH_HOLE) > cmd = OCFS2_IOC_UNRESVSP64;
Andrew Morton
2023-May-31 22:11 UTC
[Ocfs2-devel] [PATCH] ocfs2: check new file size on fallocate call
On Mon, 29 May 2023 16:26:45 +0100 Lu?s Henriques via Ocfs2-devel <ocfs2-devel at oss.oracle.com> wrote:> When changing a file size with fallocate() the new size isn't being > checked. In particular, the FSIZE ulimit isn't being checked, which makes > fstest generic/228 fail. Simply adding a call to inode_newsize_ok() fixes > this issue. > > ... > > --- a/fs/ocfs2/file.c > +++ b/fs/ocfs2/file.c > @@ -2100,14 +2100,20 @@ static long ocfs2_fallocate(struct file *file, int mode, loff_t offset, > struct ocfs2_space_resv sr; > int change_size = 1; > int cmd = OCFS2_IOC_RESVSP64; > + int ret = 0; > > if (mode & ~(FALLOC_FL_KEEP_SIZE | FALLOC_FL_PUNCH_HOLE)) > return -EOPNOTSUPP; > if (!ocfs2_writes_unwritten_extents(osb)) > return -EOPNOTSUPP; > > - if (mode & FALLOC_FL_KEEP_SIZE) > + if (mode & FALLOC_FL_KEEP_SIZE) { > change_size = 0; > + } else { > + ret = inode_newsize_ok(inode, offset + len); > + if (ret) > + return ret; > + } >So userspace can exceed rlimit(RLIMIT_FSIZE). Do we think this flaw is serious enough to justify backporting the fix into earlier -stable kernels?
Possibly Parallel Threads
- [PATCH] ocfs2: check new file size on fallocate call
- [PATCH 1/3] VFS/ioctl: Add punching-hole support to ioctl().
- [PATCH 1/3] VFS/ioctl: Add punching-hole support to ioctl().
- [PATCH] ocfs2: check new file size on fallocate call
- Patch "ocfs2: check new file size on fallocate call" has been added to the 6.1-stable tree