* [PATCH 0/4] ext4: Fix overflows in ext4 code @ 2013-05-29 12:05 Jan Kara 2013-05-29 12:05 ` [PATCH 1/4] ext4: Fix data offset overflow on 32-bit archs in ext4_inline_data_fiemap() Jan Kara ` (4 more replies) 0 siblings, 5 replies; 18+ messages in thread From: Jan Kara @ 2013-05-29 12:05 UTC (permalink / raw) To: Ted Tso; +Cc: linux-ext4 Hello, while working on my patchset, I stumbled over an overflow bug which made me do a quick audit of shifts in ext4 code. I've found a couple of places which use << and which can overflow (usually on 32-bit architecture only but at least SEEK_HOLE / SEEK_DATA bugs are real even for 64-bit architectures). Patches in this series fix the issues I've found. Likely this is also stable material so Ted, you might want to add stable@vger.kernel.org to CC when merging the patches. Honza ^ permalink raw reply [flat|nested] 18+ messages in thread
* [PATCH 1/4] ext4: Fix data offset overflow on 32-bit archs in ext4_inline_data_fiemap() 2013-05-29 12:05 [PATCH 0/4] ext4: Fix overflows in ext4 code Jan Kara @ 2013-05-29 12:05 ` Jan Kara 2013-05-29 12:05 ` [PATCH 2/4] ext4: Fix overflows in SEEK_HOLE, SEEK_DATA implementations Jan Kara ` (3 subsequent siblings) 4 siblings, 0 replies; 18+ messages in thread From: Jan Kara @ 2013-05-29 12:05 UTC (permalink / raw) To: Ted Tso; +Cc: linux-ext4, Jan Kara On 32-bit archs when sector_t is defined as 32-bit the logic computing data offset in ext4_inline_data_fiemap(). Fix that by properly typing the shifted value. Signed-off-by: Jan Kara <jack@suse.cz> --- fs/ext4/inline.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/ext4/inline.c b/fs/ext4/inline.c index 3e2bf87..33331b4 100644 --- a/fs/ext4/inline.c +++ b/fs/ext4/inline.c @@ -1842,7 +1842,7 @@ int ext4_inline_data_fiemap(struct inode *inode, if (error) goto out; - physical = iloc.bh->b_blocknr << inode->i_sb->s_blocksize_bits; + physical = (__u64)iloc.bh->b_blocknr << inode->i_sb->s_blocksize_bits; physical += (char *)ext4_raw_inode(&iloc) - iloc.bh->b_data; physical += offsetof(struct ext4_inode, i_block); length = i_size_read(inode); -- 1.8.1.4 ^ permalink raw reply related [flat|nested] 18+ messages in thread
* [PATCH 2/4] ext4: Fix overflows in SEEK_HOLE, SEEK_DATA implementations 2013-05-29 12:05 [PATCH 0/4] ext4: Fix overflows in ext4 code Jan Kara 2013-05-29 12:05 ` [PATCH 1/4] ext4: Fix data offset overflow on 32-bit archs in ext4_inline_data_fiemap() Jan Kara @ 2013-05-29 12:05 ` Jan Kara 2013-05-29 13:51 ` Zheng Liu 2013-05-29 12:05 ` [PATCH 3/4] ext4: Fix data offset overflow in ext4_xattr_fiemap() on 32-bit archs Jan Kara ` (2 subsequent siblings) 4 siblings, 1 reply; 18+ messages in thread From: Jan Kara @ 2013-05-29 12:05 UTC (permalink / raw) To: Ted Tso; +Cc: linux-ext4, Jan Kara ext4_lblk_t is just u32 so multiplying it by blocksize can easily overflow for files larger than 4 GB. Fix that by properly typing the block offsets before shifting. Signed-off-by: Jan Kara <jack@suse.cz> --- fs/ext4/file.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/fs/ext4/file.c b/fs/ext4/file.c index b1b4d51..b19f0a4 100644 --- a/fs/ext4/file.c +++ b/fs/ext4/file.c @@ -312,7 +312,7 @@ static int ext4_find_unwritten_pgoff(struct inode *inode, blkbits = inode->i_sb->s_blocksize_bits; startoff = *offset; lastoff = startoff; - endoff = (map->m_lblk + map->m_len) << blkbits; + endoff = (loff_t)(map->m_lblk + map->m_len) << blkbits; index = startoff >> PAGE_CACHE_SHIFT; end = endoff >> PAGE_CACHE_SHIFT; @@ -457,7 +457,7 @@ static loff_t ext4_seek_data(struct file *file, loff_t offset, loff_t maxsize) ret = ext4_map_blocks(NULL, inode, &map, 0); if (ret > 0 && !(map.m_flags & EXT4_MAP_UNWRITTEN)) { if (last != start) - dataoff = last << blkbits; + dataoff = (loff_t)last << blkbits; break; } @@ -468,7 +468,7 @@ static loff_t ext4_seek_data(struct file *file, loff_t offset, loff_t maxsize) ext4_es_find_delayed_extent_range(inode, last, last, &es); if (es.es_len != 0 && in_range(last, es.es_lblk, es.es_len)) { if (last != start) - dataoff = last << blkbits; + dataoff = (loff_t)last << blkbits; break; } @@ -486,7 +486,7 @@ static loff_t ext4_seek_data(struct file *file, loff_t offset, loff_t maxsize) } last++; - dataoff = last << blkbits; + dataoff = (loff_t)last << blkbits; } while (last <= end); mutex_unlock(&inode->i_mutex); @@ -540,7 +540,7 @@ static loff_t ext4_seek_hole(struct file *file, loff_t offset, loff_t maxsize) ret = ext4_map_blocks(NULL, inode, &map, 0); if (ret > 0 && !(map.m_flags & EXT4_MAP_UNWRITTEN)) { last += ret; - holeoff = last << blkbits; + holeoff = (loff_t)last << blkbits; continue; } @@ -551,7 +551,7 @@ static loff_t ext4_seek_hole(struct file *file, loff_t offset, loff_t maxsize) ext4_es_find_delayed_extent_range(inode, last, last, &es); if (es.es_len != 0 && in_range(last, es.es_lblk, es.es_len)) { last = es.es_lblk + es.es_len; - holeoff = last << blkbits; + holeoff = (loff_t)last << blkbits; continue; } @@ -566,7 +566,7 @@ static loff_t ext4_seek_hole(struct file *file, loff_t offset, loff_t maxsize) &map, &holeoff); if (!unwritten) { last += ret; - holeoff = last << blkbits; + holeoff = (loff_t)last << blkbits; continue; } } -- 1.8.1.4 ^ permalink raw reply related [flat|nested] 18+ messages in thread
* Re: [PATCH 2/4] ext4: Fix overflows in SEEK_HOLE, SEEK_DATA implementations 2013-05-29 12:05 ` [PATCH 2/4] ext4: Fix overflows in SEEK_HOLE, SEEK_DATA implementations Jan Kara @ 2013-05-29 13:51 ` Zheng Liu 0 siblings, 0 replies; 18+ messages in thread From: Zheng Liu @ 2013-05-29 13:51 UTC (permalink / raw) To: Jan Kara; +Cc: Ted Tso, linux-ext4 On Wed, May 29, 2013 at 02:05:31PM +0200, Jan Kara wrote: > ext4_lblk_t is just u32 so multiplying it by blocksize can easily > overflow for files larger than 4 GB. Fix that by properly typing the > block offsets before shifting. > > Signed-off-by: Jan Kara <jack@suse.cz> Ah, it's my fault. Thanks for fixing this. Reviewed-by: Zheng Liu <wenqing.lz@taobao.com> - Zheng > --- > fs/ext4/file.c | 14 +++++++------- > 1 file changed, 7 insertions(+), 7 deletions(-) > > diff --git a/fs/ext4/file.c b/fs/ext4/file.c > index b1b4d51..b19f0a4 100644 > --- a/fs/ext4/file.c > +++ b/fs/ext4/file.c > @@ -312,7 +312,7 @@ static int ext4_find_unwritten_pgoff(struct inode *inode, > blkbits = inode->i_sb->s_blocksize_bits; > startoff = *offset; > lastoff = startoff; > - endoff = (map->m_lblk + map->m_len) << blkbits; > + endoff = (loff_t)(map->m_lblk + map->m_len) << blkbits; > > index = startoff >> PAGE_CACHE_SHIFT; > end = endoff >> PAGE_CACHE_SHIFT; > @@ -457,7 +457,7 @@ static loff_t ext4_seek_data(struct file *file, loff_t offset, loff_t maxsize) > ret = ext4_map_blocks(NULL, inode, &map, 0); > if (ret > 0 && !(map.m_flags & EXT4_MAP_UNWRITTEN)) { > if (last != start) > - dataoff = last << blkbits; > + dataoff = (loff_t)last << blkbits; > break; > } > > @@ -468,7 +468,7 @@ static loff_t ext4_seek_data(struct file *file, loff_t offset, loff_t maxsize) > ext4_es_find_delayed_extent_range(inode, last, last, &es); > if (es.es_len != 0 && in_range(last, es.es_lblk, es.es_len)) { > if (last != start) > - dataoff = last << blkbits; > + dataoff = (loff_t)last << blkbits; > break; > } > > @@ -486,7 +486,7 @@ static loff_t ext4_seek_data(struct file *file, loff_t offset, loff_t maxsize) > } > > last++; > - dataoff = last << blkbits; > + dataoff = (loff_t)last << blkbits; > } while (last <= end); > > mutex_unlock(&inode->i_mutex); > @@ -540,7 +540,7 @@ static loff_t ext4_seek_hole(struct file *file, loff_t offset, loff_t maxsize) > ret = ext4_map_blocks(NULL, inode, &map, 0); > if (ret > 0 && !(map.m_flags & EXT4_MAP_UNWRITTEN)) { > last += ret; > - holeoff = last << blkbits; > + holeoff = (loff_t)last << blkbits; > continue; > } > > @@ -551,7 +551,7 @@ static loff_t ext4_seek_hole(struct file *file, loff_t offset, loff_t maxsize) > ext4_es_find_delayed_extent_range(inode, last, last, &es); > if (es.es_len != 0 && in_range(last, es.es_lblk, es.es_len)) { > last = es.es_lblk + es.es_len; > - holeoff = last << blkbits; > + holeoff = (loff_t)last << blkbits; > continue; > } > > @@ -566,7 +566,7 @@ static loff_t ext4_seek_hole(struct file *file, loff_t offset, loff_t maxsize) > &map, &holeoff); > if (!unwritten) { > last += ret; > - holeoff = last << blkbits; > + holeoff = (loff_t)last << blkbits; > continue; > } > } > -- > 1.8.1.4 > > -- > To unsubscribe from this list: send the line "unsubscribe linux-ext4" in > the body of a message to majordomo@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html ^ permalink raw reply [flat|nested] 18+ messages in thread
