Skip to content
Snippets Groups Projects
Unverified Commit a7f9ce1a authored by Julian Sun's avatar Julian Sun Committed by Christian Brauner
Browse files

vfs: Fix implicit conversion problem when testing overflow case 


The overflow check in generic_copy_file_checks() and generic_remap_checks()
is now broken because the result of the addition is implicitly converted to
an unsigned type, which disrupts the comparison with signed numbers.
This caused the kernel to not return EOVERFLOW in copy_file_range()
call with len is set to 0xffffffffa003e45bul.

Use the check_add_overflow() macro to fix this issue.

Reported-and-tested-by: default avatar <syzbot+296b1c84b9cbf306e5a0@syzkaller.appspotmail.com>
Closes: https://syzkaller.appspot.com/bug?extid=296b1c84b9cbf306e5a0


Fixes: 1383a7ed ("vfs: check file ranges before cloning files")
Fixes: 96e6e8f4 ("vfs: add missing checks to copy_file_range")
Inspired-by: default avatarDave Chinner <david@fromorbit.com>
Reviewed-by: default avatarJan Kara <jack@suse.cz>
Signed-off-by: default avatarJulian Sun <sunjunchao2870@gmail.com>
Link: https://lore.kernel.org/stable/20240920122851.215641-1-sunjunchao2870%40gmail.com
Link: https://lore.kernel.org/r/20240920122851.215641-1-sunjunchao2870@gmail.com


Reviewed-by: default avatarChristoph Hellwig <hch@lst.de>
Reviewed-by: default avatarDarrick J. Wong <djwong@kernel.org>
Rule: add
Signed-off-by: default avatarChristian Brauner <brauner@kernel.org>
parent 953a8ecf
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment