From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id A6E41C433F5 for ; Mon, 4 Oct 2021 13:40:15 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 93B3D611C5 for ; Mon, 4 Oct 2021 13:40:15 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S238331AbhJDNmC (ORCPT ); Mon, 4 Oct 2021 09:42:02 -0400 Received: from mail.kernel.org ([198.145.29.99]:51836 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S238355AbhJDNkU (ORCPT ); Mon, 4 Oct 2021 09:40:20 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 3ECC961A35; Mon, 4 Oct 2021 13:18:21 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1633353501; bh=n3VZaAq9PSuEzTDDy2q1lkPqT6ToTpRbCzrGvuW8MVA=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=0hSxxTAwwlHCaz5OKvZHk2tOW7/ZuLADihhqRgYlo2eRTT+umy3tYPpiJ6TWwUKrs eqte2nu+kepRKT9UNv3uw2GjS4+dF7Ayb0RCD+Ox+H9djK/Q1wUXalWD1Ny/HKOrWb xFITjTi54MGPXwyY6KLRhDgKhR84+s7YiwvvqvEU= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Ritesh Harjani , Jan Kara , Theodore Tso , stable@kernel.org Subject: [PATCH 5.14 153/172] ext4: fix loff_t overflow in ext4_max_bitmap_size() Date: Mon, 4 Oct 2021 14:53:23 +0200 Message-Id: <20211004125049.912795259@linuxfoundation.org> X-Mailer: git-send-email 2.33.0 In-Reply-To: <20211004125044.945314266@linuxfoundation.org> References: <20211004125044.945314266@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Ritesh Harjani commit 75ca6ad408f459f00b09a64f04c774559848c097 upstream. We should use unsigned long long rather than loff_t to avoid overflow in ext4_max_bitmap_size() for comparison before returning. w/o this patch sbi->s_bitmap_maxbytes was becoming a negative value due to overflow of upper_limit (with has_huge_files as true) Below is a quick test to trigger it on a 64KB pagesize system. sudo mkfs.ext4 -b 65536 -O ^has_extents,^64bit /dev/loop2 sudo mount /dev/loop2 /mnt sudo echo "hello" > /mnt/hello -> This will error out with "echo: write error: File too large" Signed-off-by: Ritesh Harjani Reviewed-by: Jan Kara Signed-off-by: Theodore Ts'o Cc: stable@kernel.org Link: https://lore.kernel.org/r/594f409e2c543e90fd836b78188dfa5c575065ba.1622867594.git.riteshh@linux.ibm.com Signed-off-by: Theodore Ts'o Signed-off-by: Greg Kroah-Hartman --- fs/ext4/super.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) --- a/fs/ext4/super.c +++ b/fs/ext4/super.c @@ -3185,17 +3185,17 @@ static loff_t ext4_max_size(int blkbits, */ static loff_t ext4_max_bitmap_size(int bits, int has_huge_files) { - loff_t res = EXT4_NDIR_BLOCKS; + unsigned long long upper_limit, res = EXT4_NDIR_BLOCKS; int meta_blocks; - loff_t upper_limit; - /* This is calculated to be the largest file size for a dense, block + + /* + * This is calculated to be the largest file size for a dense, block * mapped file such that the file's total number of 512-byte sectors, * including data and all indirect blocks, does not exceed (2^48 - 1). * * __u32 i_blocks_lo and _u16 i_blocks_high represent the total * number of 512-byte sectors of the file. */ - if (!has_huge_files) { /* * !has_huge_files or implies that the inode i_block field @@ -3238,7 +3238,7 @@ static loff_t ext4_max_bitmap_size(int b if (res > MAX_LFS_FILESIZE) res = MAX_LFS_FILESIZE; - return res; + return (loff_t)res; } static ext4_fsblk_t descriptor_loc(struct super_block *sb,