* [PATCH 3/4] ext4: Fix data offset overflow in ext4_xattr_fiemap() on 32-bit archs 2013-05-29 12:05 [PATCH 0/4] ext4: Fix overflows in ext4 code Jan Kara 2013-05-29 12:05 ` [PATCH 1/4] ext4: Fix data offset overflow on 32-bit archs in ext4_inline_data_fiemap() Jan Kara 2013-05-29 12:05 ` [PATCH 2/4] ext4: Fix overflows in SEEK_HOLE, SEEK_DATA implementations Jan Kara @ 2013-05-29 12:05 ` Jan Kara 2013-05-29 12:05 ` [PATCH 4/4] ext4: Fix overflow when counting used blocks on 32-bit architectures Jan Kara 2013-07-09 14:14 ` [PATCH 0/4] ext4: Fix overflows in ext4 code Eric Sandeen 4 siblings, 0 replies; 18+ messages in thread From: Jan Kara @ 2013-05-29 12:05 UTC (permalink / raw) To: Ted Tso; +Cc: linux-ext4, Jan Kara On 32-bit architectures with 32-bit sector_t computation of data offset in ext4_xattr_fiemap() can overflow resulting in reporting bogus data location. Fix the problem by typing block number to proper type before shifting. Signed-off-by: Jan Kara <jack@suse.cz> --- fs/ext4/extents.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/fs/ext4/extents.c b/fs/ext4/extents.c index bc0f191..e49da58 100644 --- a/fs/ext4/extents.c +++ b/fs/ext4/extents.c @@ -4659,7 +4659,7 @@ static int ext4_xattr_fiemap(struct inode *inode, error = ext4_get_inode_loc(inode, &iloc); if (error) return error; - physical = iloc.bh->b_blocknr << blockbits; + physical = (__u64)iloc.bh->b_blocknr << blockbits; offset = EXT4_GOOD_OLD_INODE_SIZE + EXT4_I(inode)->i_extra_isize; physical += offset; @@ -4667,7 +4667,7 @@ static int ext4_xattr_fiemap(struct inode *inode, flags |= FIEMAP_EXTENT_DATA_INLINE; brelse(iloc.bh); } else { /* external block */ - physical = EXT4_I(inode)->i_file_acl << blockbits; + physical = (__u64)EXT4_I(inode)->i_file_acl << blockbits; length = inode->i_sb->s_blocksize; } -- 1.8.1.4 ^ permalink raw reply related [flat|nested] 18+ messages in thread
* [PATCH 4/4] ext4: Fix overflow when counting used blocks on 32-bit architectures 2013-05-29 12:05 [PATCH 0/4] ext4: Fix overflows in ext4 code Jan Kara ` (2 preceding siblings ...) 2013-05-29 12:05 ` [PATCH 3/4] ext4: Fix data offset overflow in ext4_xattr_fiemap() on 32-bit archs Jan Kara @ 2013-05-29 12:05 ` Jan Kara 2013-05-31 23:42 ` Theodore Ts'o 2013-07-09 14:14 ` [PATCH 0/4] ext4: Fix overflows in ext4 code Eric Sandeen 4 siblings, 1 reply; 18+ messages in thread From: Jan Kara @ 2013-05-29 12:05 UTC (permalink / raw) To: Ted Tso; +Cc: linux-ext4, Jan Kara The arithmetics adding delalloc blocks to the number of used blocks in ext4_getattr() can easily overflow on 32-bit archs as we first multiply number of blocks by blocksize and then divide back by 512. Make the arithmetics more clever and also use proper type (unsigned long long instead of unsigned long). Signed-off-by: Jan Kara <jack@suse.cz> --- fs/ext4/inode.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c index d6382b8..83d9e69 100644 --- a/fs/ext4/inode.c +++ b/fs/ext4/inode.c @@ -4805,7 +4805,7 @@ int ext4_getattr(struct vfsmount *mnt, struct dentry *dentry, struct kstat *stat) { struct inode *inode; - unsigned long delalloc_blocks; + unsigned long long delalloc_blocks; inode = dentry->d_inode; generic_fillattr(inode, stat); @@ -4823,7 +4823,7 @@ int ext4_getattr(struct vfsmount *mnt, struct dentry *dentry, delalloc_blocks = EXT4_C2B(EXT4_SB(inode->i_sb), EXT4_I(inode)->i_reserved_data_blocks); - stat->blocks += (delalloc_blocks << inode->i_sb->s_blocksize_bits)>>9; + stat->blocks += delalloc_blocks << (inode->i_sb->s_blocksize_bits-9); return 0; } -- 1.8.1.4 ^ permalink raw reply related [flat|nested] 18+ messages in thread
