From patchwork Thu Jul 19 14:15:26 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Chengguang Xu <cgxu519@gmx.com>
X-Patchwork-Id: 10534615
Return-Path: <ceph-devel-owner@kernel.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	880B2600F4 for <patchwork-ceph-devel@patchwork.kernel.org>;
	Thu, 19 Jul 2018 14:16:13 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 6982329AE1
	for <patchwork-ceph-devel@patchwork.kernel.org>;
	Thu, 19 Jul 2018 14:16:13 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 5B48529AE4; Thu, 19 Jul 2018 14:16:13 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,FREEMAIL_FROM,
	MAILING_LIST_MULTI,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id EC52929AE1
	for <patchwork-ceph-devel@patchwork.kernel.org>;
	Thu, 19 Jul 2018 14:16:12 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1731751AbeGSO7e (ORCPT
	<rfc822;patchwork-ceph-devel@patchwork.kernel.org>);
	Thu, 19 Jul 2018 10:59:34 -0400
Received: from mout.gmx.net ([212.227.15.15]:53733 "EHLO mout.gmx.net"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1731743AbeGSO7e (ORCPT <rfc822;ceph-devel@vger.kernel.org>);
	Thu, 19 Jul 2018 10:59:34 -0400
Received: from localhost.localdomain ([116.30.194.72]) by mail.gmx.com
	(mrgmx001 [212.227.17.184]) with ESMTPSA (Nemesis) id
	0LtZcC-1g7cG041Ke-010r8B; Thu, 19 Jul 2018 16:16:06 +0200
From: Chengguang Xu <cgxu519@gmx.com>
To: zyan@redhat.com
Cc: idryomov@gmail.com, ceph-devel@vger.kernel.org,
	Chengguang Xu <cgxu519@gmx.com>
Subject: [PATCH v2 3/4] ceph: add additional offset check in
	ceph_write_iter()
Date: Thu, 19 Jul 2018 22:15:26 +0800
Message-Id: <20180719141527.5446-4-cgxu519@gmx.com>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20180719141527.5446-1-cgxu519@gmx.com>
References: <20180719141527.5446-1-cgxu519@gmx.com>
X-Provags-ID: V03:K1:1KXC+/V+idEXbVxMa82MFYgA+02TTzEOFE7KgR/HdCcOFlFtkYY
	7j92RAGvg7mVa7MSxebfWz3PEAcNIVckbT1Ds4PZ4ZQyqcfU/q+H6Hpn0MVPYiK3O/y8UR/
	pkDPGr0Wer7MAajI8AtfV4WRJltCKs3fm1dLNUom/pF7VFwQucdHDiLgBxAr0YanpOaI6D3
	Q0lqPybepFe928zs1Y7Wg==
X-UI-Out-Filterresults: notjunk:1; V01:K0:mexXt5rHZ2w=:wwr0UQ1VQzB8MzhhKdqFsj
	e7O544nI3jFbbhxACHV6fqkGo+Vjp/WbTiTSBJMYV2uQt1m81HbXRmb72nUBE89Gu9T5ngclv
	5QA0rYAnTSyyQ/iTsWvtLmuhHIkfIKRwPSfwZkb3GviKyTbOVqJ2D/C4wlsOQBP5zY+7Qjwey
	15YZYpoR2eiaVBKVS5bdkmxprpSedUzOYIJyDGowvn8a0zJm0+gqd3+ydoDPok1IMIXTh5AS7
	VdqxcPLdU+NXebbJNf9fplGzb0hAU4J6G1xdWqYExD2cGAQPm1zeQy3Rgay8c+CRoddEi9uAM
	Rrk7f1GlE7u907lB+cZpNdKswFAPEEZgf1wLBCTQOjq9V3DL1biww5/YOvUx36lwmM7wuFQC3
	WCq4hYIlPLdRGiPxl+xkAOZ/e8f+GMqWpVd/E+xfSovEFDFKydtDlUqPm6HpNvRjog/D88220
	rHkux0/2Ie1YvCsW71qKH50O+DMwJc4QmmZaB/36kpUVRAQ1xFFOXiaqr9MnilQkPWA7rN/jw
	ILyPiX73Uc62i3nnn5tZWKlHkm4lIiY1fHZ6W7gUxeRzIr1KlYrGzJf3srFDxVhbUOr0vULjC
	iuRhKWYsmPIEIclBnSAVnN1dbsNruHenOKav2gRMhbEmMiP4W6IZYN+f6f3BayFTHXVKX5gE2
	O+rQC91h6ApBGW0FTkwrlqvk/gG/uZGUTsmHWtzKl9q/w1DWs/xB+xVhE5fw26jXQJrFo2aZG
	54Nvy3e3b9uZAs5qYetHggUnrjtKjQ/GrLwyGWBwHVr4EfvCzStUYoWwe6o=
Sender: ceph-devel-owner@vger.kernel.org
Precedence: bulk
List-ID: <ceph-devel.vger.kernel.org>
X-Mailing-List: ceph-devel@vger.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

If the offset is larger or equal to both real file size and
max file size, then return -EFBIG.

Signed-off-by: Chengguang Xu <cgxu519@gmx.com>
---
 fs/ceph/file.c | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/fs/ceph/file.c b/fs/ceph/file.c
index e588b23681e0..7a01fe627bd7 100644
--- a/fs/ceph/file.c
+++ b/fs/ceph/file.c
@@ -1387,9 +1387,11 @@ static ssize_t ceph_write_iter(struct kiocb *iocb, struct iov_iter *from)
 	struct ceph_osd_client *osdc =
 		&ceph_sb_to_client(inode->i_sb)->client->osdc;
 	struct ceph_cap_flush *prealloc_cf;
+	struct ceph_fs_client *fsc = inode->i_sb->s_fs_info;
 	ssize_t count, written = 0;
 	int err, want, got;
 	loff_t pos;
+	loff_t limit = max(i_size_read(inode), fsc->max_file_size);
 
 	if (ceph_snap(inode) != CEPH_NOSNAP)
 		return -EROFS;
@@ -1415,6 +1417,13 @@ static ssize_t ceph_write_iter(struct kiocb *iocb, struct iov_iter *from)
 		goto out;
 
 	pos = iocb->ki_pos;
+	if (unlikely(pos >= limit)) {
+		err = -EFBIG;
+		goto out;
+	} else {
+		iov_iter_truncate(from, limit - pos);
+	}
+
 	count = iov_iter_count(from);
 	if (ceph_quota_is_max_bytes_exceeded(inode, pos + count)) {
 		err = -EDQUOT;