From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <stable-owner@vger.kernel.org>
Received: from imap.thunk.org ([74.207.234.97]:43992 "EHLO imap.thunk.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1750852AbeDWGD5 (ORCPT <rfc822;stable@vger.kernel.org>);
        Mon, 23 Apr 2018 02:03:57 -0400
Date: Mon, 23 Apr 2018 02:03:52 -0400
From: "Theodore Y. Ts'o" <tytso@mit.edu>
To: Ben Hutchings <ben@decadent.org.uk>
Cc: stable@vger.kernel.org, Wen Xu <wen.xu@gatech.edu>,
        Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        linux-kernel@vger.kernel.org
Subject: Re: [PATCH 4.9 37/95] ext4: add validity checks for bitmap block
 numbers
Message-ID: <20180423060352.GA8194@thunk.org>
References: <20180422135210.432103639@linuxfoundation.org>
 <20180422135211.941652389@linuxfoundation.org>
 <30c688b5783a5779811ce68893b7001390b9e200.camel@decadent.org.uk>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <30c688b5783a5779811ce68893b7001390b9e200.camel@decadent.org.uk>
Sender: stable-owner@vger.kernel.org
List-ID: <stable.vger.kernel.org>

On Sun, Apr 22, 2018 at 10:54:23PM +0100, Ben Hutchings wrote:
> >  	offset = blk - group_first_block;
> > -	if (!ext4_test_bit(EXT4_B2C(sbi, offset), bh->b_data))
> > +	if (offset < 0 || EXT4_B2C(sbi, offset) >= sb->s_blocksize ||
> > +	    !ext4_test_bit(EXT4_B2C(sbi, offset), bh->b_data))
> 
> Isn't sb->s_blocksize a count of bytes?  If so, doesn't that mean that
> we should be comparing with sb->s_blocksize * 8?

Yes, nice catch, Ben!  Can we temporarily drop this patch from the
stable queue until I can get a fix in?

In practice this shouldn't be a problem because of the default ext4
layout with flex_bg.  But we should definitely get this fixed before
we let this flow into the stable kernel.

       	    	      	  	 - Ted