* Re: [PATCH 4/4] ext4: Fix overflow when counting used blocks on 32-bit architectures 2013-05-29 12:05 ` [PATCH 4/4] ext4: Fix overflow when counting used blocks on 32-bit architectures Jan Kara @ 2013-05-31 23:42 ` Theodore Ts'o 0 siblings, 0 replies; 18+ messages in thread From: Theodore Ts'o @ 2013-05-31 23:42 UTC (permalink / raw) To: Jan Kara; +Cc: linux-ext4 On Wed, May 29, 2013 at 02:05:33PM +0200, Jan Kara wrote: > The arithmetics adding delalloc blocks to the number of used blocks in > ext4_getattr() can easily overflow on 32-bit archs as we first multiply > number of blocks by blocksize and then divide back by 512. Make the > arithmetics more clever and also use proper type (unsigned long long > instead of unsigned long). > > Signed-off-by: Jan Kara <jack@suse.cz> I've applied these four patches to the ext4 tree, thanks!! - Ted ^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [PATCH 0/4] ext4: Fix overflows in ext4 code 2013-05-29 12:05 [PATCH 0/4] ext4: Fix overflows in ext4 code Jan Kara ` (3 preceding siblings ...) 2013-05-29 12:05 ` [PATCH 4/4] ext4: Fix overflow when counting used blocks on 32-bit architectures Jan Kara @ 2013-07-09 14:14 ` Eric Sandeen 2013-07-09 14:38 ` Theodore Ts'o 4 siblings, 1 reply; 18+ messages in thread From: Eric Sandeen @ 2013-07-09 14:14 UTC (permalink / raw) To: Jan Kara; +Cc: Ted Tso, linux-ext4 On 5/29/13 7:05 AM, Jan Kara wrote: > Hello, > > while working on my patchset, I stumbled over an overflow bug which > made me do a quick audit of shifts in ext4 code. I've found a couple of > places which use << and which can overflow (usually on 32-bit > architecture only but at least SEEK_HOLE / SEEK_DATA bugs are real even > for 64-bit architectures). Patches in this series fix the issues I've > found. Likely this is also stable material so Ted, you might want to add > stable@vger.kernel.org to CC when merging the patches. > > Honza I don't think these did get cc'd to stable. Was there a reason for that, or was it an oversight? -Eric ^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [PATCH 0/4] ext4: Fix overflows in ext4 code 2013-07-09 14:14 ` [PATCH 0/4] ext4: Fix overflows in ext4 code Eric Sandeen @ 2013-07-09 14:38 ` Theodore Ts'o 2013-07-09 14:39 ` [PATCH 1/4] ext4: fix data offset overflow on 32-bit archs in ext4_inline_data_fiemap() Theodore Ts'o ` (4 more replies) 0 siblings, 5 replies; 18+ messages in thread From: Theodore Ts'o @ 2013-07-09 14:38 UTC (permalink / raw) To: Eric Sandeen; +Cc: Jan Kara, linux-ext4, stable On Tue, Jul 09, 2013 at 09:14:29AM -0500, Eric Sandeen wrote: > > I don't think these did get cc'd to stable. Was there a reason for that, > or was it an oversight? It was an oversight; my fault, sorry. I'll send a request to the stable kernel tree for the following patches: 8af8eec ext4: fix overflow when counting used blocks on 32-bit architectures a60697f ext4: fix data offset overflow in ext4_xattr_fiemap() on 32-bit archs e7293fd ext4: fix overflows in SEEK_HOLE, SEEK_DATA implementations eaf3793 ext4: fix data offset overflow on 32-bit archs in ext4_inline_data_fiemap() - Ted ^ permalink raw reply [flat|nested] 18+ messages in thread
* [PATCH 1/4] ext4: fix data offset overflow on 32-bit archs in ext4_inline_data_fiemap() 2013-07-09 14:38 ` Theodore Ts'o @ 2013-07-09 14:39 ` Theodore Ts'o 2013-07-09 14:39 ` [PATCH 2/4] ext4: fix overflows in SEEK_HOLE, SEEK_DATA implementations Theodore Ts'o ` (2 more replies) 2013-07-09 15:00 ` [PATCH 0/4] ext4: Fix overflows in ext4 code Eric Sandeen ` (3 subsequent siblings) 4 siblings, 3 replies; 18+ messages in thread From: Theodore Ts'o @ 2013-07-09 14:39 UTC (permalink / raw) To: stable; +Cc: Ext4 Developers List, Jan Kara, Theodore Ts'o From: Jan Kara <jack@suse.cz> On 32-bit archs when sector_t is defined as 32-bit the logic computing data offset in ext4_inline_data_fiemap(). Fix that by properly typing the shifted value. Signed-off-by: Jan Kara <jack@suse.cz> Signed-off-by: Theodore Ts'o <tytso@mit.edu> --- fs/ext4/inline.