ceph: add additional range check in ceph_fallocate()

If the range is larger than both real file size and limit of
max file size, then return -EFBIG.

Signed-off-by: Chengguang Xu <cgxu519@gmx.com>
Reviewed-by: "Yan, Zheng" <zyan@redhat.com>
Signed-off-by: Ilya Dryomov <idryomov@gmail.com>

1 files changed, 5 insertions, 3 deletions

diff --git a/fs/ceph/file.c b/fs/ceph/file.c
index 2f3a30ca94bf..2c54d2674db6 100644
--- a/fs/ceph/file.c
+++ b/fs/ceph/file.c
@@ -1728,8 +1728,7 @@ static long ceph_fallocate(struct file *file, int mode,
         struct ceph_file_info *fi = file->private_data;
         struct inode *inode = file_inode(file);
         struct ceph_inode_info *ci = ceph_inode(inode);
-        struct ceph_osd_client *osdc =
-                &ceph_inode_to_client(inode)->client->osdc;
+        struct ceph_fs_client *fsc = ceph_inode_to_client(inode);
         struct ceph_cap_flush *prealloc_cf;
         int want, got = 0;
         int dirty;
@@ -1737,6 +1736,9 @@ static long ceph_fallocate(struct file *file, int mode,
         loff_t endoff = 0;
         loff_t size;
 
+        if ((offset + length) > max(i_size_read(inode), fsc->max_file_size))
+                return -EFBIG;
+
         if (mode & ~(FALLOC_FL_KEEP_SIZE | FALLOC_FL_PUNCH_HOLE))
                 return -EOPNOTSUPP;
 
@@ -1760,7 +1762,7 @@ static long ceph_fallocate(struct file *file, int mode,
                 goto unlock;
         }
 
-        if (ceph_osdmap_flag(osdc, CEPH_OSDMAP_FULL) &&
+        if (ceph_osdmap_flag(&fsc->client->osdc, CEPH_OSDMAP_FULL) &&
             !(mode & FALLOC_FL_PUNCH_HOLE)) {
                 ret = -ENOSPC;
                 goto unlock;