Received: by 2002:ac0:bc90:0:0:0:0:0 with SMTP id a16csp630359img;
        Fri, 22 Mar 2019 05:30:59 -0700 (PDT)
X-Google-Smtp-Source: APXvYqw4EnAGURPrWz6bifozMjok3AnywG6IzpycZuTQ7o4+6TLzMgywiSThCQEKBTYn+bPk7Itm
X-Received: by 2002:a63:5318:: with SMTP id h24mr8737697pgb.76.1553257859188;
        Fri, 22 Mar 2019 05:30:59 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1553257859; cv=none;
        d=google.com; s=arc-20160816;
        b=EPPStRpN0aa1nFvH9vCYtRDGVQgX7ZEOvyNZXiqFNIfhDz2UFSTjf3FU+SMtCl7Pri
         aDObQYcijNNw0tsjMXEp4rELxee95y3bfwprEmt8+2vwhSWltJhR68/XDT3j/PhEDL16
         LsM5UoMKteT6VBMM5laDy7rWv1c3OeMqzTpIUEyAh6JAqGTQVvNnE0e5HPDmg53jOS6e
         ZpcSw7yc2p/BgsWV0CD42ypdJmef/tPGcAHuGFhoriFelZrDSJn7bYTrvilIu9ZX9ICF
         LmES0Z7DZQfuH6ScIlIqWGWhKnTH5cD9ir+YJJg2I2H4toC3vhzMJHjHlLwhGsDLlVK+
         bY6Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:mime-version
         :user-agent:references:in-reply-to:message-id:date:subject:cc:to
         :from:dkim-signature;
        bh=Lk9cpc4Q+oWMiIunw5skd4O1qafOy6NOANG39uc2bNQ=;
        b=lV/i3I5mWZ67wnZ5H3I9BxlS0bRu3JG9sHrNV27l9P28BoKwQIuliP2a8CVoQsbsFQ
         VGGzIoinuF6mp9y9seLQJGfETlmAYzoj0DZyp56PD8VKuTx926fJmdGaPtYnzVueRd4L
         RNua+LfHfOaCQrCifY0TsrWo8pjbw9Lp6K5LobgAdVW/XUYVw1fi0SHlAvG1fCi/mqtV
         zO4m8bQT2s23YYflta0M2li7QpszaCfKm5/3jvxch9qhgrz+EZaWv0OeKp5OlnW81USK
         LCuwP9m6ZNmuHI31SqgPWAdQmYTnMpnQLzZbrnabEtU2Sm8eqI5M0wj3yZ1hhOEYrWZR
         UyFA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=nytyPKIh;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id t2si6397337pgp.444.2019.03.22.05.30.43;
        Fri, 22 Mar 2019 05:30:59 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=nytyPKIh;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S2390668AbfCVMaK (ORCPT <rfc822;ahaning.tech@gmail.com>
        + 99 others); Fri, 22 Mar 2019 08:30:10 -0400
Received: from mail.kernel.org ([198.145.29.99]:57560 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S2389779AbfCVMSh (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 22 Mar 2019 08:18:37 -0400
Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by mail.kernel.org (Postfix) with ESMTPSA id 88F4B2083D;
        Fri, 22 Mar 2019 12:18:36 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=default; t=1553257117;
        bh=orbTBfNTnAB7prxOXpHELlBFbc3dckcwdgaQco1IwWc=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=nytyPKIh3WYIjyyr8/7hQ3bwzq+OyzO73Z9Rogk0+aCqXzmttFOCyFxabqUdC8ngq
         04oVvFkk0ekzWZajPgZIA8yPFFRAjeZPNBqwxdVCI4TDUkcDNwujSR7WICUxJF9Z4v
         Yt+Y1T1Ld3Oimg7Wn9IRHK9GqFd+tnDw5p/T2oic=
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org, yangerkun <yangerkun@huawei.com>,
        Jan Kara <jack@suse.cz>
Subject: [PATCH 5.0 138/238] ext2: Fix underflow in ext2_max_size()
Date:   Fri, 22 Mar 2019 12:15:57 +0100
Message-Id: <20190322111306.578796620@linuxfoundation.org>
X-Mailer: git-send-email 2.21.0
In-Reply-To: <20190322111258.383569278@linuxfoundation.org>
References: <20190322111258.383569278@linuxfoundation.org>
User-Agent: quilt/0.65
X-stable: review
X-Patchwork-Hint: ignore
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

5.0-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Jan Kara <jack@suse.cz>

commit 1c2d14212b15a60300a2d4f6364753e87394c521 upstream.

When ext2 filesystem is created with 64k block size, ext2_max_size()
will return value less than 0. Also, we cannot write any file in this fs
since the sb->maxbytes is less than 0. The core of the problem is that
the size of block index tree for such large block size is more than
i_blocks can carry. So fix the computation to count with this
possibility.

File size limits computed with the new function for the full range of
possible block sizes look like:

bits file_size
10     17247252480
11    275415851008
12   2196873666560
13   2197948973056
14   2198486220800
15   2198754754560
16   2198888906752

CC: stable@vger.kernel.org
Reported-by: yangerkun <yangerkun@huawei.com>
Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 fs/ext2/super.c |   41 ++++++++++++++++++++++++++---------------
 1 file changed, 26 insertions(+), 15 deletions(-)

--- a/fs/ext2/super.c
+++ b/fs/ext2/super.c
@@ -757,7 +757,8 @@ static loff_t ext2_max_size(int bits)
 {
 	loff_t res = EXT2_NDIR_BLOCKS;
 	int meta_blocks;
-	loff_t upper_limit;
+	unsigned int upper_limit;
+	unsigned int ppb = 1 << (bits-2);
 
 	/* This is calculated to be the largest file size for a
 	 * dense, file such that the total number of
@@ -771,24 +772,34 @@ static loff_t ext2_max_size(int bits)
 	/* total blocks in file system block size */
 	upper_limit >>= (bits - 9);
 
-
-	/* indirect blocks */
-	meta_blocks = 1;
-	/* double indirect blocks */
-	meta_blocks += 1 + (1LL << (bits-2));
-	/* tripple indirect blocks */
-	meta_blocks += 1 + (1LL << (bits-2)) + (1LL << (2*(bits-2)));
-
-	upper_limit -= meta_blocks;
-	upper_limit <<= bits;
-
+	/* Compute how many blocks we can address by block tree */
 	res += 1LL << (bits-2);
 	res += 1LL << (2*(bits-2));
 	res += 1LL << (3*(bits-2));
+	/* Does block tree limit file size? */
+	if (res < upper_limit)
+		goto check_lfs;
+
+	res = upper_limit;
+	/* How many metadata blocks are needed for addressing upper_limit? */
+	upper_limit -= EXT2_NDIR_BLOCKS;
+	/* indirect blocks */
+	meta_blocks = 1;
+	upper_limit -= ppb;
+	/* double indirect blocks */
+	if (upper_limit < ppb * ppb) {
+		meta_blocks += 1 + DIV_ROUND_UP(upper_limit, ppb);
+		res -= meta_blocks;
+		goto check_lfs;
+	}
+	meta_blocks += 1 + ppb;
+	upper_limit -= ppb * ppb;
+	/* tripple indirect blocks for the rest */
+	meta_blocks += 1 + DIV_ROUND_UP(upper_limit, ppb) +
+		DIV_ROUND_UP(upper_limit, ppb*ppb);
+	res -= meta_blocks;
+check_lfs:
 	res <<= bits;
-	if (res > upper_limit)
-		res = upper_limit;
-
 	if (res > MAX_LFS_FILESIZE)
 		res = MAX_LFS_FILESIZE;