Received: by 2002:a05:6520:4d:b0:139:a872:a4c9 with SMTP id i13csp2565664lkm; Mon, 20 Sep 2021 18:52:05 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzTT8L//8+ubLXmv7Mo2XFBSbPRDuLdeLLtECWUftabVQpL4aF6TlBSfFkhNHztY13IL05r X-Received: by 2002:a05:6638:2589:: with SMTP id s9mr21710881jat.87.1632188755437; Mon, 20 Sep 2021 18:45:55 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1632188755; cv=none; d=google.com; s=arc-20160816; b=eZzzEbbsyZBQS+v7kwJaLCm3M2HpjfM71X1i5g9jNWRrXkbfHyvtha+MUt9xTyO282 XeMsbOoms37CTSSK4K3lQ2GG0d4jgNushG7bv/iv+MZ3C7rWQcsVIH078bpc7X3pj6Jh /+GGQtAiGFzG8KVPFE+kj9iatCVOvrDXiR/1Mrh+mi/6nG4lsART5zqvI/LOKvfvlIAa UpXsY/7SYzequNlz5BV1VyclnDmFbMMb4wQ9qFTOTFa3VgeozFN/K1nPpGdDVTNKtLF0 vJfOU5ybwaMueQdBtFj69TO6g19m27upqxvjSAl0ySU6YQ5XlTHAvBMQLBQvJRGgZJO4 hA1g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=/KalZxEQa3vfmHtV2y2qwdR4PuDQCn2TAc5AhsZgevM=; b=BI8UanV8r7NxFmFcfne4BpfJlXCRV3BaGNlzSTQ8VhTNYrYD/6IeXFLOp6hLEtxo/V Uj2y1hhFWIUFJ7gAb1athjwLc92ffrTYc1H4a9GeRPxjxrJzQbxAYcHM4oiEQyDy5/Rb qvXKbuu4ZPqqR7B8CzaNhcDF8tye8P3UeryPFFRJ63Yc4+HIdHJQ3sDolCJT4CpoE2E8 dRorBKi4idOBxLDgG+T/LRyYrwDHpIY810zfbTME7bcB3KLzW114xPy7GUOB3GFrDhwx 1bPsv7BEcjBY5wkSm2BGbDjWJQp6/hkrpBlR1uTmx8wrgZSsg5sR0j+Hf0IXJBG6NAWc kOmA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=f8br9jw3; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id j24si15204212jaa.10.2021.09.20.18.45.44; Mon, 20 Sep 2021 18:45:55 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=f8br9jw3; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1345975AbhITRNQ (ORCPT + 99 others); Mon, 20 Sep 2021 13:13:16 -0400 Received: from mail.kernel.org ([198.145.29.99]:33902 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1343489AbhITRLH (ORCPT ); Mon, 20 Sep 2021 13:11:07 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 44C83613A3; Mon, 20 Sep 2021 16:56:55 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1632157015; bh=t9tEat3ZVKAChYi9xcQ3UhIPOgPUidcS1OFDZJhmYrw=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=f8br9jw3hSpmfKsFMdNKBW13d7s5NeSlQErUvTfMqYVLhALCzjYYgSqB1y6Ho7msw XJlxbmXOlQbD6yW3sZv+tun7m0Fud2cmB/MqtpBHKWeG3+DIX12hhhgoFV4qTRAD5e okRfrSJ9JqOprpGt/aOamCOSy4O5Lif3DkeIJ/zM= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Chao Yu , Jaegeuk Kim Subject: [PATCH 4.14 015/217] f2fs: fix potential overflow Date: Mon, 20 Sep 2021 18:40:36 +0200 Message-Id: <20210920163925.129646852@linuxfoundation.org> X-Mailer: git-send-email 2.33.0 In-Reply-To: <20210920163924.591371269@linuxfoundation.org> References: <20210920163924.591371269@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Chao Yu commit a9af3fdcc4258af406879eca63d82e9d6baa892e upstream. In build_sit_entries(), if valid_blocks in SIT block is smaller than valid_blocks in journal, for below calculation: sbi->discard_blks += old_valid_blocks - se->valid_blocks; There will be two times potential overflow: - old_valid_blocks - se->valid_blocks will overflow, and be a very large number. - sbi->discard_blks += result will overflow again, comes out a correct result accidently. Anyway, it should be fixed. Fixes: d600af236da5 ("f2fs: avoid unneeded loop in build_sit_entries") Fixes: 1f43e2ad7bff ("f2fs: introduce CP_TRIMMED_FLAG to avoid unneeded discard") Signed-off-by: Chao Yu Signed-off-by: Jaegeuk Kim Signed-off-by: Greg Kroah-Hartman --- fs/f2fs/segment.c | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) --- a/fs/f2fs/segment.c +++ b/fs/f2fs/segment.c @@ -3337,14 +3337,17 @@ static int build_sit_entries(struct f2fs } else { memcpy(se->discard_map, se->cur_valid_map, SIT_VBLOCK_MAP_SIZE); - sbi->discard_blks += old_valid_blocks - - se->valid_blocks; + sbi->discard_blks += old_valid_blocks; + sbi->discard_blks -= se->valid_blocks; } } - if (sbi->segs_per_sec > 1) + if (sbi->segs_per_sec > 1) { get_sec_entry(sbi, start)->valid_blocks += - se->valid_blocks - old_valid_blocks; + se->valid_blocks; + get_sec_entry(sbi, start)->valid_blocks -= + old_valid_blocks; + } } up_read(&curseg->journal_rwsem);