Re: [syzbot] [ext4?] kernel BUG in ext4_write_inline_data (2)
From: Nicolas Bretz
Date: Fri Nov 22 2024 - 14:21:11 EST
#syz test
From f4baf29ec7942e89f010133d7e848ba69d7f77f1 Mon Sep 17 00:00:00 2001
From: Nicolas Bretz <bretznic@xxxxxxxxx>
Date: Fri, 22 Nov 2024 08:23:38 -0700
Subject: [PATCH] ext4: kernel BUG in ext4_write_inline_data
kernel BUG at fs/ext4/inline.c:235!
Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN NOPTI
Reported-by: syzbot+fe2a25dae02a207717a0@xxxxxxxxxxxxxxxxxxxxxxxxx
Signed-off-by: Nicolas Bretz <bretznic@xxxxxxxxx>
---
fs/ext4/ext4.h | 6 ++++++
fs/ext4/inline.c | 2 +-
fs/ext4/inode.c | 3 ++-
3 files changed, 9 insertions(+), 2 deletions(-)
diff --git a/fs/ext4/ext4.h b/fs/ext4/ext4.h
index 44b0d418143c..b9d128243286 100644
--- a/fs/ext4/ext4.h
+++ b/fs/ext4/ext4.h
@@ -3562,6 +3562,12 @@ extern int ext4_get_max_inline_size(struct inode *inode);
extern int ext4_find_inline_data_nolock(struct inode *inode);
extern int ext4_destroy_inline_data(handle_t *handle, struct inode *inode);
+static inline bool ext4_inline_possible(struct inode *inode,
+ loff_t pos, unsigned int len)
+{
+ return pos + len <= ext4_get_max_inline_size(inode);
+}
+
int ext4_readpage_inline(struct inode *inode, struct folio *folio);
extern int ext4_try_to_write_inline_data(struct address_space *mapping,
struct inode *inode,
diff --git a/fs/ext4/inline.c b/fs/ext4/inline.c
index 3536ca7e4fcc..ec25f066a2c2 100644
--- a/fs/ext4/inline.c
+++ b/fs/ext4/inline.c
@@ -668,7 +668,7 @@ int ext4_try_to_write_inline_data(struct address_space *mapping,
struct folio *folio;
struct ext4_iloc iloc;
- if (pos + len > ext4_get_max_inline_size(inode))
+ if (!ext4_inline_possible(inode, pos, len))
goto convert;
ret = ext4_get_inode_loc(inode, &iloc);
diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c
index 54bdd4884fe6..d4c0e0a42b8e 100644
--- a/fs/ext4/inode.c
+++ b/fs/ext4/inode.c
@@ -3061,7 +3061,8 @@ static int ext4_da_write_end(struct file *file,
if (write_mode != CONVERT_INLINE_DATA &&
ext4_test_inode_state(inode, EXT4_STATE_MAY_INLINE_DATA) &&
- ext4_has_inline_data(inode))
+ ext4_has_inline_data(inode) &&
+ ext4_inline_possible(inode, pos, len))
return ext4_write_inline_data_end(inode, pos, len, copied,
folio);
--
2.39.5