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/ext4/inline.c b/fs/ext4/inline.c index 3e2bf87..33331b4 100644 --- a/fs/ext4/inline.c +++ b/fs/ext4/inline.c @@ -1842,7 +1842,7 @@ int ext4_inline_data_fiemap(struct inode *inode, if (error) goto out; - physical = iloc.bh->b_blocknr << inode->i_sb->s_blocksize_bits; + physical = (__u64)iloc.bh->b_blocknr << inode->i_sb->s_blocksize_bits; physical += (char *)ext4_raw_inode(&iloc) - iloc.bh->b_data; physical += offsetof(struct ext4_inode, i_block); length = i_size_read(inode); -- 1.7.12.rc0.22.gcdd159b ^ permalink raw reply related [flat|nested] 18+ messages in thread
* [PATCH 2/4] ext4: fix overflows in SEEK_HOLE, SEEK_DATA implementations 2013-07-09 14:39 ` [PATCH 1/4] ext4: fix data offset overflow on 32-bit archs in ext4_inline_data_fiemap() Theodore Ts'o @ 2013-07-09 14:39 ` Theodore Ts'o 2013-07-09 14:39 ` [PATCH 3/4] ext4: fix data offset overflow in ext4_xattr_fiemap() on 32-bit archs Theodore Ts'o 2013-07-09 14:39 ` [PATCH 4/4] ext4: fix overflow when counting used blocks on 32-bit architectures Theodore Ts'o 2 siblings, 0 replies; 18+ messages in thread From: Theodore Ts'o @ 2013-07-09 14:39 UTC (permalink / raw) To: stable; +Cc: Ext4 Developers List, Jan Kara, Theodore Ts'o From: Jan Kara <jack@suse.cz> ext4_lblk_t is just u32 so multiplying it by blocksize can easily overflow for files larger than 4 GB. Fix that by properly typing the block offsets before shifting. Signed-off-by: Jan Kara <jack@suse.cz> Signed-off-by: Theodore Ts'o <tytso@mit.edu> Reviewed-by: Zheng Liu <wenqing.lz@taobao.com> --- fs/ext4/file.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/fs/ext4/file.c b/fs/ext4/file.c index b1b4d51..b19f0a4 100644 --- a/fs/ext4/file.c +++ b/fs/ext4/file.c @@ -312,7 +312,7 @@ static int ext4_find_unwritten_pgoff(struct inode *inode, blkbits = inode->i_sb->s_blocksize_bits; startoff = *offset; lastoff = startoff; - endoff = (map->m_lblk + map->m_len) << blkbits; + endoff = (loff_t)(map->m_lblk + map->m_len) << blkbits; index = startoff >> PAGE_CACHE_SHIFT; end = endoff >> PAGE_CACHE_SHIFT; @@ -457,7 +457,7 @@ static loff_t ext4_seek_data(struct file *file, loff_t offset, loff_t maxsize) ret = ext4_map_blocks(NULL, inode, &map, 0); if (ret > 0 && !(map.m_flags & EXT4_MAP_UNWRITTEN)) { if (last != start) - dataoff = last << blkbits; + dataoff = (loff_t)last << blkbits; break; } @@ -468,7 +468,7 @@ static loff_t ext4_seek_data(struct file *file, loff_t offset, loff_t maxsize) ext4_es_find_delayed_extent_range(inode, last, last, &es); if (es.es_len != 0 && in_range(last, es.es_lblk, es.es_len)) { if (last != start) - dataoff = last << blkbits; + dataoff = (loff_t)last << blkbits; break; } @@ -486,7 +486,7 @@ static loff_t ext4_seek_data(struct file *file, loff_t offset, loff_t maxsize) } last++; - dataoff = last << blkbits; + dataoff = (loff_t)last << blkbits; } while (last <= end); mutex_unlock(&inode->i_mutex); @@ -540,7 +540,7 @@ static loff_t ext4_seek_hole(struct file *file, loff_t offset, loff_t maxsize) ret = ext4_map_blocks(NULL, inode, &map, 0); if (ret > 0 && !(map.m_flags & EXT4_MAP_UNWRITTEN)) { last += ret; - holeoff = last << blkbits; + holeoff = (loff_t)last << blkbits; continue; } @@ -551,7 +551,7 @@ static loff_t ext4_seek_hole(struct file *file, loff_t offset, loff_t maxsize) ext4_es_find_delayed_extent_range(inode, last, last, &es); if (es.es_len != 0 && in_range(last, es.es_lblk, es.es_len)) { last = es.es_lblk + es.es_len; - holeoff = last << blkbits; + holeoff = (loff_t)last << blkbits; continue; } @@ -566,7 +566,7 @@ static loff_t ext4_seek_hole(struct file *file, loff_t offset, loff_t maxsize) &map, &holeoff); if (!unwritten) { last += ret; - holeoff = last << blkbits; + holeoff = (loff_t)last << blkbits; continue; } } -- 1.7.12.rc0.22.gcdd159b ^ permalink raw reply related [flat|nested] 18+ messages in thread
