Received: by 2002:ac0:bc90:0:0:0:0:0 with SMTP id a16csp638641img;
        Fri, 22 Mar 2019 05:41:10 -0700 (PDT)
X-Google-Smtp-Source: APXvYqz++v56h1sFWr8JLIMoVGRMdwuGVKwnzIzZ9EjKRWjRasJnKiqtOFlzZ1eqsStQKaFLQ5by
X-Received: by 2002:a17:902:9b86:: with SMTP id y6mr9160095plp.71.1553258470628;
        Fri, 22 Mar 2019 05:41:10 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1553258470; cv=none;
        d=google.com; s=arc-20160816;
        b=e/poH3VNLnyQnJjClNcmaQtfCunvHU8YGGVImzVksJIBkXcQi2dwgeDumCY/C4/f6E
         JbnFgDube4JcUgU/0TfgCT68xk60dr5I3ZcMDfREEHD1wgXOemuA8bZWwS5DM7xUZo+v
         CH3w95LUnEUjaMyzeUoCLHukOskTV9h9O/1esmAJZCjxDeRN6oXbh+VcHb/Be3p2iCLV
         +lQSwstE5AUYvt90CvzhltlxWbXPImPHPhhHleI4X3ckAe8iO0YMKHBYaD9vDP+cyycf
         aWtpjiGObsN61TQ22WHzCijtlR2cnnqvzevbaZyCnaoORDnUV6cvykO5DPLMU4P8C+Gd
         zJWQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:mime-version
         :user-agent:references:in-reply-to:message-id:date:subject:cc:to
         :from:dkim-signature;
        bh=d6mDa34mDffYS8sC0ha1WfBZhNw8pf5MDqYc8Nuk1Q4=;
        b=DRCDvK98RHw3/nVip63Jinp6nHuO1klNStbsP4UT1v+bz6S9/2fSsLxzvMnR5lTiVd
         RXSlJj4OTzlPRpQxbVJSGKc8SxDYE37g/C0pFQbe1zf8qjD7y9CMIY77jea5rC4VjV8/
         tSoInsN2GlZ1RJqyrLei0GlUVMExwFpNldmZlYAB/46TJyDavuHgv+9maipxiw+e+JEM
         qhmf9k2R+e5AwSOWVW2RBxyoCSSnJn7D7BB8Gk58a7SxC9K8d668K+HSCKK7abFSjLfv
         4/qG8Wvi+MB7kr5ujejj592qaZURGhaMUe8MYo88gf6sGi471pOY5+pAelE+AvpTyoLg
         pPGw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=sjP1eOFz;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id 91si7174934ply.258.2019.03.22.05.40.52;
        Fri, 22 Mar 2019 05:41:10 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=sjP1eOFz;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S2388970AbfCVMj6 (ORCPT <rfc822;ahaning.tech@gmail.com>
        + 99 others); Fri, 22 Mar 2019 08:39:58 -0400
Received: from mail.kernel.org ([198.145.29.99]:45740 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S2388774AbfCVMHT (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 22 Mar 2019 08:07:19 -0400
Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by mail.kernel.org (Postfix) with ESMTPSA id CF50721929;
        Fri, 22 Mar 2019 12:07:17 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=default; t=1553256438;
        bh=JObGYx1l5yB9vW03STDYS1A9H0UOKaL0IfM1YtVDnto=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=sjP1eOFzLaERFaYrnTNtdRKDZly7tNC9vuazI0nQlBHtpF8KvfBQWgAD987ufQ1Hj
         R6Jlx3i3X/u9DESM0sRJEbY3exZCaHcqBvzvFB2j9R4dV7Vl9veu+ljjHY5jVMY17/
         R7W2uR+H0ytN8ljAGQZvbPEhHfy5NrBP3GfwdkHU=
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org, yangerkun <yangerkun@huawei.com>,
        Jan Kara <jack@suse.cz>
Subject: [PATCH 4.19 190/280] ext2: Fix underflow in ext2_max_size()
Date:   Fri, 22 Mar 2019 12:15:43 +0100
Message-Id: <20190322111328.520441664@linuxfoundation.org>
X-Mailer: git-send-email 2.21.0
In-Reply-To: <20190322111306.356185024@linuxfoundation.org>
References: <20190322111306.356185024@linuxfoundation.org>
User-Agent: quilt/0.65
X-stable: review
X-Patchwork-Hint: ignore
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

4.19-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Jan Kara <jack@suse.cz>

commit 1c2d14212b15a60300a2d4f6364753e87394c521 upstream.

When ext2 filesystem is created with 64k block size, ext2_max_size()
will return value less than 0. Also, we cannot write any file in this fs
since the sb->maxbytes is less than 0. The core of the problem is that
the size of block index tree for such large block size is more than
i_blocks can carry. So fix the computation to count with this
possibility.

File size limits computed with the new function for the full range of
possible block sizes look like:

bits file_size
10     17247252480
11    275415851008
12   2196873666560
13   2197948973056
14   2198486220800
15   2198754754560
16   2198888906752

CC: stable@vger.kernel.org
Reported-by: yangerkun <yangerkun@huawei.com>
Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 fs/ext2/super.c |   41 ++++++++++++++++++++++++++---------------
 1 file changed, 26 insertions(+), 15 deletions(-)

--- a/fs/ext2/super.c
+++ b/fs/ext2/super.c
@@ -761,7 +761,8 @@ static loff_t ext2_max_size(int bits)
 {
 	loff_t res = EXT2_NDIR_BLOCKS;
 	int meta_blocks;
-	loff_t upper_limit;
+	unsigned int upper_limit;
+	unsigned int ppb = 1 << (bits-2);
 
 	/* This is calculated to be the largest file size for a
 	 * dense, file such that the total number of
@@ -775,24 +776,34 @@ static loff_t ext2_max_size(int bits)
 	/* total blocks in file system block size */
 	upper_limit >>= (bits - 9);
 
-
-	/* indirect blocks */
-	meta_blocks = 1;
-	/* double indirect blocks */
-	meta_blocks += 1 + (1LL << (bits-2));
-	/* tripple indirect blocks */
-	meta_blocks += 1 + (1LL << (bits-2)) + (1LL << (2*(bits-2)));
-
-	upper_limit -= meta_blocks;
-	upper_limit <<= bits;
-
+	/* Compute how many blocks we can address by block tree */
 	res += 1LL << (bits-2);
 	res += 1LL << (2*(bits-2));
 	res += 1LL << (3*(bits-2));
+	/* Does block tree limit file size? */
+	if (res < upper_limit)
+		goto check_lfs;
+
+	res = upper_limit;
+	/* How many metadata blocks are needed for addressing upper_limit? */
+	upper_limit -= EXT2_NDIR_BLOCKS;
+	/* indirect blocks */
+	meta_blocks = 1;
+	upper_limit -= ppb;
+	/* double indirect blocks */
+	if (upper_limit < ppb * ppb) {
+		meta_blocks += 1 + DIV_ROUND_UP(upper_limit, ppb);
+		res -= meta_blocks;
+		goto check_lfs;
+	}
+	meta_blocks += 1 + ppb;
+	upper_limit -= ppb * ppb;
+	/* tripple indirect blocks for the rest */
+	meta_blocks += 1 + DIV_ROUND_UP(upper_limit, ppb) +
+		DIV_ROUND_UP(upper_limit, ppb*ppb);
+	res -= meta_blocks;
+check_lfs:
 	res <<= bits;
-	if (res > upper_limit)
-		res = upper_limit;
-
 	if (res > MAX_LFS_FILESIZE)
 		res = MAX_LFS_FILESIZE;