[PATCH]Fix potential Divide by Zero error in ext2_get_inode()

[PATCH]Fix potential Divide by Zero error in ext2_get_inode()

[B. N. Poornima]

Found a line of code in ext2_get_inode function of inode.c in the ext2 
filesystem that has the potential of hitting the divide by 0 error.
*************************************************
 block_group = (ino - 1) / EXT2_INODES_PER_GROUP(sb);
*************************************************
There is no checking done here to verify if EXT2_INODES_PER_GROUP() 
returns 0. This could result in divide by zero error and panic the system.
Below is the patch, built against 2.6.30-rc5,  to correct the same:

Signed-off-by: B N Poornima <poornima@in.ibm.com>

Index: linux-2.6.30-rc5/fs/ext2/inode.c
===================================================================
--- linux-2.6.30-rc5.orig/fs/ext2/inode.c       2009-05-09 
05:44:14.000000000 +0530
+++ linux-2.6.30-rc5/fs/ext2/inode.c    2009-05-12 19:14:42.873991280 +0530
@@ -1138,6 +1138,7 @@
        unsigned long block_group;
        unsigned long block;
        unsigned long offset;
+       unsigned long inodes_per_group;
        struct ext2_group_desc * gdp;

        *p = NULL;
@@ -1145,7 +1146,10 @@
            ino > le32_to_cpu(EXT2_SB(sb)->s_es->s_inodes_count))
                goto Einval;

-       block_group = (ino - 1) / EXT2_INODES_PER_GROUP(sb);
+       inodes_per_group = EXT2_INODES_PER_GROUP(sb);
+       if (!inodes_per_group)
+               goto Einval1;
+       block_group = (ino - 1) / inodes_per_group;
        gdp = ext2_get_group_desc(sb, block_group, NULL);
        if (!gdp)
                goto Egdp;
@@ -1166,6 +1170,11 @@
        ext2_error(sb, "ext2_get_inode", "bad inode number: %lu",
                   (unsigned long) ino);
        return ERR_PTR(-EINVAL);
+
+Einval1:
+       printk(KERN_ERR "Ext2-fs: Filesystem corrupted. Wrong inodes per 
group: %lu, run e2fsck\n", (unsigned long)inodes_per_group);
+       return ERR_PTR(-EINVAL);
+
 Eio:
        ext2_error(sb, "ext2_get_inode",
                   "unable to read inode block - inode=%lu, block=%lu",

                                                           

Re: [PATCH]Fix potential Divide by Zero error in ext2_get_inode()

[Andrew Morton]

On Wed, 13 May 2009 13:51:01 +0530
"B. N. Poornima" <poornima@in.ibm.com> wrote:

> Found a line of code in ext2_get_inode function of inode.c in the ext2 
> filesystem that has the potential of hitting the divide by 0 error.
> *************************************************
>  block_group = (ino - 1) / EXT2_INODES_PER_GROUP(sb);
> *************************************************
> There is no checking done here to verify if EXT2_INODES_PER_GROUP() 
> returns 0. This could result in divide by zero error and panic the system.
> Below is the patch, built against 2.6.30-rc5,  to correct the same:

EXT2_INODES_PER_GROUP() cannot return zero.  See ext2_fill_super():

	if (sbi->s_inodes_per_block == 0 || sbi->s_inodes_per_group == 0)
		goto cantfind_ext2;

Re: [PATCH]Fix potential Divide by Zero error in ext2_get_inode()

[B. N. Poornima]

Andrew Morton wrote:
> On Wed, 13 May 2009 13:51:01 +0530
> "B. N. Poornima" <poornima@in.ibm.com> wrote:
>
>   
>> Found a line of code in ext2_get_inode function of inode.c in the ext2 
>> filesystem that has the potential of hitting the divide by 0 error.
>> *************************************************
>>  block_group = (ino - 1) / EXT2_INODES_PER_GROUP(sb);
>> *************************************************
>> There is no checking done here to verify if EXT2_INODES_PER_GROUP() 
>> returns 0. This could result in divide by zero error and panic the system.
>> Below is the patch, built against 2.6.30-rc5,  to correct the same:
>>     
>
> EXT2_INODES_PER_GROUP() cannot return zero.  See ext2_fill_super():
>
> 	if (sbi->s_inodes_per_block == 0 || sbi->s_inodes_per_group == 0)
> 		goto cantfind_ext2;
>
>   
Andrew,
Thanks for pointing that out!

Regards,
Poornima.