Re: [PATCH v21 02/30] splice: Make filemap_splice_read() check s_maxbytes

[Christian Brauner]

On Sat, May 20, 2023 at 01:00:21AM +0100, David Howells wrote:
> Make filemap_splice_read() check s_maxbytes analogously to filemap_read().
> 
> Signed-off-by: David Howells <dhowells@xxxxxxxxxx>
> cc: Christoph Hellwig <hch@xxxxxx>
> cc: Steve French <stfrench@xxxxxxxxxxxxx>
> cc: Jens Axboe <axboe@xxxxxxxxx>
> cc: Al Viro <viro@xxxxxxxxxxxxxxxxxx>
> cc: David Hildenbrand <david@xxxxxxxxxx>
> cc: John Hubbard <jhubbard@xxxxxxxxxx>
> cc: linux-mm@xxxxxxxxx
> cc: linux-block@xxxxxxxxxxxxxxx
> cc: linux-fsdevel@xxxxxxxxxxxxxxx
> ---
>  mm/filemap.c | 3 +++
>  1 file changed, 3 insertions(+)
> 
> diff --git a/mm/filemap.c b/mm/filemap.c
> index a2006936a6ae..0fcb0b80c2e2 100644
> --- a/mm/filemap.c
> +++ b/mm/filemap.c
> @@ -2887,6 +2887,9 @@ ssize_t filemap_splice_read(struct file *in, loff_t *ppos,
>  	bool writably_mapped;
>  	int i, error = 0;
>  
> +	if (unlikely(*ppos >= in->f_mapping->host->i_sb->s_maxbytes))

Pointer deref galore
Reviewed-by: Christian Brauner <brauner@xxxxxxxxxx>