[lvc-project] [PATCH] ocfs2: add extra flags check in ocfs2_ioctl_move_extents()
Joseph Qi
joseph.qi at linux.alibaba.com
Thu Oct 9 05:15:20 MSK 2025
On 2025/10/8 19:20, Dmitry Antipov wrote:
> In 'ocfs2_ioctl_move_extents()', add extra check whether only actually
> supported flags are passed via 'ioctl(..., OCFS2_IOC_MOVE_EXT, ...)',
> and reject anything beyond OCFS2_MOVE_EXT_FL_AUTO_DEFRAG and
> OCFS2_MOVE_EXT_FL_PART_DEFRAG with -EINVAL. In particular,
> OCFS2_MOVE_EXT_FL_COMPLETE may be set by the kernel only and
> should never be passed from userspace.
>
> Reported-by: syzbot+727d161855d11d81e411 at syzkaller.appspotmail.com
> Closes: https://syzkaller.appspot.com/bug?extid=727d161855d11d81e411
> Signed-off-by: Dmitry Antipov <dmantipov at yandex.ru>
> ---
> fs/ocfs2/move_extents.c | 6 ++++++
> 1 file changed, 6 insertions(+)
>
> diff --git a/fs/ocfs2/move_extents.c b/fs/ocfs2/move_extents.c
> index 86f2631e6360..e038c009cdef 100644
> --- a/fs/ocfs2/move_extents.c
> +++ b/fs/ocfs2/move_extents.c
> @@ -1031,6 +1031,12 @@ int ocfs2_ioctl_move_extents(struct file *filp, void __user *argp)
> if (range.me_threshold > i_size_read(inode))
> range.me_threshold = i_size_read(inode);
>
> + if (range.me_flags & ~(OCFS2_MOVE_EXT_FL_AUTO_DEFRAG |
> + OCFS2_MOVE_EXT_FL_PART_DEFRAG)) {
> + status = -EINVAL;
> + goto out_free;
> + }
> +
The check here looks fine.
Could you please elaborate more how it fixes the reported bug?
Thanks,
Joseph
> if (range.me_flags & OCFS2_MOVE_EXT_FL_AUTO_DEFRAG) {
> context->auto_defrag = 1;
>
More information about the lvc-project
mailing list