Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 07301df7 authored by Qu Wenruo's avatar Qu Wenruo Committed by David Sterba
Browse files

btrfs: trim: Check the range passed into to prevent overflow 



Normally the range->len is set to default value (U64_MAX), but when it's
not default value, we should check if the range overflows.

And if it overflows, return -EINVAL before doing anything.

Reviewed-by: default avatarNikolay Borisov <nborisov@suse.com>
Reviewed-by: default avatarAnand Jain <anand.jain@oracle.com>
Signed-off-by: default avatarQu Wenruo <wqu@suse.com>
Signed-off-by: default avatarDavid Sterba <dsterba@suse.com>
parent d7cd4dd9

fs/btrfs/extent-tree.c

+11 −3
Original line number Diff line number Diff line
@@ -8966,6 +8966,7 @@ int btrfs_trim_fs(struct btrfs_fs_info *fs_info, struct fstrim_range *range) 
	struct btrfs_device *device;

	struct list_head *devices;

	u64 group_trimmed;

	u64 range_end = U64_MAX;

	u64 start;

	u64 end;

	u64 trimmed = 0;
@@ -8975,16 +8976,23 @@ int btrfs_trim_fs(struct btrfs_fs_info *fs_info, struct fstrim_range *range) 
	int dev_ret = 0;

	int ret = 0;



	/*

	 * Check range overflow if range->len is set.

	 * The default range->len is U64_MAX.

	 */

	if (range->len != U64_MAX &&

	    check_add_overflow(range->start, range->len, &range_end))

		return -EINVAL;



	cache = btrfs_lookup_first_block_group(fs_info, range->start);

	for (; cache; cache = next_block_group(cache)) {

		if (cache->key.objectid >= (range->start + range->len)) {

		if (cache->key.objectid >= range_end) {

			btrfs_put_block_group(cache);

			break;

		}



		start = max(range->start, cache->key.objectid);

		end = min(range->start + range->len,

				cache->key.objectid + cache->key.offset);

		end = min(range_end, cache->key.objectid + cache->key.offset);



		if (end - start >= range->minlen) {

			if (!block_group_cache_done(cache)) {