linux/fs
David Howells e2ebff9c57 vfs: Check the truncate maximum size in inode_newsize_ok()
If something manages to set the maximum file size to MAX_OFFSET+1, this
can cause the xfs and ext4 filesystems at least to become corrupt.

Ordinarily, the kernel protects against userspace trying this by
checking the value early in the truncate() and ftruncate() system calls
calls - but there are at least two places that this check is bypassed:

 (1) Cachefiles will round up the EOF of the backing file to DIO block
     size so as to allow DIO on the final block - but this might push
     the offset negative. It then calls notify_change(), but this
     inadvertently bypasses the checking. This can be triggered if
     someone puts an 8EiB-1 file on a server for someone else to try and
     access by, say, nfs.

 (2) ksmbd doesn't check the value it is given in set_end_of_file_info()
     and then calls vfs_truncate() directly - which also bypasses the
     check.

In both cases, it is potentially possible for a network filesystem to
cause a disk filesystem to be corrupted: cachefiles in the client's
cache filesystem; ksmbd in the server's filesystem.

nfsd is okay as it checks the value, but we can then remove this check
too.

Fix this by adding a check to inode_newsize_ok(), as called from
setattr_prepare(), thereby catching the issue as filesystems set up to
perform the truncate with minimal opportunity for bypassing the new
check.

