From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5C713CA0ECE for ; Mon, 11 Sep 2023 21:20:03 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1344228AbjIKVNg (ORCPT ); Mon, 11 Sep 2023 17:13:36 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40960 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S240573AbjIKOrq (ORCPT ); Mon, 11 Sep 2023 10:47:46 -0400 Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 381CA106 for ; Mon, 11 Sep 2023 07:47:42 -0700 (PDT) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 825A4C433C7; Mon, 11 Sep 2023 14:47:41 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1694443661; bh=spQo77mKRvJnkc0HXOI0DAeRr3LcgdPb2Tugah1a4ZQ=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=RbpTdfc4098/sjgnZ2eKEhP4NUhTc4ERmY2s/ZmTY1kmpBCaYp/hPPOg82eKLdRki udHqpqwVqaP3m++Mi6hkhhN2ekTOL30eyQt16uxab3ev4AqcTFSj0YkkGmTGmayMxL iY14r5UQeOObAua+Vy3OAKaX011a07ZBsKal/YdU= From: Greg Kroah-Hartman To: stable@vger.kernel.org Cc: Greg Kroah-Hartman , patches@lists.linux.dev, Kemeng Shi , "Ritesh Harjani (IBM)" , Theodore Tso , Sasha Levin Subject: [PATCH 6.4 427/737] ext4: avoid potential data overflow in next_linear_group Date: Mon, 11 Sep 2023 15:44:46 +0200 Message-ID: <20230911134702.527403803@linuxfoundation.org> X-Mailer: git-send-email 2.42.0 In-Reply-To: <20230911134650.286315610@linuxfoundation.org> References: <20230911134650.286315610@linuxfoundation.org> User-Agent: quilt/0.67 X-stable: review X-Patchwork-Hint: ignore MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org 6.4-stable review patch. If anyone has any objections, please let me know. ------------------ From: Kemeng Shi [ Upstream commit 60c672b7f2d1e5dd1774f2399b355c9314e709f8 ] ngroups is ext4_group_t (unsigned int) while next_linear_group treat it in int. If ngroups is bigger than max number described by int, it will be treat as a negative number. Then "return group + 1 >= ngroups ? 0 : group + 1;" may keep returning 0. Switch int to ext4_group_t in next_linear_group to fix the overflow. Fixes: 196e402adf2e ("ext4: improve cr 0 / cr 1 group scanning") Signed-off-by: Kemeng Shi Reviewed-by: Ritesh Harjani (IBM) Link: https://lore.kernel.org/r/20230801143204.2284343-3-shikemeng@huaweicloud.com Signed-off-by: Theodore Ts'o Signed-off-by: Sasha Levin --- fs/ext4/mballoc.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/fs/ext4/mballoc.c b/fs/ext4/mballoc.c index 98e12326b0d6a..333439b3ac146 100644 --- a/fs/ext4/mballoc.c +++ b/fs/ext4/mballoc.c @@ -966,8 +966,9 @@ static inline int should_optimize_scan(struct ext4_allocation_context *ac) * Return next linear group for allocation. If linear traversal should not be * performed, this function just returns the same group */ -static int -next_linear_group(struct ext4_allocation_context *ac, int group, int ngroups) +static ext4_group_t +next_linear_group(struct ext4_allocation_context *ac, ext4_group_t group, + ext4_group_t ngroups) { if (!should_optimize_scan(ac)) goto inc_and_return; -- 2.40.1