* [PATCH 3/4] ext4: fix data offset overflow in ext4_xattr_fiemap() on 32-bit archs 2013-07-09 14:39 ` [PATCH 1/4] ext4: fix data offset overflow on 32-bit archs in ext4_inline_data_fiemap() Theodore Ts'o 2013-07-09 14:39 ` [PATCH 2/4] ext4: fix overflows in SEEK_HOLE, SEEK_DATA implementations Theodore Ts'o @ 2013-07-09 14:39 ` Theodore Ts'o 2013-07-09 14:39 ` [PATCH 4/4] ext4: fix overflow when counting used blocks on 32-bit architectures Theodore Ts'o 2 siblings, 0 replies; 18+ messages in thread From: Theodore Ts'o @ 2013-07-09 14:39 UTC (permalink / raw) To: stable; +Cc: Ext4 Developers List, Jan Kara, Theodore Ts'o From: Jan Kara <jack@suse.cz> On 32-bit architectures with 32-bit sector_t computation of data offset in ext4_xattr_fiemap() can overflow resulting in reporting bogus data location. Fix the problem by typing block number to proper type before shifting. Signed-off-by: Jan Kara <jack@suse.cz> Signed-off-by: Theodore Ts'o <tytso@mit.edu> --- fs/ext4/extents.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/fs/ext4/extents.c b/fs/ext4/extents.c index 214e68a..299ee9d 100644 --- a/fs/ext4/extents.c +++ b/fs/ext4/extents.c @@ -4679,7 +4679,7 @@ static int ext4_xattr_fiemap(struct inode *inode, error = ext4_get_inode_loc(inode, &iloc); if (error) return error; - physical = iloc.bh->b_blocknr << blockbits; + physical = (__u64)iloc.bh->b_blocknr << blockbits; offset = EXT4_GOOD_OLD_INODE_SIZE + EXT4_I(inode)->i_extra_isize; physical += offset; @@ -4687,7 +4687,7 @@ static int ext4_xattr_fiemap(struct inode *inode, flags |= FIEMAP_EXTENT_DATA_INLINE; brelse(iloc.bh); } else { /* external block */ - physical = EXT4_I(inode)->i_file_acl << blockbits; + physical = (__u64)EXT4_I(inode)->i_file_acl << blockbits; length = inode->i_sb->s_blocksize; } -- 1.7.12.rc0.22.gcdd159b ^ permalink raw reply related [flat|nested] 18+ messages in thread
* [PATCH 4/4] ext4: fix overflow when counting used blocks on 32-bit architectures 2013-07-09 14:39 ` [PATCH 1/4] ext4: fix data offset overflow on 32-bit archs in ext4_inline_data_fiemap() Theodore Ts'o 2013-07-09 14:39 ` [PATCH 2/4] ext4: fix overflows in SEEK_HOLE, SEEK_DATA implementations Theodore Ts'o 2013-07-09 14:39 ` [PATCH 3/4] ext4: fix data offset overflow in ext4_xattr_fiemap() on 32-bit archs Theodore Ts'o @ 2013-07-09 14:39 ` Theodore Ts'o 2 siblings, 0 replies; 18+ messages in thread From: Theodore Ts'o @ 2013-07-09 14:39 UTC (permalink / raw) To: stable; +Cc: Ext4 Developers List, Jan Kara, Theodore Ts'o From: Jan Kara <jack@suse.cz> The arithmetics adding delalloc blocks to the number of used blocks in ext4_getattr() can easily overflow on 32-bit archs as we first multiply number of blocks by blocksize and then divide back by 512. Make the arithmetics more clever and also use proper type (unsigned long long instead of unsigned long). Signed-off-by: Jan Kara <jack@suse.cz> Signed-off-by: Theodore Ts'o <tytso@mit.edu> --- fs/ext4/inode.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/fs/ext4/inode.c b/fs/ext4/inode.c index 0fca5a8..38f03dc 100644 --- a/fs/ext4/inode.c +++ b/fs/ext4/inode.c @@ -4702,7 +4702,7 @@ int ext4_getattr(struct vfsmount *mnt, struct dentry *dentry, struct kstat *stat) { struct inode *inode; - unsigned long delalloc_blocks; + unsigned long long delalloc_blocks; inode = dentry->d_inode; generic_fillattr(inode, stat); @@ -4720,7 +4720,7 @@ int ext4_getattr(struct vfsmount *mnt, struct dentry *dentry, delalloc_blocks = EXT4_C2B(EXT4_SB(inode->i_sb), EXT4_I(inode)->i_reserved_data_blocks); - stat->blocks += (delalloc_blocks << inode->i_sb->s_blocksize_bits)>>9; + stat->blocks += delalloc_blocks << (inode->i_sb->s_blocksize_bits-9); return 0; } -- 1.7.12.rc0.22.gcdd159b ^ permalink raw reply related [flat|nested] 18+ messages in thread
