From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Ritesh Harjani <riteshh@linux.ibm.com>,
Jan Kara <jack@suse.cz>, Theodore Tso <tytso@mit.edu>,
stable@kernel.org
Subject: [PATCH 5.4 41/56] ext4: fix loff_t overflow in ext4_max_bitmap_size()
Date: Mon, 4 Oct 2021 14:53:01 +0200 [thread overview]
Message-ID: <20211004125031.289331928@linuxfoundation.org> (raw)
In-Reply-To: <20211004125030.002116402@linuxfoundation.org>
From: Ritesh Harjani <riteshh@linux.ibm.com>
commit 75ca6ad408f459f00b09a64f04c774559848c097 upstream.
We should use unsigned long long rather than loff_t to avoid
overflow in ext4_max_bitmap_size() for comparison before returning.
w/o this patch sbi->s_bitmap_maxbytes was becoming a negative
value due to overflow of upper_limit (with has_huge_files as true)
Below is a quick test to trigger it on a 64KB pagesize system.
sudo mkfs.ext4 -b 65536 -O ^has_extents,^64bit /dev/loop2
sudo mount /dev/loop2 /mnt
sudo echo "hello" > /mnt/hello -> This will error out with
"echo: write error: File too large"
Signed-off-by: Ritesh Harjani <riteshh@linux.ibm.com>
Reviewed-by: Jan Kara <jack@suse.cz>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Cc: stable@kernel.org
Link: https://lore.kernel.org/r/594f409e2c543e90fd836b78188dfa5c575065ba.1622867594.git.riteshh@linux.ibm.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ext4/super.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
--- a/fs/ext4/super.c
+++ b/fs/ext4/super.c
@@ -2830,17 +2830,17 @@ static loff_t ext4_max_size(int blkbits,
*/
static loff_t ext4_max_bitmap_size(int bits, int has_huge_files)
{
- loff_t res = EXT4_NDIR_BLOCKS;
+ unsigned long long upper_limit, res = EXT4_NDIR_BLOCKS;
int meta_blocks;
- loff_t upper_limit;
- /* This is calculated to be the largest file size for a dense, block
+
+ /*
+ * This is calculated to be the largest file size for a dense, block
* mapped file such that the file's total number of 512-byte sectors,
* including data and all indirect blocks, does not exceed (2^48 - 1).
*
* __u32 i_blocks_lo and _u16 i_blocks_high represent the total
* number of 512-byte sectors of the file.
*/
-
if (!has_huge_files) {
/*
* !has_huge_files or implies that the inode i_block field
@@ -2883,7 +2883,7 @@ static loff_t ext4_max_bitmap_size(int b
if (res > MAX_LFS_FILESIZE)
res = MAX_LFS_FILESIZE;
- return res;
+ return (loff_t)res;
}
static ext4_fsblk_t descriptor_loc(struct super_block *sb,
next prev parent reply other threads:[~2021-10-04 13:18 UTC|newest]
Thread overview: 62+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-10-04 12:52 [PATCH 5.4 00/56] 5.4.151-rc1 review Greg Kroah-Hartman
2021-10-04 12:52 ` [PATCH 5.4 01/56] tty: Fix out-of-bound vmalloc access in imageblit Greg Kroah-Hartman
2021-10-04 12:52 ` [PATCH 5.4 02/56] cpufreq: schedutil: Use kobject release() method to free sugov_tunables Greg Kroah-Hartman
2021-10-04 12:52 ` [PATCH 5.4 03/56] cpufreq: schedutil: Destroy mutex before kobject_put() frees the memory Greg Kroah-Hartman
2021-10-04 12:52 ` [PATCH 5.4 04/56] usb: cdns3: fix race condition before setting doorbell Greg Kroah-Hartman