Fixes: 1f08c925e7 ("cachefiles: Implement backing file wrangling")
Fixes: f441584858 ("cifsd: add file operations")
Signed-off-by: David Howells <dhowells@redhat.com>
Reported-by: Jeff Layton <jlayton@kernel.org>
Tested-by: Jeff Layton <jlayton@kernel.org>
Reviewed-by: Namjae Jeon <linkinjeon@kernel.org>
Cc: stable@kernel.org
Acked-by: Alexander Viro <viro@zeniv.linux.org.uk>
cc: Steve French <sfrench@samba.org>
cc: Hyunchul Lee <hyc.lee@gmail.com>
cc: Chuck Lever <chuck.lever@oracle.com>
cc: Dave Wysochanski <dwysocha@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2022-08-08 10:39:29 -07:00
..
9p 9p: Fix some kernel-doc comments 2022-07-02 18:52:21 +09:00
adfs fs: Convert block_read_full_page() to block_read_full_folio() 2022-05-09 16:21:44 -04:00
affs affs: use memcpy_to_page and remove replace kmap_atomic() 2022-08-01 19:53:31 +02:00
afs Folio changes for 6.0 2022-08-03 10:35:43 -07:00
autofs autofs: remove unused ino field inode 2022-07-17 17:31:42 -07:00
befs befs: Convert befs_symlink_read_folio() to use a folio 2022-08-02 12:34:03 -04:00
bfs fs: Convert block_read_full_page() to block_read_full_folio() 2022-05-09 16:21:44 -04:00
btrfs - The usual batches of cleanups from Baoquan He, Muchun Song, Miaohe 2022-08-05 16:32:45 -07:00
cachefiles cachefiles: narrow the scope of flushed requests when releasing fd 2022-07-05 16:12:21 +01:00
ceph netfs: do not unlock and put the folio twice 2022-07-14 10:10:12 +02:00
cifs cifs: update internal module number 2022-08-05 11:24:17 -05:00
coda coda: Convert coda_symlink_filler() to use a folio 2022-08-02 12:34:03 -04:00
configfs configfs: fix a race in configfs_{,un}register_subsystem() 2022-02-22 18:30:28 +01:00
cramfs cramfs: read_mapping_page() is synchronous 2022-08-02 12:34:02 -04:00
crypto fscrypt: Add HCTR2 support for filename encryption 2022-06-10 16:40:18 +08:00
debugfs debugfs: Document that debugfs_create functions need not be error checked 2022-02-25 11:56:13 +01:00
devpts fsnotify: fix fsnotify hooks in pseudo filesystems 2022-01-24 14:17:02 +01:00
dlm fs: dlm: move kref_put assert for lkb structs 2022-08-01 09:31:46 -05:00
ecryptfs ecryptfs: Convert ecryptfs to read_folio 2022-05-09 16:21:45 -04:00
efivarfs efi: vars: Move efivar caching layer into efivarfs 2022-06-24 20:40:19 +02:00
efs efs: Convert efs symlinks to read_folio 2022-05-09 16:21:45 -04:00
erofs - The usual batches of cleanups from Baoquan He, Muchun Song, Miaohe 2022-08-05 16:32:45 -07:00
exfat exfat: use updated exfat_chain directly during renaming 2022-06-09 21:26:32 +09:00
exportfs exportfs: support idmapped mounts 2022-04-28 16:31:10 +02:00
ext2 - The usual batches of cleanups from Baoquan He, Muchun Song, Miaohe 2022-08-05 16:32:45 -07:00
ext4 - The usual batches of cleanups from Baoquan He, Muchun Song, Miaohe 2022-08-05 16:32:45 -07:00
f2fs - The usual batches of cleanups from Baoquan He, Muchun Song, Miaohe 2022-08-05 16:32:45 -07:00
fat Updates to various subsystems which I help look after. lib, ocfs2, 2022-08-07 10:03:24 -07:00
freevxfs freevxfs: Convert vxfs_immed_read_folio() to use a folio 2022-08-02 12:34:03 -04:00
fscache fscache: Fix invalidation/lookup race 2022-07-05 16:12:55 +01:00
fuse iocb: delay evaluation of IS_SYNC(...) until we want to check IOCB_DSYNC 2022-06-10 16:05:15 -04:00
gfs2 gfs2 fixes 2022-08-06 14:44:49 -07:00
hfs hfs: Remove check for PageError 2022-06-29 08:51:06 -04:00
hfsplus Folio changes for 6.0 2022-08-03 10:35:43 -07:00
hostfs hostfs: Handle page write errors correctly 2022-08-02 12:34:02 -04:00
hpfs hpfs: Convert symlinks to read_folio 2022-05-09 16:21:45 -04:00
hugetlbfs - The usual batches of cleanups from Baoquan He, Muchun Song, Miaohe 2022-08-05 16:32:45 -07:00
iomap New code for 5.20: 2022-08-03 15:16:49 -07:00
isofs fs/buffer: Combine two submit_bh() and ll_rw_block() arguments 2022-07-14 12:14:32 -06:00
jbd2 - The usual batches of cleanups from Baoquan He, Muchun Song, Miaohe 2022-08-05 16:32:45 -07:00
