Patch "ext4: avoid potential data overflow in next_linear_group" has been added to the 6.4-stable tree

Sasha Levin <sashal@xxxxxxxxxx> · Fri, 8 Sep 2023 18:29:55 -0400

This is a note to let you know that I've just added the patch titled

    ext4: avoid potential data overflow in next_linear_group

to the 6.4-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     ext4-avoid-potential-data-overflow-in-next_linear_gr.patch
and it can be found in the queue-6.4 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit edd1da5da1fcb33da1225cce7e35b9744b0d2d08
Author: Kemeng Shi <shikemeng@xxxxxxxxxxxxxxx>
Date:   Tue Aug 1 22:31:56 2023 +0800

    ext4: avoid potential data overflow in next_linear_group
    
    [ Upstream commit 60c672b7f2d1e5dd1774f2399b355c9314e709f8 ]
    
    ngroups is ext4_group_t (unsigned int) while next_linear_group treat it
    in int. If ngroups is bigger than max number described by int, it will
    be treat as a negative number. Then "return group + 1 >= ngroups ? 0 :
    group + 1;" may keep returning 0.
    Switch int to ext4_group_t in next_linear_group to fix the overflow.
    
    Fixes: 196e402adf2e ("ext4: improve cr 0 / cr 1 group scanning")
    Signed-off-by: Kemeng Shi <shikemeng@xxxxxxxxxxxxxxx>
    Reviewed-by: Ritesh Harjani (IBM) <ritesh.list@xxxxxxxxx>
    Link: https://lore.kernel.org/r/20230801143204.2284343-3-shikemeng@xxxxxxxxxxxxxxx
    Signed-off-by: Theodore Ts'o <tytso@xxxxxxx>
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/fs/ext4/mballoc.c b/fs/ext4/mballoc.c
index 98e12326b0d6a..333439b3ac146 100644
--- a/fs/ext4/mballoc.c
+++ b/fs/ext4/mballoc.c
@@ -966,8 +966,9 @@ static inline int should_optimize_scan(struct ext4_allocation_context *ac)
  * Return next linear group for allocation. If linear traversal should not be
  * performed, this function just returns the same group
  */
-static int
-next_linear_group(struct ext4_allocation_context *ac, int group, int ngroups)
+static ext4_group_t
+next_linear_group(struct ext4_allocation_context *ac, ext4_group_t group,
+		  ext4_group_t ngroups)
 {
 	if (!should_optimize_scan(ac))
 		goto inc_and_return;






