fs/ntfs3: Fix WARNING in ntfs_extend_initialized_size

Syzbot reported a WARNING in ntfs_extend_initialized_size.
The data type of in->i_valid and to is u64 in ntfs_file_mmap().
If their values are greater than LLONG_MAX, overflow will occur because
the data types of the parameters valid and new_valid corresponding to
the function ntfs_extend_initialized_size() are loff_t.

Before calling ntfs_extend_initialized_size() in the ntfs_file_mmap(),
the "ni->i_valid < to" has been determined, so the same WARN_ON determination
is not required in ntfs_extend_initialized_size().
Just execute the ntfs_extend_initialized_size() in ntfs_extend() to make
a WARN_ON check.

Reported-and-tested-by: syzbot+e37dd1dfc814b10caa55@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=e37dd1dfc814b10caa55
Signed-off-by: Edward Adam Davis <eadavis@qq.com>
Signed-off-by: Konstantin Komarov <almaz.alexandrovich@paragon-software.com>

diff --git a/fs/ntfs3/file.c b/fs/ntfs3/file.c
index d3a31bad21f9d573d70e2af767374ce3e6c9c73d..4d9d84cc3c6f558be0874d4d75f16726a5a5aa7a 100644 (file)
--- a/fs/ntfs3/file.c
+++ b/fs/ntfs3/file.c
@@ -412,6 +412,7 @@ static int ntfs_extend(struct inode *inode, loff_t pos, size_t count,
        }
 
        if (extend_init && !is_compressed(ni)) {
+               WARN_ON(ni->i_valid >= pos);
                err = ntfs_extend_initialized_size(file, ni, ni->i_valid, pos);
                if (err)
                        goto out;