commit 38f20840ac95180eccf512780f7454f85b2bf99e
author Baokun Li <libaokun1@huawei.com> Mon Oct 23 09:30:54 2023 +0800
committer Vegard Nossum <vegard.nossum@oracle.com> Fri Mar 08 08:21:31 2024 +0000
tree 6f7f0085a3007b239845722df16f927b351b5ada
parent 3d8aee1169f45a8ea3015adafd87b73f603fbdeb

ext4: unify the type of flexbg_size to unsigned int

[ Upstream commit 658a52344fb139f9531e7543a6e0015b630feb38 ]

The maximum value of flexbg_size is 2^31, but the maximum value of int
is (2^31 - 1), so overflow may occur when the type of flexbg_size is
declared as int.

For example, when uninit_mask is initialized in ext4_alloc_group_tables(),
if flexbg_size == 2^31, the initialized uninit_mask is incorrect, and this
may causes set_flexbg_block_bitmap() to trigger a BUG_ON().

Therefore, the flexbg_size type is declared as unsigned int to avoid
overflow and memory waste.

Signed-off-by: Baokun Li <libaokun1@huawei.com>
Reviewed-by: Jan Kara <jack@suse.cz>
Link: https://lore.kernel.org/r/20231023013057.2117948-2-libaokun1@huawei.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Sasha Levin <sashal@kernel.org>
(cherry picked from commit 17c04def41743d01067a4c347b2d429f847c28c3)
[vegard: fix conflict due to missing commit
 d77147ff443b255d82c907a632c825b2cc610b10 which changed printk to
 ext4_debug]
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>

fs/ext4/resize.c

diff --git a/fs/ext4/resize.c b/fs/ext4/resize.c
index f0b27be..47ecf08 100644
--- a/fs/ext4/resize.c
+++ b/fs/ext4/resize.c
@@ -237,7 +237,7 @@
  *
  * Returns NULL on failure otherwise address of the allocated structure.
  */
-static struct ext4_new_flex_group_data *alloc_flex_gd(unsigned long flexbg_size)
+static struct ext4_new_flex_group_data *alloc_flex_gd(unsigned int flexbg_size)
 {
 	struct ext4_new_flex_group_data *flex_gd;
 
@@ -290,7 +290,7 @@
  */
 static int ext4_alloc_group_tables(struct super_block *sb,
 				struct ext4_new_flex_group_data *flex_gd,
-				int flexbg_size)
+				unsigned int flexbg_size)
 {
 	struct ext4_new_group_data *group_data = flex_gd->groups;
 	ext4_fsblk_t start_blk;
@@ -383,12 +383,12 @@
 		group = group_data[0].group;
 
 		printk(KERN_DEBUG "EXT4-fs: adding a flex group with "
-		       "%d groups, flexbg size is %d:\n", flex_gd->count,
+		       "%u groups, flexbg size is %u:\n", flex_gd->count,
 		       flexbg_size);
 
 		for (i = 0; i < flex_gd->count; i++) {
 			printk(KERN_DEBUG "adding %s group %u: %u "
-			       "blocks (%d free)\n",
+			       "blocks (%u free)\n",
 			       ext4_bg_has_super(sb, group + i) ? "normal" :
 			       "no-super", group + i,
 			       group_data[i].blocks_count,
@@ -1558,7 +1558,7 @@
 static int ext4_setup_next_flex_gd(struct super_block *sb,
 				    struct ext4_new_flex_group_data *flex_gd,
 				    ext4_fsblk_t n_blocks_count,
-				    unsigned long flexbg_size)
+				    unsigned int flexbg_size)
 {
 	struct ext4_super_block *es = EXT4_SB(sb)->s_es;
 	struct ext4_new_group_data *group_data = flex_gd->groups;
@@ -1935,8 +1935,9 @@
 	ext4_fsblk_t o_blocks_count;
 	ext4_fsblk_t n_blocks_count_retry = 0;
 	unsigned long last_update_time = 0;
-	int err = 0, flexbg_size = 1 << sbi->s_log_groups_per_flex;
+	int err = 0;
 	int meta_bg;
+	unsigned int flexbg_size = ext4_flex_bg_size(sbi);
 
 	/* See if the device is actually as big as what was requested */
 	bh = sb_bread(sb, n_blocks_count - 1);