jffs2 This pull request contains fixes for JFFS2, UBI and UBIFS 2022-06-03 14:42:24 -07:00
jfs Folio changes for 6.0 2022-08-03 10:35:43 -07:00
kernfs kernfs: Fix typo 'the the' in comment 2022-07-28 10:57:25 +02:00
ksmbd acl: move idmapped mount fixup into vfs_{g,s}etxattr() 2022-07-15 22:08:59 +02:00
lockd lockd: fix nlm_close_files 2022-07-11 15:49:56 -04:00
minix fs: Convert block_read_full_page() to block_read_full_folio() 2022-05-09 16:21:44 -04:00
netfs netfs: do not unlock and put the folio twice 2022-07-14 10:10:12 +02:00
nfs - The usual batches of cleanups from Baoquan He, Muchun Song, Miaohe 2022-08-05 16:32:45 -07:00
nfs_common
nfsd - The usual batches of cleanups from Baoquan He, Muchun Song, Miaohe 2022-08-05 16:32:45 -07:00
nilfs2 Folio changes for 6.0 2022-08-03 10:35:43 -07:00
nls
notify fsnotify: Fix comment typo 2022-07-26 13:38:47 +02:00
ntfs Folio changes for 6.0 2022-08-03 10:35:43 -07:00
ntfs3 Folio changes for 6.0 2022-08-03 10:35:43 -07:00
ocfs2 Updates to various subsystems which I help look after. lib, ocfs2, 2022-08-07 10:03:24 -07:00
omfs fs: Convert block_read_full_page() to block_read_full_folio() 2022-05-09 16:21:44 -04:00
openpromfs fs: allocate inode by using alloc_inode_sb() 2022-03-22 15:57:03 -07:00
orangefs orangefs: Remove test for folio error 2022-06-29 08:51:07 -04:00
overlayfs Saner handling of "lseek should fail with ESPIPE" - gets rid of 2022-08-03 11:35:20 -07:00
proc Updates to various subsystems which I help look after. lib, ocfs2, 2022-08-07 10:03:24 -07:00
pstore EFI updates for v5.20 2022-08-03 14:38:02 -07:00
qnx4 fs: Convert block_read_full_page() to block_read_full_folio() 2022-05-09 16:21:44 -04:00
qnx6 fs: Convert mpage_readpage to mpage_read_folio 2022-05-09 16:21:44 -04:00
quota - The usual batches of cleanups from Baoquan He, Muchun Song, Miaohe 2022-08-05 16:32:45 -07:00
ramfs
reiserfs Folio changes for 6.0 2022-08-03 10:35:43 -07:00
romfs romfs: Convert romfs to read_folio 2022-05-09 16:21:46 -04:00
smbfs_common Add various fsctl structs 2022-05-23 20:24:12 -05:00
squashfs Updates to various subsystems which I help look after. lib, ocfs2, 2022-08-07 10:03:24 -07:00
sysfs kobject: kobj_type: remove default_attrs 2022-04-05 15:39:19 +02:00
sysv Not a lot of material this cycle. Many singleton patches against various 2022-05-27 11:22:03 -07:00
tracefs tracefs: Fix syntax errors in comments 2022-06-17 19:01:28 -04:00
ubifs - The usual batches of cleanups from Baoquan He, Muchun Song, Miaohe 2022-08-05 16:32:45 -07:00
udf fs/buffer: Combine two submit_bh() and ll_rw_block() arguments 2022-07-14 12:14:32 -06:00
ufs Folio changes for 6.0 2022-08-03 10:35:43 -07:00
unicode kbuild: unify cmd_copy and cmd_shipped 2022-02-14 10:37:32 +09:00
vboxsf vboxsf: Convert vboxsf to read_folio 2022-05-09 16:21:46 -04:00
verity fs-verity: mention btrfs support 2022-07-15 23:42:30 -07:00
xfs - The usual batches of cleanups from Baoquan He, Muchun Song, Miaohe 2022-08-05 16:32:45 -07:00
zonefs zonefs changes for 5.20-rc1 2022-08-03 15:21:53 -07:00
aio.c iov_iter work, part 1 - isolated cleanups and optimizations. 2022-08-03 13:50:22 -07:00
anon_inodes.c
attr.c vfs: Check the truncate maximum size in inode_newsize_ok() 2022-08-08 10:39:29 -07:00
bad_inode.c
binfmt_aout.c
binfmt_elf_fdpic.c coredump: Snapshot the vmas in do_coredump 2022-03-08 12:55:29 -06:00
binfmt_elf_test.c binfmt_elf: Introduce KUnit test 2022-03-03 20:38:56 -08:00
binfmt_elf.c revert "fs/binfmt_elf: use PT_LOAD p_align values for static PIE" 2022-04-15 14:49:56 -07:00
binfmt_flat.c binfmt_flat: Remove shared library support 2022-04-22 10:57:18 -07:00
binfmt_misc.c Fix regression due to "fs: move binfmt_misc sysctl to its own file" 2022-02-09 09:50:02 -08:00
binfmt_script.c
buffer.c Folio changes for 6.0 2022-08-03 10:35:43 -07:00
char_dev.c
compat_binfmt_elf.c binfmt_elf: Introduce KUnit test 2022-03-03 20:38:56 -08:00
