[lustre-devel] [PATCH 216/622] lustre: llite: ll_fault should fail for insane file offsets

James Simmons jsimmons at infradead.org
Thu Feb 27 13:11:24 PST 2020


From: Alexander Zarochentsev <c17826 at cray.com>

A page fault for a mmapped lustre file at offset large than
2^63 cause Lustre client to hang due to wrong page index
calculations from signed loff_t.
There is no need to do such calclulations but perform
page offset sanity checks in ll_fault().

Cray-bug-id: LUS-1392
WC-bug-id: https://jira.whamcloud.com/browse/LU-8299
Lustre-commit: ada3b33b52cd ("LU-8299 llite: ll_fault should fail for insane file offsets")
Signed-off-by: Alexander Zarochentsev <c17826 at cray.com>
Reviewed-on: https://review.whamcloud.com/34242
Reviewed-by: Andrew Perepechko <c17827 at cray.com>
Reviewed-by: Andreas Dilger <adilger at whamcloud.com>
Reviewed-by: Patrick Farrell <pfarrell at whamcloud.com>
Reviewed-by: James Simmons <uja.ornl at yahoo.com>
Signed-off-by: James Simmons <jsimmons at infradead.org>
---
 fs/lustre/llite/llite_mmap.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/fs/lustre/llite/llite_mmap.c b/fs/lustre/llite/llite_mmap.c
index 14080b6..236d1d2 100644
--- a/fs/lustre/llite/llite_mmap.c
+++ b/fs/lustre/llite/llite_mmap.c
@@ -373,6 +373,9 @@ static vm_fault_t ll_fault(struct vm_fault *vmf)
 	ll_stats_ops_tally(ll_i2sbi(file_inode(vma->vm_file)),
 			   LPROC_LL_FAULT, 1);
 
+	/* make sure offset is not a negative number */
+	if (vmf->pgoff > (MAX_LFS_FILESIZE >> PAGE_SHIFT))
+		return VM_FAULT_SIGBUS;
 restart:
 	result = __ll_fault(vmf->vma, vmf);
 	if (!(result & (VM_FAULT_RETRY | VM_FAULT_ERROR | VM_FAULT_LOCKED))) {
-- 
1.8.3.1



More information about the lustre-devel mailing list