vfs: check file ranges before cloning files

Move the file range checks from vfs_clone_file_prep into a separate generic_remap_checks function so that all the checks are collected in a central location. This forms the basis for adding more checks from generic_write_checks that will make cloning's input checking more consistent with write input checking. Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com> Reviewed-by: Christoph Hellwig <hch@lst.de> Reviewed-by: Amir Goldstein <amir73il@gmail.com> Signed-off-by: Dave Chinner <david@fromorbit.com>
author: Darrick J. Wong <darrick.wong@oracle.com> 2018-10-29 19:40:31 -0400
committer: Dave Chinner <david@fromorbit.com> 2018-10-29 19:40:31 -0400
commit: 1383a7ed67490fb00d793e36c7a4d599ff88a64d (patch)
tree: 048373f94325388a84358370707718d5c15366a6 /fs/read_write.c
parent: 5b49f64db299d0b3f7c2170088186aa593d0be7d (diff)
1 files changed, 13 insertions, 42 deletions
diff --git a/fs/read_write.c b/fs/read_write.c
index 260797b01851..d6e8e242a15f 100644
--- a/fs/read_write.c
+++ b/fs/read_write.c
@@ -1717,13 +1717,12 @@ static int clone_verify_area(struct file *file, loff_t pos, u64 len, bool write)
 * Returns: 0 for "nothing to clone", 1 for "something to clone", or
 * the usual negative error code.
 */
-int vfs_clone_file_prep_inodes(struct inode *inode_in, loff_t pos_in,
+int vfs_clone_file_prep(struct file *file_in, loff_t pos_in,
-                               struct inode *inode_out, loff_t pos_out,
+                        struct file *file_out, loff_t pos_out,
-                               u64 *len, bool is_dedupe)
+                        u64 *len, bool is_dedupe)
 {
-        loff_t bs = inode_out->i_sb->s_blocksize;
+        struct inode *inode_in = file_inode(file_in);
-        loff_t blen;
+        struct inode *inode_out = file_inode(file_out);
-        loff_t isize;
        bool same_inode = (inode_in == inode_out);
        int ret;
@@ -1740,10 +1739,10 @@ int vfs_clone_file_prep_inodes(struct inode *inode_in, loff_t pos_in,
        if (!S_ISREG(inode_in->i_mode) || !S_ISREG(inode_out->i_mode))
                return -EINVAL;
-        isize = i_size_read(inode_in);
        /* Zero length dedupe exits immediately; reflink goes to EOF. */
        if (*len == 0) {
+                loff_t isize = i_size_read(inode_in);
                if (is_dedupe || pos_in == isize)
                        return 0;
                if (pos_in > isize)
@@ -1751,36 +1750,11 @@ int vfs_clone_file_prep_inodes(struct inode *inode_in, loff_t pos_in,
                *len = isize - pos_in;
        }
-        /* Ensure offsets don't wrap and the input is inside i_size */
+        /* Check that we don't violate system file offset limits. */
-        if (pos_in + *len < pos_in || pos_out + *len < pos_out ||
+        ret = generic_remap_checks(file_in, pos_in, file_out, pos_out, len,
-            pos_in + *len > isize)
+                        is_dedupe);
-                return -EINVAL;
+        if (ret)
+                return ret;
-        /* Don't allow dedupe past EOF in the dest file */
-        if (is_dedupe) {
-                loff_t  disize;
-                disize = i_size_read(inode_out);
-                if (pos_out >= disize || pos_out + *len > disize)
-                        return -EINVAL;
-        }
-        /* If we're linking to EOF, continue to the block boundary. */
-        if (pos_in + *len == isize)
-                blen = ALIGN(isize, bs) - pos_in;
-        else
-                blen = *len;
-        /* Only reflink if we're aligned to block boundaries */
-        if (!IS_ALIGNED(pos_in, bs) || !IS_ALIGNED(pos_in + blen, bs) ||
-            !IS_ALIGNED(pos_out, bs) || !IS_ALIGNED(pos_out + blen, bs))
-                return -EINVAL;
-        /* Don't allow overlapped reflink within the same file */
-        if (same_inode) {
-                if (pos_out + blen > pos_in && pos_out < pos_in + blen)
-                        return -EINVAL;
-        }
        /* Wait for the completion of any pending IOs on both files */
        inode_dio_wait(inode_in);
@@ -1813,7 +1787,7 @@ int vfs_clone_file_prep_inodes(struct inode *inode_in, loff_t pos_in,
        return 1;
 }
-EXPORT_SYMBOL(vfs_clone_file_prep_inodes);
+EXPORT_SYMBOL(vfs_clone_file_prep);
 int do_clone_file_range(struct file *file_in, loff_t pos_in,
                        struct file *file_out, loff_t pos_out, u64 len)
@@ -1851,9 +1825,6 @@ int do_clone_file_range(struct file *file_in, loff_t pos_in,
        if (ret)
                return ret;
-        if (pos_in + len > i_size_read(inode_in))
-                return -EINVAL;
        ret = file_in->f_op->clone_file_range(file_in, pos_in,
                        file_out, pos_out, len);
        if (!ret) {
author	Darrick J. Wong <darrick.wong@oracle.com>	2018-10-29 19:40:31 -0400
committer	Dave Chinner <david@fromorbit.com>	2018-10-29 19:40:31 -0400
commit	1383a7ed67490fb00d793e36c7a4d599ff88a64d (patch)
tree	048373f94325388a84358370707718d5c15366a6 /fs/read_write.c
parent	5b49f64db299d0b3f7c2170088186aa593d0be7d (diff)

diff --git a/fs/read_write.c b/fs/read_write.c index 260797b01851..d6e8e242a15f 100644 --- a/fs/read_write.c +++ b/fs/read_write.c
@@ -1717,13 +1717,12 @@ static int clone_verify_area(struct file *file, loff_t pos, u64 len, bool write)
1717	* Returns: 0 for "nothing to clone", 1 for "something to clone", or	1717	* Returns: 0 for "nothing to clone", 1 for "something to clone", or
1718	* the usual negative error code.	1718	* the usual negative error code.
