calculate_minimum_resize_size() multiplying two 32bit numbers, however the
result must be 64bit, but it will be truncated to 32bit, and because of this
data_blocks will be zero, and it will never leave loop:
blocks_per_group=32768 (u32)
extra_groups=131072 (u32)
data_blocks=4294967296 # overflow
And here is messages from log with resize2fs -f 255:
fs has 4007207 inodes, 1957 groups required.
fs requires 4374122900 data blocks.
With 1957 group(s), we have 63820826 blocks available.
Added 131540 extra group(s), blks_needed 4374122900, data_blocks·62023030, last_start 4356599580
Added 131595 extra group(s), blks_needed 4374122900, data_blocks·73483100, last_start 5781212288
Added 131246 extra group(s), blks_needed 4374122900, data_blocks·79184732, last_start 5781244926
Added 131072 extra group(s), blks_needed 4374122900, data_blocks·79184732, last_start 5781277564
Added 131072 extra group(s), blks_needed 4374122900, data_blocks·79184732, last_start 5781310202
...
Reported-by: Brad Campbell <[email protected]>
Tested-by: Brad Campbell <[email protected]>
Signed-off-by: Azat Khuzhin <[email protected]>
---
resize/resize2fs.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/resize/resize2fs.c b/resize/resize2fs.c
index 546b1d8..6777bfa 100644
--- a/resize/resize2fs.c
+++ b/resize/resize2fs.c
@@ -2479,7 +2479,8 @@ blk64_t calculate_minimum_resize_size(ext2_filsys fs, int flags)
extra_grps = ext2fs_div64_ceil(remainder,
EXT2_BLOCKS_PER_GROUP(fs->super));
- data_blocks += extra_grps * EXT2_BLOCKS_PER_GROUP(fs->super);
+ data_blocks += (unsigned long long)extra_grps *
+ EXT2_BLOCKS_PER_GROUP(fs->super);
/* ok we have to account for the last group */
overhead = calc_group_overhead(fs, groups-1, old_desc_blocks);
--
2.0.1
On Sat, Jul 26, 2014 at 11:19:27AM +0400, Azat Khuzhin wrote:
> calculate_minimum_resize_size() multiplying two 32bit numbers, however the
> result must be 64bit, but it will be truncated to 32bit, and because of this
> data_blocks will be zero, and it will never leave loop...
There is a much more general patch which solves a number of other
instances where this bug exists which I've already committed into my
tree:
https://git.kernel.org/cgit/fs/ext2/e2fsprogs.git/commit/?h=maint&id=1e33a8b408123a4e02a6b9135807f6fd61f3e235
Cheers,
- Ted
On Sat, Jul 26, 2014 at 05:53:41PM -0400, Theodore Ts'o wrote:
> On Sat, Jul 26, 2014 at 11:19:27AM +0400, Azat Khuzhin wrote:
> > calculate_minimum_resize_size() multiplying two 32bit numbers, however the
> > result must be 64bit, but it will be truncated to 32bit, and because of this
> > data_blocks will be zero, and it will never leave loop...
>
> There is a much more general patch which solves a number of other
> instances where this bug exists which I've already committed into my
> tree:
>
> https://git.kernel.org/cgit/fs/ext2/e2fsprogs.git/commit/?h=maint&id=1e33a8b408123a4e02a6b9135807f6fd61f3e235
Yeah, I didn't thought about fixing *all* places of this bug.
Thanks,
Azat.