Received: by 2002:ac0:bc90:0:0:0:0:0 with SMTP id a16csp660462img; Fri, 22 Mar 2019 06:06:57 -0700 (PDT) X-Google-Smtp-Source: APXvYqxDtM5kWAODc9di8YSGG+rfTuuIoFpac3LlI8oruqh1pFN4vDnSdhfxdThH+FQ0u/+ap63q X-Received: by 2002:a17:902:9a95:: with SMTP id w21mr2386465plp.74.1553260017152; Fri, 22 Mar 2019 06:06:57 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1553260017; cv=none; d=google.com; s=arc-20160816; b=j5E6x6BjddIjKQwUXlPq4gyytmnk7HELEoGyBKGUyJCV1sL7tqTteP1B2LizpKgDjO jmBvy7MTc+x2QNEz6C+86h3kubPFxSOZCGyhLSnKPBev9vEQIoWpmfepcefbbnE7KT6h 3keU9vUkjJA6EX5OQPpS/soGRScJJQQScjopFeWRaDK9Ce8aDIOtbq2J8cuuUuhDTZvL dadre1Jv3Zz2SWXRSzpBrro+RJ53UnNNR8OViLMKMz/soB+p3eOsx+FlvwIBvhiErTEv vB/sVT2zTuXqdq/2kqq7/dNcgMjKHUHFVPS//y3aLlU4o9L9AS7iF87sbMRl48el8vuX 6M+w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=UMMxVplm9ID/kyyCzOaBNuqX28qDeqS9IbXDYNMHcsA=; b=Ox1NdKYS9v8wz8lTh0S9nwAHodPXoYBw8jh+M9oqckGWQZsAvNmYKxHTCwigVSiNrN FMhFODbCzVF3NuYZItMwu9PJOVyqn6x1sGeFexbksPb2c/7fDJjtCleJrmRNDQjVPKTQ 6mmKKbes9shpEY6m1h4EKLAesbQDe5B5w16QQYItfYsZm8I9ZdOOarS0e5YqVYXy2wZF qTDD+Xf3gn1dEHkOE5gcBXPfVHKTdFhEemFerP4Dss41nAn1mH1CpSgNf1bc39gwPSCz 3tu+lO2sLyruBLTP5xNh+c5O/gB3Q7EiRbYhL2Uc6vYcns+ogDX4WxCZG6tobr9BaMd2 Ws2Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b="AI/gy6Xq"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 193si6600509pgc.365.2019.03.22.06.06.38; Fri, 22 Mar 2019 06:06:57 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b="AI/gy6Xq"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730695AbfCVLiL (ORCPT + 99 others); Fri, 22 Mar 2019 07:38:11 -0400 Received: from mail.kernel.org ([198.145.29.99]:39708 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730930AbfCVLiK (ORCPT ); Fri, 22 Mar 2019 07:38:10 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 8F3E62183E; Fri, 22 Mar 2019 11:38:08 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1553254689; bh=HyYrCQqbqJ+ByVkZSV0+60INpI7NUwzRiDhQBO83uF0=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=AI/gy6XqVrLR1imO+VgAaRhM6/pXFIzoQDRjoiVmO+ZWdt8gIA4X6Y10/WwFNXnBQ c2VDPuBlMnXF2uKPvYOJ5o9RaVNReSkUswfFULntnwPskX6VxHugqQVj9b/YGZhVHH QbFZkGGDmYrbJsvuNjm32VpaFL5WNyERhNziZhM8= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, yangerkun , Jan Kara Subject: [PATCH 4.4 196/230] ext2: Fix underflow in ext2_max_size() Date: Fri, 22 Mar 2019 12:15:34 +0100 Message-Id: <20190322111250.575451561@linuxfoundation.org> X-Mailer: git-send-email 2.21.0 In-Reply-To: <20190322111236.796964179@linuxfoundation.org> References: <20190322111236.796964179@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review X-Patchwork-Hint: ignore MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.4-stable review patch. If anyone has any objections, please let me know. ------------------ From: Jan Kara commit 1c2d14212b15a60300a2d4f6364753e87394c521 upstream. When ext2 filesystem is created with 64k block size, ext2_max_size() will return value less than 0. Also, we cannot write any file in this fs since the sb->maxbytes is less than 0. The core of the problem is that the size of block index tree for such large block size is more than i_blocks can carry. So fix the computation to count with this possibility. File size limits computed with the new function for the full range of possible block sizes look like: bits file_size 10 17247252480 11 275415851008 12 2196873666560 13 2197948973056 14 2198486220800 15 2198754754560 16 2198888906752 CC: stable@vger.kernel.org Reported-by: yangerkun Signed-off-by: Jan Kara Signed-off-by: Greg Kroah-Hartman --- fs/ext2/super.c | 41 ++++++++++++++++++++++++++--------------- 1 file changed, 26 insertions(+), 15 deletions(-) --- a/fs/ext2/super.c +++ b/fs/ext2/super.c @@ -721,7 +721,8 @@ static loff_t ext2_max_size(int bits) { loff_t res = EXT2_NDIR_BLOCKS; int meta_blocks; - loff_t upper_limit; + unsigned int upper_limit; + unsigned int ppb = 1 << (bits-2); /* This is calculated to be the largest file size for a * dense, file such that the total number of @@ -735,24 +736,34 @@ static loff_t ext2_max_size(int bits) /* total blocks in file system block size */ upper_limit >>= (bits - 9); - - /* indirect blocks */ - meta_blocks = 1; - /* double indirect blocks */ - meta_blocks += 1 + (1LL << (bits-2)); - /* tripple indirect blocks */ - meta_blocks += 1 + (1LL << (bits-2)) + (1LL << (2*(bits-2))); - - upper_limit -= meta_blocks; - upper_limit <<= bits; - + /* Compute how many blocks we can address by block tree */ res += 1LL << (bits-2); res += 1LL << (2*(bits-2)); res += 1LL << (3*(bits-2)); + /* Does block tree limit file size? */ + if (res < upper_limit) + goto check_lfs; + + res = upper_limit; + /* How many metadata blocks are needed for addressing upper_limit? */ + upper_limit -= EXT2_NDIR_BLOCKS; + /* indirect blocks */ + meta_blocks = 1; + upper_limit -= ppb; + /* double indirect blocks */ + if (upper_limit < ppb * ppb) { + meta_blocks += 1 + DIV_ROUND_UP(upper_limit, ppb); + res -= meta_blocks; + goto check_lfs; + } + meta_blocks += 1 + ppb; + upper_limit -= ppb * ppb; + /* tripple indirect blocks for the rest */ + meta_blocks += 1 + DIV_ROUND_UP(upper_limit, ppb) + + DIV_ROUND_UP(upper_limit, ppb*ppb); + res -= meta_blocks; +check_lfs: res <<= bits; - if (res > upper_limit) - res = upper_limit; - if (res > MAX_LFS_FILESIZE) res = MAX_LFS_FILESIZE;