1719	*/	1719	*/
1720	int vfs_clone_file_prep_inodes(struct inode *inode_in, loff_t pos_in,	1720	int vfs_clone_file_prep(struct file *file_in, loff_t pos_in,
1721	struct inode *inode_out, loff_t pos_out,	1721	struct file *file_out, loff_t pos_out,
1722	u64 *len, bool is_dedupe)	1722	u64 *len, bool is_dedupe)
1723	{	1723	{
1724	loff_t bs = inode_out->i_sb->s_blocksize;	1724	struct inode *inode_in = file_inode(file_in);
1725	loff_t blen;	1725	struct inode *inode_out = file_inode(file_out);
1726	loff_t isize;
1727	bool same_inode = (inode_in == inode_out);	1726	bool same_inode = (inode_in == inode_out);
1728	int ret;	1727	int ret;
1729		1728
@@ -1740,10 +1739,10 @@ int vfs_clone_file_prep_inodes(struct inode *inode_in, loff_t pos_in,
1740	if (!S_ISREG(inode_in->i_mode) \|\| !S_ISREG(inode_out->i_mode))	1739	if (!S_ISREG(inode_in->i_mode) \|\| !S_ISREG(inode_out->i_mode))
1741	return -EINVAL;	1740	return -EINVAL;
1742		1741
1743	isize = i_size_read(inode_in);
1744
1745	/* Zero length dedupe exits immediately; reflink goes to EOF. */	1742	/* Zero length dedupe exits immediately; reflink goes to EOF. */
1746	if (*len == 0) {	1743	if (*len == 0) {
		1744	loff_t isize = i_size_read(inode_in);
		1745
1747	if (is_dedupe \|\| pos_in == isize)	1746	if (is_dedupe \|\| pos_in == isize)
1748	return 0;	1747	return 0;
1749	if (pos_in > isize)	1748	if (pos_in > isize)
@@ -1751,36 +1750,11 @@ int vfs_clone_file_prep_inodes(struct inode *inode_in, loff_t pos_in,
1751	*len = isize - pos_in;	1750	*len = isize - pos_in;
1752	}	1751	}
1753		1752
1754	/* Ensure offsets don't wrap and the input is inside i_size */	1753	/* Check that we don't violate system file offset limits. */
1755	if (pos_in + len < pos_in \|\| pos_out + len < pos_out \|\|	1754	ret = generic_remap_checks(file_in, pos_in, file_out, pos_out, len,
1756	pos_in + *len > isize)	1755	is_dedupe);
1757	return -EINVAL;	1756	if (ret)
1758		1757	return ret;
1759	/* Don't allow dedupe past EOF in the dest file */
1760	if (is_dedupe) {
1761	loff_t disize;
1762
1763	disize = i_size_read(inode_out);
1764	if (pos_out >= disize \|\| pos_out + *len > disize)
1765	return -EINVAL;
1766	}
1767
1768	/* If we're linking to EOF, continue to the block boundary. */
1769	if (pos_in + *len == isize)
1770	blen = ALIGN(isize, bs) - pos_in;
1771	else
1772	blen = *len;
1773
1774	/* Only reflink if we're aligned to block boundaries */
1775	if (!IS_ALIGNED(pos_in, bs) \|\| !IS_ALIGNED(pos_in + blen, bs) \|\|
1776	!IS_ALIGNED(pos_out, bs) \|\| !IS_ALIGNED(pos_out + blen, bs))
1777	return -EINVAL;
1778
1779	/* Don't allow overlapped reflink within the same file */
1780	if (same_inode) {
1781	if (pos_out + blen > pos_in && pos_out < pos_in + blen)
1782	return -EINVAL;
1783	}
1784		1758
1785	/* Wait for the completion of any pending IOs on both files */	1759	/* Wait for the completion of any pending IOs on both files */
1786	inode_dio_wait(inode_in);	1760	inode_dio_wait(inode_in);
@@ -1813,7 +1787,7 @@ int vfs_clone_file_prep_inodes(struct inode *inode_in, loff_t pos_in,
1813		1787
1814	return 1;	1788	return 1;
1815	}	1789	}
1816	EXPORT_SYMBOL(vfs_clone_file_prep_inodes);	1790	EXPORT_SYMBOL(vfs_clone_file_prep);
1817		1791
1818	int do_clone_file_range(struct file *file_in, loff_t pos_in,	1792	int do_clone_file_range(struct file *file_in, loff_t pos_in,
1819	struct file *file_out, loff_t pos_out, u64 len)	1793	struct file *file_out, loff_t pos_out, u64 len)
@@ -1851,9 +1825,6 @@ int do_clone_file_range(struct file *file_in, loff_t pos_in,
1851	if (ret)	1825	if (ret)
1852	return ret;	1826	return ret;
1853		1827
1854	if (pos_in + len > i_size_read(inode_in))
1855	return -EINVAL;
1856
1857	ret = file_in->f_op->clone_file_range(file_in, pos_in,	1828	ret = file_in->f_op->clone_file_range(file_in, pos_in,
1858	file_out, pos_out, len);	1829	file_out, pos_out, len);
1859	if (!ret) {	1830	if (!ret) {