Received: by 2002:ac0:bc90:0:0:0:0:0 with SMTP id a16csp580378img; Fri, 22 Mar 2019 04:28:30 -0700 (PDT) X-Google-Smtp-Source: APXvYqzJv3H7fJlPNAaib9jYLXTExeqSKgz7Wipefi6mLoEgk3ICHLcPJ3/soOE2tcrHsgQ2nFNc X-Received: by 2002:a63:2158:: with SMTP id s24mr539873pgm.156.1553254110224; Fri, 22 Mar 2019 04:28:30 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1553254110; cv=none; d=google.com; s=arc-20160816; b=jzwg2IycQa6PY0Z5QrJxEx5bNtFC1bIbtIu11GxEHFHk4iPqzq6tpYm6VLaZBy9hRE NN/NUD4pFjpPJdo7WKUhP7PjdGaNry62eFSPXsk/Bw1Ny8tTjv10y14gIanPjXZ4N3ZI kmehBnWlVSPpyEF1CZKqAwon/eAp2Ubx3GK0I/CV84W6vx1CindypmrmFeN1AQFoOtlf 8r8BMhf4eSUSuzuzziUMiV6ajv1FKxTGUxfLC+1pu7ZkiEFYe60wb8NK+5Mfin5f6gho wlmuXeV9dhDyCDZYHgb+yNTW3VXzzpj/qFQwapTcR/V3YtSCTJirL0iBXNZDZxVKua3S 31/Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=jpOwTaHmOAi1kTpk4sOKIPfgOOkBnOmV8n/7XVH7psU=; b=1CgL7YYR07OTfTK6i8qozzSfI4mZeOsjD16TX0bBdQ3I4mXIAnmhu6VmrNMKHjsHDt /LOuZZfPbkS/K86k80cIVOckgdHb8wpk3ByfLptqptWyBrsEd3CARZ/IWrG3n70WKFNC iNeJffGulKDg6hBvLV+xW03L3CpNWm6/p2C6l7mjflgxiQ6pAwfMuI2qU8c0oHUh9BpT VvN5JtZDy4lruz/x/KZR1ASCsHk76MIzfxQ+1K0k0ybe7bKKiLLlvF8rnCwP/7UulfqU LoVsywHeBq6dsDyCOPUmdK9JT+H0Td1EmqPsroBNPf2nlQluhbOsY0DseOt/ak0s8Q0z BPag== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=Ye8WfkQU; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id c20si3732812pls.53.2019.03.22.04.28.15; Fri, 22 Mar 2019 04:28:30 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=Ye8WfkQU; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729445AbfCVL0k (ORCPT + 99 others); Fri, 22 Mar 2019 07:26:40 -0400 Received: from mail.kernel.org ([198.145.29.99]:54324 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729444AbfCVL0f (ORCPT ); Fri, 22 Mar 2019 07:26:35 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 203B320657; Fri, 22 Mar 2019 11:26:33 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1553253994; bh=R9zVw/yW1I+JgYbMyfzWhKEokB0muO24cwLBXwVY30s=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=Ye8WfkQUDN7i3iNUc3YGYSAbKpX5y10HoD+/5+tP5e0jBm+/jFQtVmjOWfTU+Gnhg nLL7tdfvjZ6jWWNZkMWGMbcR0dEol/Fyq7wSzY4fSJxl1x3jVmCHsKF/fLoCp/fU8c 4zhP1jpsFLfJb1WKlDn/Ni2+y8g/9P662QikW7J4= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, yangerkun , Jan Kara Subject: [PATCH 3.18 119/134] ext2: Fix underflow in ext2_max_size() Date: Fri, 22 Mar 2019 12:15:32 +0100 Message-Id: <20190322111218.983706448@linuxfoundation.org> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190322111210.465931067@linuxfoundation.org> References: <20190322111210.465931067@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review X-Patchwork-Hint: ignore MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 3.18-stable review patch. If anyone has any objections, please let me know. ------------------ From: Jan Kara commit 1c2d14212b15a60300a2d4f6364753e87394c521 upstream. When ext2 filesystem is created with 64k block size, ext2_max_size() will return value less than 0. Also, we cannot write any file in this fs since the sb->maxbytes is less than 0. The core of the problem is that the size of block index tree for such large block size is more than i_blocks can carry. So fix the computation to count with this possibility. File size limits computed with the new function for the full range of possible block sizes look like: bits file_size 10 17247252480 11 275415851008 12 2196873666560 13 2197948973056 14 2198486220800 15 2198754754560 16 2198888906752 CC: stable@vger.kernel.org Reported-by: yangerkun Signed-off-by: Jan Kara Signed-off-by: Greg Kroah-Hartman --- fs/ext2/super.c | 41 ++++++++++++++++++++++++++--------------- 1 file changed, 26 insertions(+), 15 deletions(-) --- a/fs/ext2/super.c +++ b/fs/ext2/super.c @@ -701,7 +701,8 @@ static loff_t ext2_max_size(int bits) { loff_t res = EXT2_NDIR_BLOCKS; int meta_blocks; - loff_t upper_limit; + unsigned int upper_limit; + unsigned int ppb = 1 << (bits-2); /* This is calculated to be the largest file size for a * dense, file such that the total number of @@ -715,24 +716,34 @@ static loff_t ext2_max_size(int bits) /* total blocks in file system block size */ upper_limit >>= (bits - 9); - - /* indirect blocks */ - meta_blocks = 1; - /* double indirect blocks */ - meta_blocks += 1 + (1LL << (bits-2)); - /* tripple indirect blocks */ - meta_blocks += 1 + (1LL << (bits-2)) + (1LL << (2*(bits-2))); - - upper_limit -= meta_blocks; - upper_limit <<= bits; - + /* Compute how many blocks we can address by block tree */ res += 1LL << (bits-2); res += 1LL << (2*(bits-2)); res += 1LL << (3*(bits-2)); + /* Does block tree limit file size? */ + if (res < upper_limit) + goto check_lfs; + + res = upper_limit; + /* How many metadata blocks are needed for addressing upper_limit? */ + upper_limit -= EXT2_NDIR_BLOCKS; + /* indirect blocks */ + meta_blocks = 1; + upper_limit -= ppb; + /* double indirect blocks */ + if (upper_limit < ppb * ppb) { + meta_blocks += 1 + DIV_ROUND_UP(upper_limit, ppb); + res -= meta_blocks; + goto check_lfs; + } + meta_blocks += 1 + ppb; + upper_limit -= ppb * ppb; + /* tripple indirect blocks for the rest */ + meta_blocks += 1 + DIV_ROUND_UP(upper_limit, ppb) + + DIV_ROUND_UP(upper_limit, ppb*ppb); + res -= meta_blocks; +check_lfs: res <<= bits; - if (res > upper_limit) - res = upper_limit; - if (res > MAX_LFS_FILESIZE) res = MAX_LFS_FILESIZE;