On 2011-12-25, at 23:36, Xi Wang <xi.wang@xxxxxxxxx> wrote:
> Commit 503358ae fixed a division by zero, but groups_per_flex still
> overflows due to an oversized shift, given a large s_log_groups_per_flex
> like 36. (1 << 36) is undefined in C; the result may vary depending
> on the architecture, e.g., 16 on x86, thus bypassing the sanity check
> (groups_per_flex < 2).
While this is true in theory, it is not possible to have 2^32 groups per flex group. This would mean 2^32 block bitmaps and inode bitmaps in a single group, which is impossible.
> Signed-off-by: Xi Wang <xi.wang@xxxxxxxxx>
> ---
> fs/ext4/super.c | 9 +++++----
> 1 files changed, 5 insertions(+), 4 deletions(-)
>
> diff --git a/fs/ext4/super.c b/fs/ext4/super.c
> index 3e1329e..6deaf41 100644
> --- a/fs/ext4/super.c
> +++ b/fs/ext4/super.c
> @@ -2010,14 +2010,15 @@ static int ext4_fill_flex_info(struct super_block *sb)
> size_t size;
> int i;
>
> - sbi->s_log_groups_per_flex = sbi->s_es->s_log_groups_per_flex;
> - groups_per_flex = 1 << sbi->s_log_groups_per_flex;
> -
> - if (groups_per_flex < 2) {
> + if (sbi->s_es->s_log_groups_per_flex == 0 ||
> + sbi->s_es->s_log_groups_per_flex >= 32) {
> sbi->s_log_groups_per_flex = 0;
> return 1;
> }
>
> + sbi->s_log_groups_per_flex = sbi->s_es->s_log_groups_per_flex;
> + groups_per_flex = 1 << sbi->s_log_groups_per_flex;
> +
> /* We allocate both existing and potentially added groups */
> flex_group_count = ((sbi->s_groups_count + groups_per_flex - 1) +
> ((le16_to_cpu(sbi->s_es->s_reserved_gdt_blocks) + 1) <<
> --
> 1.7.5.4
>
--
To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
