Received: by 2002:a05:6a10:d5a5:0:0:0:0 with SMTP id gn37csp3993611pxb; Mon, 4 Oct 2021 14:42:02 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzqfpQAVwN0p0Ev+aCMD2JF7qY3puKwnhKrM2fLy5/7szLj1BnKNhYiObgcFzDoiqOBXE3p X-Received: by 2002:a17:902:8bc1:b0:13d:e884:125a with SMTP id r1-20020a1709028bc100b0013de884125amr1802253plo.38.1633383722586; Mon, 04 Oct 2021 14:42:02 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1633383722; cv=none; d=google.com; s=arc-20160816; b=PDiLVpzrZlkZpUOaS/JeXnkFr3fOv0cyL1wduAWmzemKoudYirrcyKdhGvtMUxVvo/ IzD52ZmPrnsHaXwrAH3yfw4iwchUbXUdRCRXGaYrEGpc6NCZOmmX6ue9oHkuGzpeeF08 wC6YhPv0cYp/Ergn0H2FAgYvZmiD4QhtS+zNsAW0Kx3YyeyM2bhj/xtlUSDih0XOVpZn w+mbKDUpHAR+qyd/7LCqD1tFONpUh4fnYc+l/639YlNOGJv2xUQVMlGa24DDbUc0Hf6T MYnvbYCtduLF6Fs5O6Xcst2IZUUqjACDzZ1vTBWOBhSmqnj0V+Bo/OpFVKOGP8GN+SW9 zP0w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=lyZ55A1uYZ5e3oZlhowxbK9aKcSqshYOgaQUIApdXOo=; b=ShN9YyOYLgS+XKBh/56paz/3Beg25BgSncRjt+YAgnWnFeEOrD3A96fAjxYZVW3nEv SK07eq97G5MYWgVWVJojnJGvfBjTEVIGpZX5Ecoc1945jseeCQEXjpdTzpk+e12oYApO vn2cyYdAnWVjgWWXmHonIMzCTXEvX8mSIlTpoFJM84FNMroCryNlR+YRmHw1rjyinUJz Xjt3cRy9SEYyoGSA2H+pCQKmonjWkslqI5ymmkEKcRYOHivl4LYtouIb3AUyrlhH41bz wLRGcqEOooZd1nPbLfI/FTEkEKJPo15ZViUghX8+v1PKb283E3EROEbndvI33nCRKaM7 vYCQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=0hSxxTAw; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id b140si18790107pfb.372.2021.10.04.14.41.49; Mon, 04 Oct 2021 14:42:02 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=0hSxxTAw; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S238316AbhJDNmB (ORCPT + 99 others); Mon, 4 Oct 2021 09:42:01 -0400 Received: from mail.kernel.org ([198.145.29.99]:51836 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S238355AbhJDNkU (ORCPT ); Mon, 4 Oct 2021 09:40:20 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 3ECC961A35; Mon, 4 Oct 2021 13:18:21 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1633353501; bh=n3VZaAq9PSuEzTDDy2q1lkPqT6ToTpRbCzrGvuW8MVA=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=0hSxxTAwwlHCaz5OKvZHk2tOW7/ZuLADihhqRgYlo2eRTT+umy3tYPpiJ6TWwUKrs eqte2nu+kepRKT9UNv3uw2GjS4+dF7Ayb0RCD+Ox+H9djK/Q1wUXalWD1Ny/HKOrWb xFITjTi54MGPXwyY6KLRhDgKhR84+s7YiwvvqvEU= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Ritesh Harjani , Jan Kara , Theodore Tso , stable@kernel.org Subject: [PATCH 5.14 153/172] ext4: fix loff_t overflow in ext4_max_bitmap_size() Date: Mon, 4 Oct 2021 14:53:23 +0200 Message-Id: <20211004125049.912795259@linuxfoundation.org> X-Mailer: git-send-email 2.33.0 In-Reply-To: <20211004125044.945314266@linuxfoundation.org> References: <20211004125044.945314266@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Ritesh Harjani commit 75ca6ad408f459f00b09a64f04c774559848c097 upstream. We should use unsigned long long rather than loff_t to avoid overflow in ext4_max_bitmap_size() for comparison before returning. w/o this patch sbi->s_bitmap_maxbytes was becoming a negative value due to overflow of upper_limit (with has_huge_files as true) Below is a quick test to trigger it on a 64KB pagesize system. sudo mkfs.ext4 -b 65536 -O ^has_extents,^64bit /dev/loop2 sudo mount /dev/loop2 /mnt sudo echo "hello" > /mnt/hello -> This will error out with "echo: write error: File too large" Signed-off-by: Ritesh Harjani Reviewed-by: Jan Kara Signed-off-by: Theodore Ts'o Cc: stable@kernel.org Link: https://lore.kernel.org/r/594f409e2c543e90fd836b78188dfa5c575065ba.1622867594.git.riteshh@linux.ibm.com Signed-off-by: Theodore Ts'o Signed-off-by: Greg Kroah-Hartman --- fs/ext4/super.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) --- a/fs/ext4/super.c +++ b/fs/ext4/super.c @@ -3185,17 +3185,17 @@ static loff_t ext4_max_size(int blkbits, */ static loff_t ext4_max_bitmap_size(int bits, int has_huge_files) { - loff_t res = EXT4_NDIR_BLOCKS; + unsigned long long upper_limit, res = EXT4_NDIR_BLOCKS; int meta_blocks; - loff_t upper_limit; - /* This is calculated to be the largest file size for a dense, block + + /* + * This is calculated to be the largest file size for a dense, block * mapped file such that the file's total number of 512-byte sectors, * including data and all indirect blocks, does not exceed (2^48 - 1). * * __u32 i_blocks_lo and _u16 i_blocks_high represent the total * number of 512-byte sectors of the file. */ - if (!has_huge_files) { /* * !has_huge_files or implies that the inode i_block field @@ -3238,7 +3238,7 @@ static loff_t ext4_max_bitmap_size(int b if (res > MAX_LFS_FILESIZE) res = MAX_LFS_FILESIZE; - return res; + return (loff_t)res; } static ext4_fsblk_t descriptor_loc(struct super_block *sb,