* Re: [PATCH 0/4] ext4: Fix overflows in ext4 code 2013-07-09 14:38 ` Theodore Ts'o 2013-07-09 14:39 ` [PATCH 1/4] ext4: fix data offset overflow on 32-bit archs in ext4_inline_data_fiemap() Theodore Ts'o @ 2013-07-09 15:00 ` Eric Sandeen 2013-07-10 15:40 ` Luis Henriques ` (2 subsequent siblings) 4 siblings, 0 replies; 18+ messages in thread From: Eric Sandeen @ 2013-07-09 15:00 UTC (permalink / raw) To: Theodore Ts'o; +Cc: Jan Kara, linux-ext4, stable On 7/9/13 9:38 AM, Theodore Ts'o wrote: > On Tue, Jul 09, 2013 at 09:14:29AM -0500, Eric Sandeen wrote: >> >> I don't think these did get cc'd to stable. Was there a reason for that, >> or was it an oversight? > > It was an oversight; my fault, sorry. I'll send a request to the > stable kernel tree for the following patches: > > 8af8eec ext4: fix overflow when counting used blocks on 32-bit architectures > a60697f ext4: fix data offset overflow in ext4_xattr_fiemap() on 32-bit archs > e7293fd ext4: fix overflows in SEEK_HOLE, SEEK_DATA implementations > eaf3793 ext4: fix data offset overflow on 32-bit archs in ext4_inline_data_fiemap() > > - Ted Thanks Ted! -Eric ^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [PATCH 0/4] ext4: Fix overflows in ext4 code 2013-07-09 14:38 ` Theodore Ts'o 2013-07-09 14:39 ` [PATCH 1/4] ext4: fix data offset overflow on 32-bit archs in ext4_inline_data_fiemap() Theodore Ts'o 2013-07-09 15:00 ` [PATCH 0/4] ext4: Fix overflows in ext4 code Eric Sandeen @ 2013-07-10 15:40 ` Luis Henriques 2013-07-12 13:15 ` Josh Boyer 2013-07-24 4:46 ` Ben Hutchings 4 siblings, 0 replies; 18+ messages in thread From: Luis Henriques @ 2013-07-10 15:40 UTC (permalink / raw) To: Theodore Ts'o; +Cc: Eric Sandeen, Jan Kara, linux-ext4, stable "Theodore Ts'o" <tytso@mit.edu> writes: > On Tue, Jul 09, 2013 at 09:14:29AM -0500, Eric Sandeen wrote: >> >> I don't think these did get cc'd to stable. Was there a reason for that, >> or was it an oversight? > > It was an oversight; my fault, sorry. I'll send a request to the > stable kernel tree for the following patches: > > 8af8eec ext4: fix overflow when counting used blocks on 32-bit architectures > a60697f ext4: fix data offset overflow in ext4_xattr_fiemap() on 32-bit archs > e7293fd ext4: fix overflows in SEEK_HOLE, SEEK_DATA implementations > eaf3793 ext4: fix data offset overflow on 32-bit archs in ext4_inline_data_fiemap() > > - Ted Thanks Ted. All of these patches seem to be applicable to the 3.8 kernel. As for the 3.5 kernel, I'm queuing the first 2 patches only. Cheers, -- Luis ^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [PATCH 0/4] ext4: Fix overflows in ext4 code 2013-07-09 14:38 ` Theodore Ts'o ` (2 preceding siblings ...) 2013-07-10 15:40 ` Luis Henriques @ 2013-07-12 13:15 ` Josh Boyer 2013-07-12 14:50 ` Greg KH 2013-07-24 4:46 ` Ben Hutchings 4 siblings, 1 reply; 18+ messages in thread From: Josh Boyer @ 2013-07-12 13:15 UTC (permalink / raw) To: Theodore Ts'o; +Cc: Eric Sandeen, Jan Kara, linux-ext4, stable, Greg KH On Tue, Jul 9, 2013 at 10:38 AM, Theodore Ts'o <tytso@mit.edu> wrote: > On Tue, Jul 09, 2013 at 09:14:29AM -0500, Eric Sandeen wrote: >> >> I don't think these did get cc'd to stable. Was there a reason for that, >> or was it an oversight? > > It was an oversight; my fault, sorry. I'll send a request to the > stable kernel tree for the following patches: > > 8af8eec ext4: fix overflow when counting used blocks on 32-bit architectures > a60697f ext4: fix data offset overflow in ext4_xattr_fiemap() on 32-bit archs > e7293fd ext4: fix overflows in SEEK_HOLE, SEEK_DATA implementations > eaf3793 ext4: fix data offset overflow on 32-bit archs in ext4_inline_data_fiemap() Greg, are these 4 commits part of the large pile you're sitting on right now? Just want to make sure the request wasn't missed, as they lack the CC to stable. josh ^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [PATCH 0/4] ext4: Fix overflows in ext4 code 2013-07-12 13:15 ` Josh Boyer @ 2013-07-12 14:50 ` Greg KH 0 siblings, 0 replies; 18+ messages in thread From: Greg KH @ 2013-07-12 14:50 UTC (permalink / raw) To: Josh Boyer; +Cc: Theodore Ts'o, Eric Sandeen, Jan Kara, linux-ext4, stable On Fri, Jul 12, 2013 at 09:15:06AM -0400, Josh Boyer wrote: > On Tue, Jul 9, 2013 at 10:38 AM, Theodore Ts'o <tytso@mit.edu> wrote: > > On Tue, Jul 09, 2013 at 09:14:29AM -0500, Eric Sandeen wrote: > >> > >> I don't think these did get cc'd to stable. Was there a reason for that, > >> or was it an oversight? > > > > It was an oversight; my fault, sorry. I'll send a request to the > > stable kernel tree for the following patches: > > > > 8af8eec ext4: fix overflow when counting used blocks on 32-bit architectures > > a60697f ext4: fix data offset overflow in ext4_xattr_fiemap() on 32-bit archs > > e7293fd ext4: fix overflows in SEEK_HOLE, SEEK_DATA implementations > > eaf3793 ext4: fix data offset overflow on 32-bit archs in ext4_inline_data_fiemap() > > Greg, are these 4 commits part of the large pile you're sitting on > right now? Just want to make sure the request wasn't missed, as they > lack the CC to stable. They are still in my "to-apply" queue, and are not lost. And I wasn't counting them in the 170 patches I have to review, make that 174 now :) thanks, greg k-h ^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [PATCH 0/4] ext4: Fix overflows in ext4 code 2013-07-09 14:38 ` Theodore Ts'o ` (3 preceding siblings ...) 2013-07-12 13:15 ` Josh Boyer @ 2013-07-24 4:46 ` Ben Hutchings 4 siblings, 0 replies; 18+ messages in thread From: Ben Hutchings @ 2013-07-24 4:46 UTC (permalink / raw) To: Theodore Ts'o; +Cc: Eric Sandeen, Jan Kara, linux-ext4, stable [-- Attachment #1: Type: text/plain, Size: 871 bytes --] On Tue, 2013-07-09 at 10:38 -0400, Theodore Ts'o wrote: > On Tue, Jul 09, 2013 at 09:14:29AM -0500, Eric Sandeen wrote: > > > > I don't think these did get cc'd to stable. Was there a reason for that, > > or was it an oversight? > > It was an oversight; my fault, sorry. I'll send a request to the > stable kernel tree for the following patches: > > 8af8eec ext4: fix overflow when counting used blocks on 32-bit architectures > a60697f ext4: fix data offset overflow in ext4_xattr_fiemap() on 32-bit archs Both queued up for 3.2, thanks. > e7293fd ext4: fix overflows in SEEK_HOLE, SEEK_DATA implementations > eaf3793 ext4: fix data offset overflow on 32-bit archs in ext4_inline_data_fiemap() These are for features that were added after 3.2. Ben. -- Ben Hutchings Once a job is fouled up, anything done to improve it makes it worse. [-- Attachment #2: This is a digitally signed message part --] [-- Type: application/pgp-signature, Size: 828 bytes --] ^ permalink raw reply [flat|nested] 18+ messages in thread
end of thread, other threads:[~2013-07-24 4:46 UTC | newest] Thread overview: 18+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2013-05-29 12:05 [PATCH 0/4] ext4: Fix overflows in ext4 code Jan Kara 2013-05-29 12:05 ` [PATCH 1/4] ext4: Fix data offset overflow on 32-bit archs in ext4_inline_data_fiemap() Jan Kara 2013-05-29 12:05 ` [PATCH 2/4] ext4: Fix overflows in SEEK_HOLE, SEEK_DATA implementations Jan Kara 2013-05-29 13:51 ` Zheng Liu 2013-05-29 12:05 ` [PATCH 3/4] ext4: Fix data offset overflow in ext4_xattr_fiemap() on 32-bit archs Jan Kara 2013-05-29 12:05 ` [PATCH 4/4] ext4: Fix overflow when counting used blocks on 32-bit architectures Jan Kara 2013-05-31 23:42 ` Theodore Ts'o 2013-07-09 14:14 ` [PATCH 0/4] ext4: Fix overflows in ext4 code Eric Sandeen 2013-07-09 14:38 ` Theodore Ts'o 2013-07-09 14:39 ` [PATCH 1/4] ext4: fix data offset overflow on 32-bit archs in ext4_inline_data_fiemap() Theodore Ts'o 2013-07-09 14:39 ` [PATCH 2/4] ext4: fix overflows in SEEK_HOLE, SEEK_DATA implementations Theodore Ts'o 2013-07-09 14:39 ` [PATCH 3/4] ext4: fix data offset overflow in ext4_xattr_fiemap() on 32-bit archs Theodore Ts'o 2013-07-09 14:39 ` [PATCH 4/4] ext4: fix overflow when counting used blocks on 32-bit architectures Theodore Ts'o 2013-07-09 15:00 ` [PATCH 0/4] ext4: Fix overflows in ext4 code Eric Sandeen 2013-07-10 15:40 ` Luis Henriques 2013-07-12 13:15 ` Josh Boyer 2013-07-12 14:50 ` Greg KH 2013-07-24 4:46 ` Ben Hutchings
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.