From: Darrick J. Wong <darrick.wong@oracle.com>
Date: Thu, 24 Aug 2017 17:22:06 +0000 (-0400)
Subject: ext4: in ext4_seek_{hole,data}, return -ENXIO for negative offsets
X-Git-Tag: v3.10.108~68
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ebb33aff58b3899842e5b7d89be8bf1222a943e6;p=thirdparty%2Fkernel%2Fstable.git

ext4: in ext4_seek_{hole,data}, return -ENXIO for negative offsets

commit 1bd8d6cd3e413d64e543ec3e69ff43e75a1cf1ea upstream.

In the ext4 implementations of SEEK_HOLE and SEEK_DATA, make sure we
return -ENXIO for negative offsets instead of banging around inside
the extent code and returning -EFSCORRUPTED.

Reported-by: Mateusz S <muttdini@gmail.com>
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Cc: stable@vger.kernel.org # 4.6
Signed-off-by: Willy Tarreau <w@1wt.eu>
---

diff --git a/fs/ext4/file.c b/fs/ext4/file.c
index dfba7b38706ab..ed2badabebf00 100644
--- a/fs/ext4/file.c
+++ b/fs/ext4/file.c
@@ -421,7 +421,7 @@ static loff_t ext4_seek_data(struct file *file, loff_t offset, loff_t maxsize)
 	mutex_lock(&inode->i_mutex);
 
 	isize = i_size_read(inode);
-	if (offset >= isize) {
+	if (offset < 0 || offset >= isize) {
 		mutex_unlock(&inode->i_mutex);
 		return -ENXIO;
 	}
@@ -504,7 +504,7 @@ static loff_t ext4_seek_hole(struct file *file, loff_t offset, loff_t maxsize)
 	mutex_lock(&inode->i_mutex);
 
 	isize = i_size_read(inode);
-	if (offset >= isize) {
+	if (offset < 0 || offset >= isize) {
 		mutex_unlock(&inode->i_mutex);
 		return -ENXIO;
 	}