2021-10-04 12:52 ` [PATCH 5.4 05/56] fs-verity: fix signed integer overflow with i_size near S64_MAX Greg Kroah-Hartman
2021-10-04 12:52 ` [PATCH 5.4 06/56] hwmon: (w83793) Fix NULL pointer dereference by removing unnecessary structure field Greg Kroah-Hartman
2021-10-04 12:52 ` [PATCH 5.4 07/56] hwmon: (w83792d) " Greg Kroah-Hartman
2021-10-04 12:52 ` [PATCH 5.4 08/56] hwmon: (w83791d) " Greg Kroah-Hartman
2021-10-04 12:52 ` [PATCH 5.4 09/56] scsi: ufs: Fix illegal offset in UPIU event trace Greg Kroah-Hartman
2021-10-04 12:52 ` [PATCH 5.4 10/56] mac80211: fix use-after-free in CCMP/GCMP RX Greg Kroah-Hartman
2021-10-04 12:52 ` [PATCH 5.4 11/56] x86/kvmclock: Move this_cpu_pvti into kvmclock.h Greg Kroah-Hartman
2021-10-04 12:52 ` [PATCH 5.4 12/56] drm/amd/display: Pass PCI deviceid into DC Greg Kroah-Hartman
2021-10-04 12:52 ` [PATCH 5.4 13/56] ipvs: check that ip_vs_conn_tab_bits is between 8 and 20 Greg Kroah-Hartman
2021-10-04 12:52 ` [PATCH 5.4 14/56] hwmon: (mlxreg-fan) Return non-zero value when fan current state is enforced from sysfs Greg Kroah-Hartman
2021-10-04 12:52 ` [PATCH 5.4 15/56] mac80211: Fix ieee80211_amsdu_aggregate frag_tail bug Greg Kroah-Hartman
2021-10-04 12:52 ` [PATCH 5.4 16/56] mac80211: limit injected vht mcs/nss in ieee80211_parse_tx_radiotap Greg Kroah-Hartman
2021-10-04 12:52 ` [PATCH 5.4 17/56] mac80211: mesh: fix potentially unaligned access Greg Kroah-Hartman
2021-10-04 12:52 ` [PATCH 5.4 18/56] mac80211-hwsim: fix late beacon hrtimer handling Greg Kroah-Hartman
2021-10-04 12:52 ` [PATCH 5.4 19/56] sctp: break out if skb_header_pointer returns NULL in sctp_rcv_ootb Greg Kroah-Hartman
2021-10-04 12:52 ` [PATCH 5.4 20/56] hwmon: (tmp421) report /PVLD condition as fault Greg Kroah-Hartman
2021-10-04 12:52 ` [PATCH 5.4 21/56] hwmon: (tmp421) fix rounding for negative values Greg Kroah-Hartman
2021-10-04 12:52 ` [PATCH 5.4 22/56] net: ipv4: Fix rtnexthop len when RTA_FLOW is present Greg Kroah-Hartman
2021-10-04 12:52 ` [PATCH 5.4 23/56] e100: fix length calculation in e100_get_regs_len Greg Kroah-Hartman
2021-10-04 12:52 ` [PATCH 5.4 24/56] e100: fix buffer overrun in e100_get_regs Greg Kroah-Hartman
2021-10-04 12:52 ` [PATCH 5.4 25/56] selftests, bpf: test_lwt_ip_encap: Really disable rp_filter Greg Kroah-Hartman
2021-10-04 12:52 ` [PATCH 5.4 26/56] Revert "block, bfq: honor already-setup queue merges" Greg Kroah-Hartman
2021-10-04 12:52 ` [PATCH 5.4 27/56] scsi: csiostor: Add module softdep on cxgb4 Greg Kroah-Hartman
2021-10-04 12:52 ` [PATCH 5.4 28/56] net: hns3: do not allow call hns3_nic_net_open repeatedly Greg Kroah-Hartman
2021-10-04 12:52 ` [PATCH 5.4 29/56] net: phy: bcm7xxx: request and manage GPHY clock Greg Kroah-Hartman
2021-10-04 20:35 ` Florian Fainelli
2021-10-05 6:56 ` Greg Kroah-Hartman
2021-10-04 12:52 ` [PATCH 5.4 30/56] net: phy: bcm7xxx: Fixed indirect MMD operations Greg Kroah-Hartman
2021-10-04 12:52 ` [PATCH 5.4 31/56] net: sched: flower: protect fl_walk() with rcu Greg Kroah-Hartman
2021-10-04 12:52 ` [PATCH 5.4 32/56] af_unix: fix races in sk_peer_pid and sk_peer_cred accesses Greg Kroah-Hartman
