Linux-ext4 Archive on lore.kernel.org
 help / color / Atom feed
* [PATCH] ext4: fix integer overflow when calculating commit interval
@ 2019-08-26 14:35 zhangyi (F)
  2019-08-26 15:30 ` Jan Kara
  0 siblings, 1 reply; 3+ messages in thread
From: zhangyi (F) @ 2019-08-26 14:35 UTC (permalink / raw)
  To: linux-ext4; +Cc: tytso, jack, adilger.kernel, yi.zhang

If user specify a large enough value of "commit=" option, it may trigger
signed integer overflow which may lead to sbi->s_commit_interval becomes
a large or small value, zero in particular.

UBSAN: Undefined behaviour in ../fs/ext4/super.c:1592:31
signed integer overflow:
536870912 * 1000 cannot be represented in type 'int'
[...]
Call trace:
[...]
[<ffffff9008a2d120>] ubsan_epilogue+0x34/0x9c lib/ubsan.c:166
[<ffffff9008a2d8b8>] handle_overflow+0x228/0x280 lib/ubsan.c:197
[<ffffff9008a2d95c>] __ubsan_handle_mul_overflow+0x4c/0x68 lib/ubsan.c:218
[<ffffff90086d070c>] handle_mount_opt fs/ext4/super.c:1592 [inline]
[<ffffff90086d070c>] parse_options+0x1724/0x1a40 fs/ext4/super.c:1773
[<ffffff90086d51c4>] ext4_remount+0x2ec/0x14a0 fs/ext4/super.c:4834
[...]

Although it is not a big deal, still silence the UBSAN by limit the
input value.

Signed-off-by: zhangyi (F) <yi.zhang@huawei.com>
---
 fs/ext4/super.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/fs/ext4/super.c b/fs/ext4/super.c
index 4079605d437a..7310facffa9d 100644
--- a/fs/ext4/super.c
+++ b/fs/ext4/super.c
@@ -1874,6 +1874,13 @@ static int handle_mount_opt(struct super_block *sb, char *opt, int token,
 	} else if (token == Opt_commit) {
 		if (arg == 0)
 			arg = JBD2_DEFAULT_MAX_COMMIT_AGE;
+		else if (arg > INT_MAX / HZ) {
+			ext4_msg(sb, KERN_ERR,
+				 "Invalid commit interval %d, "
+				 "must be smaller than %d",
+				 arg, INT_MAX / HZ);
+			return -1;
+		}
 		sbi->s_commit_interval = HZ * arg;
 	} else if (token == Opt_debug_want_extra_isize) {
 		sbi->s_want_extra_isize = arg;
-- 
2.23.0.rc2.8.gff66981


^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH] ext4: fix integer overflow when calculating commit interval
  2019-08-26 14:35 [PATCH] ext4: fix integer overflow when calculating commit interval zhangyi (F)
@ 2019-08-26 15:30 ` Jan Kara
  2019-08-28 15:25   ` Theodore Y. Ts'o
  0 siblings, 1 reply; 3+ messages in thread
From: Jan Kara @ 2019-08-26 15:30 UTC (permalink / raw)
  To: zhangyi (F); +Cc: linux-ext4, tytso, jack, adilger.kernel

On Mon 26-08-19 22:35:47, zhangyi (F) wrote:
> If user specify a large enough value of "commit=" option, it may trigger
> signed integer overflow which may lead to sbi->s_commit_interval becomes
> a large or small value, zero in particular.
> 
> UBSAN: Undefined behaviour in ../fs/ext4/super.c:1592:31
> signed integer overflow:
> 536870912 * 1000 cannot be represented in type 'int'
> [...]
> Call trace:
> [...]
> [<ffffff9008a2d120>] ubsan_epilogue+0x34/0x9c lib/ubsan.c:166
> [<ffffff9008a2d8b8>] handle_overflow+0x228/0x280 lib/ubsan.c:197
> [<ffffff9008a2d95c>] __ubsan_handle_mul_overflow+0x4c/0x68 lib/ubsan.c:218
> [<ffffff90086d070c>] handle_mount_opt fs/ext4/super.c:1592 [inline]
> [<ffffff90086d070c>] parse_options+0x1724/0x1a40 fs/ext4/super.c:1773
> [<ffffff90086d51c4>] ext4_remount+0x2ec/0x14a0 fs/ext4/super.c:4834
> [...]
> 
> Although it is not a big deal, still silence the UBSAN by limit the
> input value.
> 
> Signed-off-by: zhangyi (F) <yi.zhang@huawei.com>

