The patch titled
more ext3 16T overflow fixes
has been added to the -mm tree. Its filename is
more-ext3-16t-overflow-fixes.patch
See http://www.zip.com.au/~akpm/linux/patches/stuff/added-to-mm.txt to find
out what to do about this
------------------------------------------------------
Subject: more ext3 16T overflow fixes
From: Eric Sandeen <esandeen@xxxxxxxxxx>
Some of the changes in balloc.c are just cosmetic, as Andreas pointed out -
if they overflow they'll then underflow and things are fine.
5th hunk actually fixes an overflow problem.
Also check for potential overflows in inode & block counts when resizing.
Signed-off-by: Eric Sandeen <esandeen@xxxxxxxxxx>
Cc: Mingming Cao <cmm@xxxxxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxx>
---
fs/ext3/balloc.c | 12 ++++++------
fs/ext3/resize.c | 15 +++++++++++++++
2 files changed, 21 insertions(+), 6 deletions(-)
diff -puN fs/ext3/balloc.c~more-ext3-16t-overflow-fixes fs/ext3/balloc.c
--- a/fs/ext3/balloc.c~more-ext3-16t-overflow-fixes
+++ a/fs/ext3/balloc.c
@@ -202,7 +202,7 @@ goal_in_my_reservation(struct ext3_reser
ext3_fsblk_t group_first_block, group_last_block;
group_first_block = ext3_group_first_block_no(sb, group);
- group_last_block = group_first_block + EXT3_BLOCKS_PER_GROUP(sb) - 1;
+ group_last_block = group_first_block + (EXT3_BLOCKS_PER_GROUP(sb) - 1);
if ((rsv->_rsv_start > group_last_block) ||
(rsv->_rsv_end < group_first_block))
@@ -1047,7 +1047,7 @@ static int alloc_new_reservation(struct
spinlock_t *rsv_lock = &EXT3_SB(sb)->s_rsv_window_lock;
group_first_block = ext3_group_first_block_no(sb, group);
- group_end_block = group_first_block + EXT3_BLOCKS_PER_GROUP(sb) - 1;
+ group_end_block = group_first_block + (EXT3_BLOCKS_PER_GROUP(sb) - 1);
if (grp_goal < 0)
start_block = group_first_block;
@@ -1239,7 +1239,7 @@ ext3_try_to_allocate_with_rsv(struct sup
struct ext3_reserve_window_node * my_rsv,
unsigned long *count, int *errp)
{
- ext3_fsblk_t group_first_block;
+ ext3_fsblk_t group_first_block, group_last_block;
ext3_grpblk_t ret = 0;
int fatal;
unsigned long num = *count;
@@ -1276,6 +1276,7 @@ ext3_try_to_allocate_with_rsv(struct sup
* first block is the block number of the first block in this group
*/
group_first_block = ext3_group_first_block_no(sb, group);
+ group_last_block = group_first_block + (EXT3_BLOCKS_PER_GROUP(sb) - 1);
/*
* Basically we will allocate a new block from inode's reservation
@@ -1311,9 +1312,8 @@ ext3_try_to_allocate_with_rsv(struct sup
try_to_extend_reservation(my_rsv, sb,
*count-my_rsv->rsv_end + grp_goal - 1);
- if ((my_rsv->rsv_start >= group_first_block +
- EXT3_BLOCKS_PER_GROUP(sb))
- || (my_rsv->rsv_end < group_first_block)) {
+ if ((my_rsv->rsv_start > group_last_block) ||
+ (my_rsv->rsv_end < group_first_block)) {
rsv_window_dump(&EXT3_SB(sb)->s_rsv_window_root, 1);
BUG();
}
diff -puN fs/ext3/resize.c~more-ext3-16t-overflow-fixes fs/ext3/resize.c
--- a/fs/ext3/resize.c~more-ext3-16t-overflow-fixes
+++ a/fs/ext3/resize.c
@@ -730,6 +730,16 @@ int ext3_group_add(struct super_block *s
return -EPERM;
}
+ if (es->s_blocks_count + input->blocks_count < es->s_blocks_count) {
+ ext3_warning(sb, __FUNCTION__, "blocks_count overflow\n");
+ return -EINVAL;
+ }
+
+ if (es->s_inodes_count+EXT3_INODES_PER_GROUP(sb) < es->s_inodes_count) {
+ ext3_warning(sb, __FUNCTION__, "inodes_count overflow\n");
+ return -EINVAL;
+ }
+
if (reserved_gdb || gdb_off == 0) {
if (!EXT3_HAS_COMPAT_FEATURE(sb,
EXT3_FEATURE_COMPAT_RESIZE_INODE)){
@@ -958,6 +968,11 @@ int ext3_group_extend(struct super_block
add = EXT3_BLOCKS_PER_GROUP(sb) - last;
+ if (o_blocks_count + add < o_blocks_count) {
+ ext3_warning(sb, __FUNCTION__, "blocks_count overflow");
+ return -EINVAL;
+ }
+
if (o_blocks_count + add > n_blocks_count)
add = n_blocks_count - o_blocks_count;
_
Patches currently in -mm which might be from esandeen@xxxxxxxxxx are
mount-udf-udf_part_flag_read_only-partitions-with-ms_rdonly.patch
fix-ext3-mounts-at-16t.patch
fix-ext2-mounts-at-16t.patch
more-ext3-16t-overflow-fixes.patch
-
To unsubscribe from this list: send the line "unsubscribe mm-commits" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
