linux-sg2042/fs/ext2
Georg Ottinger 035bc86fbf ext2: fix datatype of block number in ext2_xattr_set2()
[ Upstream commit e880763484 ]

I run a small server that uses external hard drives for backups. The
backup software I use uses ext2 filesystems with 4KiB block size and
the server is running SELinux and therefore relies on xattr. I recently
upgraded the hard drives from 4TB to 12TB models. I noticed that after
transferring some TBs I got a filesystem error "Freeing blocks not in
datazone - block = 18446744071529317386, count = 1" and the backup
process stopped. Trying to fix the fs with e2fsck resulted in a
completely corrupted fs. The error probably came from ext2_free_blocks(),
and because of the large number 18e19 this problem immediately looked
like some kind of integer overflow. Whereas the 4TB fs was about 1e9
blocks, the new 12TB is about 3e9 blocks. So, searching the ext2 code,
I came across the line in fs/ext2/xattr.c:745 where ext2_new_block()
is called and the resulting block number is stored in the variable block
as an int datatype. If a block with a block number greater than
INT32_MAX is returned, this variable overflows and the call to
sb_getblk() at line fs/ext2/xattr.c:750 fails, then the call to
ext2_free_blocks() produces the error.

Signed-off-by: Georg Ottinger <g.ottinger@gmx.at>
Signed-off-by: Jan Kara <jack@suse.cz>
Message-Id: <20230815100340.22121-1-g.ottinger@gmx.at>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2023-09-23 11:11:05 +02:00
..
Kconfig ext2: use iomap_fiemap to implement ->fiemap 2021-07-27 11:00:32 +02:00
Makefile License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
acl.c vfs: add rcu argument to ->get_acl() callback 2021-08-18 22:08:24 +02:00
acl.h vfs: add rcu argument to ->get_acl() callback 2021-08-18 22:08:24 +02:00
balloc.c ext2: replace bh_submit_read() helper with bh_read() 2022-09-11 20:26:08 -07:00
dir.c ext2: unbugger ext2_empty_dir() 2023-01-07 11:11:40 +01:00
ext2.h ext2: Drop fragment support 2023-08-11 12:08:24 +02:00
file.c ext2: Convert to using invalidate_lock 2021-07-13 14:29:00 +02:00
ialloc.c treewide: use prandom_u32_max() when possible, part 2 2022-10-11 17:42:58 -06:00
inode.c ext2/dax: Fix ext2_setsize when len is page aligned 2023-07-23 13:49:34 +02:00
ioctl.c ext2: convert to fileattr 2021-04-12 15:04:29 +02:00
namei.c vfs: open inside ->tmpfile() 2022-09-24 07:00:00 +02:00
super.c ext2: Drop fragment support 2023-08-11 12:08:24 +02:00
symlink.c ext2: code cleanup by removing ifdef macro surrounding 2020-05-22 15:11:00 +02:00
xattr.c ext2: fix datatype of block number in ext2_xattr_set2() 2023-09-23 11:11:05 +02:00
xattr.h ext2: code cleanup by removing ifdef macro surrounding 2020-05-22 15:11:00 +02:00
xattr_security.c acl: handle idmapped mounts 2021-01-24 14:27:17 +01:00
xattr_trusted.c acl: handle idmapped mounts 2021-01-24 14:27:17 +01:00
xattr_user.c acl: handle idmapped mounts 2021-01-24 14:27:17 +01:00