There are already bugs exposed in __extent_writepage_io() where due to wrong alignment and lack of support for subpage, we can pass insane pg_offset into submit_extent_page().
Add basic size check to ensure the combination of @size and @pg_offset is sane. Signed-off-by: Qu Wenruo <w...@suse.com> --- fs/btrfs/extent_io.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/fs/btrfs/extent_io.c b/fs/btrfs/extent_io.c index be825b73ee43..ae6357a6749e 100644 --- a/fs/btrfs/extent_io.c +++ b/fs/btrfs/extent_io.c @@ -3261,6 +3261,8 @@ static int submit_extent_page(unsigned int opf, ASSERT(bio_ret); + ASSERT(pg_offset < PAGE_SIZE && size <= PAGE_SIZE && + pg_offset + size <= PAGE_SIZE); if (*bio_ret) { bio = *bio_ret; if (force_bio_submit || -- 2.31.1