| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20210607100028.GE30275@quack2.suse.cz>
Date: Mon, 7 Jun 2021 12:00:28 +0200
From: Jan Kara <jack@...e.cz>
To: Ritesh Harjani <riteshh@...ux.ibm.com>
Cc: linux-ext4@...r.kernel.org, Theodore Ts'o <tytso@....edu>,
Andreas Dilger <adilger.kernel@...ger.ca>,
Jan Kara <jack@...e.cz>
Subject: Re: [PATCH] ext4: Fix loff_t overflow in ext4_max_bitmap_size()
On Sat 05-06-21 10:39:32, Ritesh Harjani wrote:
> We should use unsigned long long rather than loff_t to avoid
> overflow in ext4_max_bitmap_size() for comparison before returning.
> w/o this patch sbi->s_bitmap_maxbytes was becoming a negative
> value due to overflow of upper_limit (with has_huge_files as true)
>
> Below is a quick test to trigger it on a 64KB pagesize system.
>
> sudo mkfs.ext4 -b 65536 -O ^has_extents,^64bit /dev/loop2
> sudo mount /dev/loop2 /mnt
> sudo echo "hello" > /mnt/hello -> This will error out with
> "echo: write error: File too large"
>
> Signed-off-by: Ritesh Harjani <riteshh@...ux.ibm.com>
OK, this works (although it's really tight ;). Won't it be somewhat safer
if we compared upper_limit and res before shifting both by blocksize_bits
to the left? Basically we need to shift only for comparison with
MAX_LFS_FILESIZE which is in bytes... But either way feel free to add:
Reviewed-by: Jan Kara <jack@...e.cz>
Honza
> ---
> fs/ext4/super.c | 10 +++++-----
> 1 file changed, 5 insertions(+), 5 deletions(-)
>
> diff --git a/fs/ext4/super.c b/fs/ext4/super.c
> index 7dc94f3e18e6..bedb66386966 100644
> --- a/fs/ext4/super.c
> +++ b/fs/ext4/super.c
> @@ -3189,17 +3189,17 @@ static loff_t ext4_max_size(int blkbits, int has_huge_files)
> */
> static loff_t ext4_max_bitmap_size(int bits, int has_huge_files)
> {
> - loff_t res = EXT4_NDIR_BLOCKS;
> + unsigned long long upper_limit, res = EXT4_NDIR_BLOCKS;
> int meta_blocks;
> - loff_t upper_limit;
> - /* This is calculated to be the largest file size for a dense, block
> +
> + /*
> + * This is calculated to be the largest file size for a dense, block
> * mapped file such that the file's total number of 512-byte sectors,
> * including data and all indirect blocks, does not exceed (2^48 - 1).
> *
> * __u32 i_blocks_lo and _u16 i_blocks_high represent the total
> * number of 512-byte sectors of the file.
> */
> -
> if (!has_huge_files) {
> /*
> * !has_huge_files or implies that the inode i_block field
> @@ -3242,7 +3242,7 @@ static loff_t ext4_max_bitmap_size(int bits, int has_huge_files)
> if (res > MAX_LFS_FILESIZE)
> res = MAX_LFS_FILESIZE;
>
> - return res;
> + return (loff_t)res;
> }
>
> static ext4_fsblk_t descriptor_loc(struct super_block *sb,
> --
> 2.31.1
>
--
Jan Kara <jack@...e.com>
SUSE Labs, CR
Powered by blists - more mailing lists