Received: by 2002:ac0:bc90:0:0:0:0:0 with SMTP id a16csp591934img; Fri, 22 Mar 2019 04:43:59 -0700 (PDT) X-Google-Smtp-Source: APXvYqy2DAO8imarBL8xRFZMC35ulKv0QHJDQR627kLGH6LH/Ao0ErIq9BMoJBOB8DPiXYtaYKcA X-Received: by 2002:a63:d70a:: with SMTP id d10mr8365046pgg.286.1553255039054; Fri, 22 Mar 2019 04:43:59 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1553255039; cv=none; d=google.com; s=arc-20160816; b=F1gynYCkCo3FzhBGGriVW7roFouEYVJ5p27Aliuvl0v82VftMM332e9RM1WLCRQY5u xUer5KsTVL8H4vDROM4p/yzG1Js7GOBQoFY8C6zao756BG4a+OhS4Ua7GoFapPz9kSOF zCbgD5OMd08Y0ztgavlvXpyjuq+ziwpDnp/wymzTI9AhJ6vJXUPcEHxTDzhPybyqqXI3 fTNqpAkZT6fAbA8Ipn6uNFV9NBq6lTJYkPFfKG2V6XM5nnI5V96LZNWRFE6dvXtD++WU fBR3Dgb0cwWWgEmLExsbfXnxFXx+PvCA+iOLIMcySma8Ku3jPXKK8LRQx4yylMl2AiOG /jnw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=+kn82mk3Ima07lh+MEcMeQfup5Cec1ruUgyl9MTZaSg=; b=fjWB+bNz7nP9BrXm4THoZgKpd9qiMbKtvqTnPbWe+41paXuO5T3mQXwarVdhUK3OFT oZsvFrdGhnkzJOpJ1xjN+WGuCBgG30EE2C5gtD1HuWoVoV/5tuaM6Bzi3g2TQJbQSJm6 4kK5iu7rsWj1JBL+c+t1nDBF5h90INOKT0xjWytHiXGR8SgnduXgE7PH2Xu9ROo3VL72 lNVJ3cb2hvZQjgXF6M+Yy39Ih9V94Y+9XTRm9hlZauMhIvcZLBqH0CHxQhWQlKs+NBU+ sZMzQ6LaTshso/Y05TM482U2wW2c8ZyBEIjRbTA8KXHAdHtlh9uWiyLJsIOWpNuqctms V9Cg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=a21DhqzE; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 76si3413796pge.555.2019.03.22.04.43.43; Fri, 22 Mar 2019 04:43:59 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=a21DhqzE; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731638AbfCVLnM (ORCPT + 99 others); Fri, 22 Mar 2019 07:43:12 -0400 Received: from mail.kernel.org ([198.145.29.99]:45836 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729257AbfCVLnL (ORCPT ); Fri, 22 Mar 2019 07:43:11 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id CE18C204FD; Fri, 22 Mar 2019 11:43:09 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1553254990; bh=IdoQC2Ipy/CQOOVGVdEaPgdqbEpTXQ8MIxa1BCYlCRM=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=a21DhqzEQsqkwBnjlPa5mmqlaaAYXi91Z74wktIhGBG4Dzcb9nqxixkGcJIKMp6xH ys+1baBDYxubQcuntCKUYEjSZ0QCAypSnGrwH3WbFf9OzW/hUWRN/zlCRcP2bO4K0n Hr++T77IVytWUPE2+cTzsiEABdPsRSurTPDtDt08= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, yangerkun , Jan Kara Subject: [PATCH 4.9 073/118] ext2: Fix underflow in ext2_max_size() Date: Fri, 22 Mar 2019 12:15:45 +0100 Message-Id: <20190322111221.802003683@linuxfoundation.org> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190322111215.873964544@linuxfoundation.org> References: <20190322111215.873964544@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review X-Patchwork-Hint: ignore MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.9-stable review patch. If anyone has any objections, please let me know. ------------------ From: Jan Kara commit 1c2d14212b15a60300a2d4f6364753e87394c521 upstream. When ext2 filesystem is created with 64k block size, ext2_max_size() will return value less than 0. Also, we cannot write any file in this fs since the sb->maxbytes is less than 0. The core of the problem is that the size of block index tree for such large block size is more than i_blocks can carry. So fix the computation to count with this possibility. File size limits computed with the new function for the full range of possible block sizes look like: bits file_size 10 17247252480 11 275415851008 12 2196873666560 13 2197948973056 14 2198486220800 15 2198754754560 16 2198888906752 CC: stable@vger.kernel.org Reported-by: yangerkun Signed-off-by: Jan Kara Signed-off-by: Greg Kroah-Hartman --- fs/ext2/super.c | 41 ++++++++++++++++++++++++++--------------- 1 file changed, 26 insertions(+), 15 deletions(-) --- a/fs/ext2/super.c +++ b/fs/ext2/super.c @@ -724,7 +724,8 @@ static loff_t ext2_max_size(int bits) { loff_t res = EXT2_NDIR_BLOCKS; int meta_blocks; - loff_t upper_limit; + unsigned int upper_limit; + unsigned int ppb = 1 << (bits-2); /* This is calculated to be the largest file size for a * dense, file such that the total number of @@ -738,24 +739,34 @@ static loff_t ext2_max_size(int bits) /* total blocks in file system block size */ upper_limit >>= (bits - 9); - - /* indirect blocks */ - meta_blocks = 1; - /* double indirect blocks */ - meta_blocks += 1 + (1LL << (bits-2)); - /* tripple indirect blocks */ - meta_blocks += 1 + (1LL << (bits-2)) + (1LL << (2*(bits-2))); - - upper_limit -= meta_blocks; - upper_limit <<= bits; - + /* Compute how many blocks we can address by block tree */ res += 1LL << (bits-2); res += 1LL << (2*(bits-2)); res += 1LL << (3*(bits-2)); + /* Does block tree limit file size? */ + if (res < upper_limit) + goto check_lfs; + + res = upper_limit; + /* How many metadata blocks are needed for addressing upper_limit? */ + upper_limit -= EXT2_NDIR_BLOCKS; + /* indirect blocks */ + meta_blocks = 1; + upper_limit -= ppb; + /* double indirect blocks */ + if (upper_limit < ppb * ppb) { + meta_blocks += 1 + DIV_ROUND_UP(upper_limit, ppb); + res -= meta_blocks; + goto check_lfs; + } + meta_blocks += 1 + ppb; + upper_limit -= ppb * ppb; + /* tripple indirect blocks for the rest */ + meta_blocks += 1 + DIV_ROUND_UP(upper_limit, ppb) + + DIV_ROUND_UP(upper_limit, ppb*ppb); + res -= meta_blocks; +check_lfs: res <<= bits; - if (res > upper_limit) - res = upper_limit; - if (res > MAX_LFS_FILESIZE) res = MAX_LFS_FILESIZE;