2021-10-04 12:52 ` [PATCH 5.4 33/56] perf/x86/intel: Update event constraints for ICX Greg Kroah-Hartman
2021-10-04 12:52 ` [PATCH 5.4 34/56] elf: dont use MAP_FIXED_NOREPLACE for elf interpreter mappings Greg Kroah-Hartman
2021-10-04 12:52 ` [PATCH 5.4 35/56] debugfs: debugfs_create_file_size(): use IS_ERR to check for error Greg Kroah-Hartman
2021-10-04 12:52 ` [PATCH 5.4 36/56] ipack: ipoctal: fix stack information leak Greg Kroah-Hartman
2021-10-04 12:52 ` [PATCH 5.4 37/56] ipack: ipoctal: fix tty registration race Greg Kroah-Hartman
2021-10-04 12:52 ` [PATCH 5.4 38/56] ipack: ipoctal: fix tty-registration error handling Greg Kroah-Hartman
2021-10-04 12:52 ` [PATCH 5.4 39/56] ipack: ipoctal: fix missing allocation-failure check Greg Kroah-Hartman
2021-10-04 12:53 ` [PATCH 5.4 40/56] ipack: ipoctal: fix module reference leak Greg Kroah-Hartman
2021-10-04 12:53 ` Greg Kroah-Hartman [this message]
2021-10-04 12:53 ` [PATCH 5.4 42/56] ext4: fix reserved space counter leakage Greg Kroah-Hartman
2021-10-04 12:53 ` [PATCH 5.4 43/56] ext4: fix potential infinite loop in ext4_dx_readdir() Greg Kroah-Hartman
2021-10-04 12:53 ` [PATCH 5.4 44/56] HID: u2fzero: ignore incomplete packets without data Greg Kroah-Hartman
2021-10-04 12:53 ` [PATCH 5.4 45/56] net: udp: annotate data race around udp_sk(sk)->corkflag Greg Kroah-Hartman
2021-10-04 12:53 ` [PATCH 5.4 46/56] net: stmmac: dont attach interface until resume finishes Greg Kroah-Hartman
2021-10-04 12:53 ` [PATCH 5.4 47/56] PCI: Fix pci_host_bridge struct device release/free handling Greg Kroah-Hartman
2021-10-04 12:53 ` [PATCH 5.4 48/56] libnvdimm/pmem: Fix crash triggered when I/O in-flight during unbind Greg Kroah-Hartman
2021-10-04 12:53 ` [PATCH 5.4 49/56] hso: fix bailout in error case of probe Greg Kroah-Hartman
2021-10-04 12:53 ` [PATCH 5.4 50/56] usb: hso: fix error handling code of hso_create_net_device Greg Kroah-Hartman
2021-10-04 12:53 ` [PATCH 5.4 51/56] usb: hso: remove the bailout parameter Greg Kroah-Hartman
2021-10-04 12:53 ` [PATCH 5.4 52/56] crypto: ccp - fix resource leaks in ccp_run_aes_gcm_cmd() Greg Kroah-Hartman
2021-10-04 12:53 ` [PATCH 5.4 53/56] HID: betop: fix slab-out-of-bounds Write in betop_probe Greg Kroah-Hartman
2021-10-04 12:53 ` [PATCH 5.4 54/56] netfilter: ipset: Fix oversized kvmalloc() calls Greg Kroah-Hartman
2021-10-04 12:53 ` [PATCH 5.4 55/56] HID: usbhid: free raw_report buffers in usbhid_stop Greg Kroah-Hartman
2021-10-04 12:53 ` [PATCH 5.4 56/56] net: mdiobus: Fix memory leak in __mdiobus_register Greg Kroah-Hartman
2021-10-04 20:36 ` Florian Fainelli
2021-10-04 19:47 ` [PATCH 5.4 00/56] 5.4.151-rc1 review Shuah Khan
2021-10-05 2:17 ` Guenter Roeck
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20211004125031.289331928@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=jack@suse.cz \
--cc=linux-kernel@vger.kernel.org \
--cc=riteshh@linux.ibm.com \
--cc=stable@kernel.org \
--cc=stable@vger.kernel.org \
--cc=tytso@mit.edu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox