From: David Sterba Date: Tue, 6 Jan 2026 16:20:28 +0000 (+0100) Subject: btrfs: use common eb range validation in read_extent_buffer_to_user_nofault() X-Git-Tag: v7.1-rc1~231^2~16 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=463626a2eccffc8945c73bc9361367ae4d8779a7;p=thirdparty%2Fkernel%2Flinux.git btrfs: use common eb range validation in read_extent_buffer_to_user_nofault() The extent buffer access is checked in other helpers by check_eb_range(), which validates the requested start, length against the extent buffer. While this almost never fails we should still handle it as an error and not just warn. Reviewed-by: Boris Burkov Signed-off-by: David Sterba --- diff --git a/fs/btrfs/extent_io.c b/fs/btrfs/extent_io.c index 211a0aa03afbb..9d7ca80477fda 100644 --- a/fs/btrfs/extent_io.c +++ b/fs/btrfs/extent_io.c @@ -4061,8 +4061,8 @@ int read_extent_buffer_to_user_nofault(const struct extent_buffer *eb, unsigned long i; int ret = 0; - WARN_ON(start > eb->len); - WARN_ON(start + len > eb->start + eb->len); + if (check_eb_range(eb, start, len)) + return -EINVAL; if (eb->addr) { if (copy_to_user_nofault(dstv, eb->addr + start, len))