[PATCH] ext4: Fix overflow when updating superblock backups after resize

[PATCH] ext4: Fix overflow when updating superblock backups after resize

[Jan Kara]

When there are no meta block groups update_backups() will compute the
backup block in 32-bit arithmetics thus possibly overflowing the block
number and corrupting the filesystem. OTOH filesystems without meta
block groups larger than 16 TB should be rare. Fix the problem by doing
the counting in 64-bit arithmetics.

Coverity-id: 741252
CC: stable@vger.kernel.org
Signed-off-by: Jan Kara <jack@suse.cz>
---
 fs/ext4/resize.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fs/ext4/resize.c b/fs/ext4/resize.c
index f298c60f907d..ca4588388fc3 100644
--- a/fs/ext4/resize.c
+++ b/fs/ext4/resize.c
@@ -1081,7 +1081,7 @@ static void update_backups(struct super_block *sb, int blk_off, char *data,
 			break;
 
 		if (meta_bg == 0)
-			backup_block = group * bpg + blk_off;
+			backup_block = ((ext4_fsblk_t)group) * bpg + blk_off;
 		else
 			backup_block = (ext4_group_first_block_no(sb, group) +
 					ext4_bg_has_super(sb, group));
-- 
1.8.1.4

Re: [PATCH] ext4: Fix overflow when updating superblock backups after resize

[Lukáš Czerner]

On Wed, 22 Oct 2014, Jan Kara wrote:

> Date: Wed, 22 Oct 2014 16:29:08 +0200
> From: Jan Kara <jack@suse.cz>
> To: Ted Tso <tytso@mit.edu>
> Cc: linux-ext4@vger.kernel.org, Jan Kara <jack@suse.cz>,
>     stable@vger.kernel.org
> Subject: [PATCH] ext4: Fix overflow when updating superblock backups after
>     resize
> 
> When there are no meta block groups update_backups() will compute the
> backup block in 32-bit arithmetics thus possibly overflowing the block
> number and corrupting the filesystem. OTOH filesystems without meta
> block groups larger than 16 TB should be rare. Fix the problem by doing
> the counting in 64-bit arithmetics.

Looks good, thanks.

Reviewed-by: Lukas Czerner <lczerner@redhat.com>

> 
> Coverity-id: 741252
> CC: stable@vger.kernel.org
> Signed-off-by: Jan Kara <jack@suse.cz>
> ---
>  fs/ext4/resize.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/fs/ext4/resize.c b/fs/ext4/resize.c
> index f298c60f907d..ca4588388fc3 100644
> --- a/fs/ext4/resize.c
> +++ b/fs/ext4/resize.c
> @@ -1081,7 +1081,7 @@ static void update_backups(struct super_block *sb, int blk_off, char *data,
>  			break;
>  
>  		if (meta_bg == 0)
> -			backup_block = group * bpg + blk_off;
> +			backup_block = ((ext4_fsblk_t)group) * bpg + blk_off;
>  		else
>  			backup_block = (ext4_group_first_block_no(sb, group) +
>  					ext4_bg_has_super(sb, group));
> 

Re: [PATCH] ext4: Fix overflow when updating superblock backups after resize

[Theodore Ts'o]

On Wed, Oct 22, 2014 at 05:00:47PM +0200, Lukáš Czerner wrote:
> On Wed, 22 Oct 2014, Jan Kara wrote:
> > When there are no meta block groups update_backups() will compute the
> > backup block in 32-bit arithmetics thus possibly overflowing the block
> > number and corrupting the filesystem. OTOH filesystems without meta
> > block groups larger than 16 TB should be rare. Fix the problem by doing
> > the counting in 64-bit arithmetics.
> 
> Looks good, thanks.
> 
> Reviewed-by: Lukas Czerner <lczerner@redhat.com>

Thanks, applied.

					- Ted