From 149805bf64e81de61cc027bc43e9b480c4392800 Mon Sep 17 00:00:00 2001 From: "Darrick J. Wong" Date: Thu, 12 Jun 2025 15:18:26 -0700 Subject: [PATCH] libext2fs: fix bounding error in the extent fallocate code generic/361 popped up this weird error: generic/361 [failed, exit status 1]- output mismatch (see /var/tmp/fstests/generic/361.out.bad) --- tests/generic/361.out 2025-04-30 16:20:44.563589363 -0700 +++ /var/tmp/fstests/generic/361.out.bad 2025-06-11 10:40:07.475036412 -0700 @@ -1,2 +1,2 @@ QA output created by 361 -Silence is golden +mkfs.fuse.ext4: Input/output error while writing out and closing file system ... (Run 'diff -u /run/fstests/bin/tests/generic/361.out /var/tmp/fstests/generic/361.out.bad' to see the entire diff) The test formats a small filesystem, creates a larger sparse file, loop mounts it, and tries to format an ext4 filesystem on the loopdev. The loop driver sends fallocate zero_range requests to fuse2fs, but stumbles over this extent tree layout when fallocating 16 blocks at offset 145: EXTENTS: (262128-262143[u]):2127-2142 fallocate goes to offset 145, and sees the right-extent at 262128. Oddly, it then tries to allocate 262128-145 blocks instead of the 16 that were asked for, so it tries to allocate a huge number of blocks but then crashes and burns when it runs out of space. Fix this by constraining the len parameter to ext_falloc_helper to the correct value. Cc: linux-ext4@vger.kernel.org # v1.43 Fixes: 5aad5b8e0e3cfa ("libext2fs: implement fallocate") Signed-off-by: Darrick J. Wong Link: https://lore.kernel.org/r/20250612221826.GE6134@frogsfrogsfrogs Signed-off-by: Theodore Ts'o --- lib/ext2fs/fallocate.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/lib/ext2fs/fallocate.c b/lib/ext2fs/fallocate.c index 063242c..1ef989c 100644 --- a/lib/ext2fs/fallocate.c +++ b/lib/ext2fs/fallocate.c @@ -718,7 +718,8 @@ start_again: goal = left_extent.e_pblk - (left_extent.e_lblk - start); err = ext_falloc_helper(fs, flags, ino, inode, handle, NULL, &left_extent, start, - left_extent.e_lblk - start, goal); + min(len, left_extent.e_lblk - start), + goal); if (err) goto errout; -- 1.8.3.1