Received: by 2002:a05:6358:1087:b0:cb:c9d3:cd90 with SMTP id j7csp910384rwi;
        Wed, 19 Oct 2022 04:38:32 -0700 (PDT)
X-Google-Smtp-Source: AMsMyM7B4nH1kRgGtt2BK/fERX5JMpke74OTxbhC3ND8Tz2bppc5+LfpL2xP3ugiXLm9M8C3MAld
X-Received: by 2002:a17:902:868b:b0:185:be8:b316 with SMTP id g11-20020a170902868b00b001850be8b316mr7856160plo.157.1666179512582;
        Wed, 19 Oct 2022 04:38:32 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1666179512; cv=none;
        d=google.com; s=arc-20160816;
        b=YtekK1K3wv/pXQRPVfUgdxaPW7U7nsXFs9y4DzkFG3F5gx7mQpLebt6RqPD1KIGQfd
         itYEwNX0K6EN5fJuwlAEePwIsnpuMPHiGFyXAWPwWsTGlC55xdNChuSh/kIxiwPRhJOj
         gIJnoUfz5ATe1cN0JpL5ZxBjhIAfvalpLuh7KiwNg8cMjZ/apSvPILHcgDQx7Pa+Rrn+
         vSkG7BQGBcx6QXmoyFmXxo97By0my0U0zQ9ykywkW43hr6yOAf1detRrjcvasccQZADs
         lhODTSnig7l9Yk8KdBmwi7rYLdjij29cfvuAmnQESDj1e7cQWf1OA1h+4NCFlOh8ZhQ2
         ez7A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :user-agent:references:in-reply-to:message-id:date:subject:cc:to
         :from:dkim-signature;
        bh=a+7VDpb9Pgmc5mWLUeC7I+y0BECPYDdeybO9GPHW0cE=;
        b=mYNERsSJd+j0rs/rdFZrUK2YurvAkzn/5VYmCO7JsiJ+UYMwYIj5I1bZOtYIM4QQMC
         B6a4puX3opKx7aIpYVrpvmUQKLeMkWoien//5SwP6STxH24HrcweYkV7mPNZmfRpGjWw
         mX0LgJIfCYE593XG4C38mmQbteaT8IbQUDjiFf2FmNlOoIWDxBIXdLxe+7nIQQotND5A
         6tuxSONbqYRSaeXNo+/cTuI6GTmNFSPRtY6Z2RZvC7m6yaBRgJuHSWmgo1AgIj+rTxh7
         UxS4Y2rXsFE0/u3v+5OCcrmhivFfyGmBzW/XcbGEJcZ2Y6X93nxVfH/sW/Rs/XiHJdnd
         2P0g==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=wvti6MUY;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id b10-20020a170902d88a00b00174e6274906si16602841plz.236.2022.10.19.04.38.13;
        Wed, 19 Oct 2022 04:38:32 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=wvti6MUY;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S232129AbiJSKlM (ORCPT <rfc822;artur.folwarczny@gmail.com>
        + 99 others); Wed, 19 Oct 2022 06:41:12 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58676 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S232099AbiJSKkN (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 19 Oct 2022 06:40:13 -0400
Received: from ams.source.kernel.org (ams.source.kernel.org [IPv6:2604:1380:4601:e00::1])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id CF7A76B8ED;
        Wed, 19 Oct 2022 03:18:46 -0700 (PDT)
Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by ams.source.kernel.org (Postfix) with ESMTPS id CA8D5B824E1;
        Wed, 19 Oct 2022 09:14:53 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 4AC03C433B5;
        Wed, 19 Oct 2022 09:14:52 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org;
        s=korg; t=1666170892;
        bh=OxUnyWBNF9EL9wIWC7v/GzN4GWanOyfXdgikF9wmzdI=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=wvti6MUYHhKeYgk7IJVI5kMMeVaJdbxgbkxpf44D47ijnINwZ/7uRcQJPs0uqZXg4
         wgT4cKdkiP9byPsraAmetbRp0ItRqYcP6JxJxvgbaQlPb0x9fNtkn8R3IygY2scbZv
         VYf/v4PYqn3BUKDK5YCA4hPPsB2/x5QHkYSx1Ka8=
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org,
        syzbot+0f2f7e65a3007d39539f@syzkaller.appspotmail.com,
        Jan Kara <jack@suse.cz>, Sasha Levin <sashal@kernel.org>
Subject: [PATCH 6.0 827/862] ext2: Use kvmalloc() for group descriptor array
Date:   Wed, 19 Oct 2022 10:35:14 +0200
Message-Id: <20221019083326.446951244@linuxfoundation.org>
X-Mailer: git-send-email 2.38.0
In-Reply-To: <20221019083249.951566199@linuxfoundation.org>
References: <20221019083249.951566199@linuxfoundation.org>
User-Agent: quilt/0.67
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-7.4 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
        DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI,
        SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Jan Kara <jack@suse.cz>

[ Upstream commit e7c7fbb9a8574ebd89cc05db49d806c7476863ad ]

Array of group descriptor block buffers can get rather large. In theory
in can reach 1MB for perfectly valid filesystem and even more for
maliciously crafted ones. Use kvmalloc() to allocate the array to avoid
straining memory allocator with large order allocations unnecessarily.

Reported-by: syzbot+0f2f7e65a3007d39539f@syzkaller.appspotmail.com
Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 fs/ext2/super.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/fs/ext2/super.c b/fs/ext2/super.c
index afb31af9302d..03f2af98b1b4 100644
--- a/fs/ext2/super.c
+++ b/fs/ext2/super.c
@@ -163,7 +163,7 @@ static void ext2_put_super (struct super_block * sb)
 	db_count = sbi->s_gdb_count;
 	for (i = 0; i < db_count; i++)
 		brelse(sbi->s_group_desc[i]);
-	kfree(sbi->s_group_desc);
+	kvfree(sbi->s_group_desc);
 	kfree(sbi->s_debts);
 	percpu_counter_destroy(&sbi->s_freeblocks_counter);
 	percpu_counter_destroy(&sbi->s_freeinodes_counter);
@@ -1092,7 +1092,7 @@ static int ext2_fill_super(struct super_block *sb, void *data, int silent)
 	}
 	db_count = (sbi->s_groups_count + EXT2_DESC_PER_BLOCK(sb) - 1) /
 		   EXT2_DESC_PER_BLOCK(sb);
-	sbi->s_group_desc = kmalloc_array(db_count,
+	sbi->s_group_desc = kvmalloc_array(db_count,
 					   sizeof(struct buffer_head *),
 					   GFP_KERNEL);
 	if (sbi->s_group_desc == NULL) {
@@ -1218,7 +1218,7 @@ static int ext2_fill_super(struct super_block *sb, void *data, int silent)
 	for (i = 0; i < db_count; i++)
 		brelse(sbi->s_group_desc[i]);
 failed_mount_group_desc:
-	kfree(sbi->s_group_desc);
+	kvfree(sbi->s_group_desc);
 	kfree(sbi->s_debts);
 failed_mount:
 	brelse(bh);
-- 
2.35.1