coredump.c fs: do not compare against ->llseek 2022-07-16 09:19:15 -04:00
d_path.c
dax.c - The usual batches of cleanups from Baoquan He, Muchun Song, Miaohe 2022-08-05 16:32:45 -07:00
dcache.c fs/dcache: Move wakeup out of i_seq_dir write held region. 2022-07-30 00:38:16 -04:00
direct-io.c iov_iter work, part 1 - isolated cleanups and optimizations. 2022-08-03 13:50:22 -07:00
drop_caches.c
eventfd.c
eventpoll.c epoll: autoremove wakers even more aggressively 2022-07-17 17:31:40 -07:00
exec.c execve updates for v5.20-rc1 2022-08-02 14:36:19 -07:00
fcntl.c keep iocb_flags() result cached in struct file 2022-06-10 16:10:23 -04:00
fhandle.c
file_table.c iov_iter work, part 1 - isolated cleanups and optimizations. 2022-08-03 13:50:22 -07:00
file.c fix the breakage in close_fd_get_file() calling conventions change 2022-06-05 15:03:03 -04:00
filesystems.c
fs_context.c vfs: fs_context: fix up param length parsing in legacy_parse_param 2022-01-18 09:23:19 +02:00
fs_parser.c
fs_pin.c
fs_struct.c
fs_types.c
fs-writeback.c writeback: Fix inode->i_io_list not be protected by inode->i_lock error 2022-06-06 09:54:30 +02:00
fsopen.c uninline may_mount() and don't opencode it in fspick(2)/fsopen(2) 2022-05-19 23:25:10 -04:00
init.c
inode.c Folio changes for 6.0 2022-08-03 10:35:43 -07:00
internal.h Cleanups (and one fix) around struct mount handling. 2022-06-04 19:00:05 -07:00
ioctl.c Fixes for 5.18-rc1: 2022-04-01 19:35:56 -07:00
Kconfig mm: hugetlb_vmemmap: cleanup CONFIG_HUGETLB_PAGE_FREE_VMEMMAP* 2022-04-28 23:16:15 -07:00
Kconfig.binfmt m68knommu: changes for linux 5.19 2022-05-30 10:56:18 -07:00
kernel_read_file.c fs/kernel_read_file: allow to read files up-to ssize_t 2022-06-16 19:58:21 -07:00
libfs.c fs: Convert simple_readpage to simple_read_folio 2022-05-09 16:21:44 -04:00
locks.c fs/lock: Rearrange ops in flock syscall. 2022-07-18 10:01:47 -04:00
Makefile io_uring: move to separate directory 2022-07-24 18:39:10 -06:00
mbcache.c - The usual batches of cleanups from Baoquan He, Muchun Song, Miaohe 2022-08-05 16:32:45 -07:00
mount.h switch try_to_unlazy_next() to __legitimize_mnt() 2022-07-05 16:18:21 -04:00
mpage.c Folio changes for 6.0 2022-08-03 10:35:43 -07:00
namei.c step_into(): move fetching ->d_inode past handle_mounts() 2022-07-06 13:16:07 -04:00
namespace.c switch try_to_unlazy_next() to __legitimize_mnt() 2022-07-05 16:18:21 -04:00
no-block.c
nsfs.c
open.c iov_iter work, part 1 - isolated cleanups and optimizations. 2022-08-03 13:50:22 -07:00
pipe.c Not a lot of material this cycle. Many singleton patches against various 2022-05-27 11:22:03 -07:00
pnode.c
pnode.h
posix_acl.c acl: make posix_acl_clone() available to overlayfs 2022-07-15 22:09:57 +02:00
proc_namespace.c
read_write.c Saner handling of "lseek should fail with ESPIPE" - gets rid of 2022-08-03 11:35:20 -07:00
readdir.c
remap_range.c - The usual batches of cleanups from Baoquan He, Muchun Song, Miaohe 2022-08-05 16:32:45 -07:00
select.c select: Fix indefinitely sleeping task in poll_schedule_timeout() 2022-01-11 09:03:05 -08:00
seq_file.c rxrpc: Fix locking issue 2022-05-22 21:03:01 +01:00
signalfd.c Merge branch 'signal-for-v5.17' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace 2022-01-17 05:49:30 +02:00
splice.c fs: check FMODE_LSEEK to control internal pipe splicing 2022-07-16 09:19:16 -04:00
stack.c
stat.c RISC-V Patches for the 5.19 Merge Window, Part 1 2022-05-31 14:10:54 -07:00
statfs.c
super.c mm: shrinkers: provide shrinkers with names 2022-07-03 18:08:40 -07:00
sync.c riscv: compat: syscall: Add compat_sys_call_table implementation 2022-04-26 13:36:25 -07:00
sysctls.c fs: move namespace sysctls and declare fs base directory 2022-01-22 08:33:36 +02:00
timerfd.c
userfaultfd.c - The usual batches of cleanups from Baoquan He, Muchun Song, Miaohe 2022-08-05 16:32:45 -07:00
utimes.c
xattr.c acl: move idmapped mount fixup into vfs_{g,s}etxattr() 2022-07-15 22:08:59 +02:00