Looks good to me. You can add:

Reviewed-by: Jan Kara <jack@suse.cz>

								Honza

> ---
>  fs/ext4/super.c | 7 +++++++
>  1 file changed, 7 insertions(+)
> 
> diff --git a/fs/ext4/super.c b/fs/ext4/super.c
> index 4079605d437a..7310facffa9d 100644
> --- a/fs/ext4/super.c
> +++ b/fs/ext4/super.c
> @@ -1874,6 +1874,13 @@ static int handle_mount_opt(struct super_block *sb, char *opt, int token,
>  	} else if (token == Opt_commit) {
>  		if (arg == 0)
>  			arg = JBD2_DEFAULT_MAX_COMMIT_AGE;
> +		else if (arg > INT_MAX / HZ) {
> +			ext4_msg(sb, KERN_ERR,
> +				 "Invalid commit interval %d, "
> +				 "must be smaller than %d",
> +				 arg, INT_MAX / HZ);
> +			return -1;
> +		}
>  		sbi->s_commit_interval = HZ * arg;
>  	} else if (token == Opt_debug_want_extra_isize) {
>  		sbi->s_want_extra_isize = arg;
> -- 
> 2.23.0.rc2.8.gff66981
> 
-- 
Jan Kara <jack@suse.com>
SUSE Labs, CR

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH] ext4: fix integer overflow when calculating commit interval
  2019-08-26 15:30 ` Jan Kara
@ 2019-08-28 15:25   ` Theodore Y. Ts'o
  0 siblings, 0 replies; 3+ messages in thread
From: Theodore Y. Ts'o @ 2019-08-28 15:25 UTC (permalink / raw)
  To: Jan Kara; +Cc: zhangyi (F), linux-ext4, adilger.kernel

On Mon, Aug 26, 2019 at 05:30:14PM +0200, Jan Kara wrote:
> On Mon 26-08-19 22:35:47, zhangyi (F) wrote:
> > If user specify a large enough value of "commit=" option, it may trigger
> > signed integer overflow which may lead to sbi->s_commit_interval becomes
> > a large or small value, zero in particular.
> > 
> > UBSAN: Undefined behaviour in ../fs/ext4/super.c:1592:31
> > signed integer overflow:
> > 536870912 * 1000 cannot be represented in type 'int'
> > [...]
> > Call trace:
> > [...]
> > [<ffffff9008a2d120>] ubsan_epilogue+0x34/0x9c lib/ubsan.c:166
> > [<ffffff9008a2d8b8>] handle_overflow+0x228/0x280 lib/ubsan.c:197
> > [<ffffff9008a2d95c>] __ubsan_handle_mul_overflow+0x4c/0x68 lib/ubsan.c:218
> > [<ffffff90086d070c>] handle_mount_opt fs/ext4/super.c:1592 [inline]
> > [<ffffff90086d070c>] parse_options+0x1724/0x1a40 fs/ext4/super.c:1773
> > [<ffffff90086d51c4>] ext4_remount+0x2ec/0x14a0 fs/ext4/super.c:4834
> > [...]
> > 
> > Although it is not a big deal, still silence the UBSAN by limit the
> > input value.
> > 
> > Signed-off-by: zhangyi (F) <yi.zhang@huawei.com>
> 
> Looks good to me. You can add:
> 
> Reviewed-by: Jan Kara <jack@suse.cz>

Thanks, applied.

						- Ted

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, back to index

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-08-26 14:35 [PATCH] ext4: fix integer overflow when calculating commit interval zhangyi (F)
2019-08-26 15:30 ` Jan Kara
2019-08-28 15:25   ` Theodore Y. Ts'o

Linux-ext4 Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/linux-ext4/0 linux-ext4/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 linux-ext4 linux-ext4/ https://lore.kernel.org/linux-ext4 \
		linux-ext4@vger.kernel.org linux-ext4@archiver.kernel.org
	public-inbox-index linux-ext4


Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.linux-ext4


AGPL code for this site: git clone https://public-inbox.org/ public-inbox