linux/fs/ext4
Sabyrzhan Tasbolatov f91436d55a fs/ext4: fix integer overflow in s_log_groups_per_flex
syzbot found UBSAN: shift-out-of-bounds in ext4_mb_init [1], when
1 << sbi->s_es->s_log_groups_per_flex is bigger than UINT_MAX,
where sbi->s_mb_prefetch is unsigned integer type.

32 is the maximum allowed power of s_log_groups_per_flex. Following if
check will also trigger UBSAN shift-out-of-bound:

if (1 << sbi->s_es->s_log_groups_per_flex >= UINT_MAX) {

So I'm checking it against the raw number, perhaps there is another way
to calculate UINT_MAX max power. Also use min_t as to make sure it's
uint type.

[1] UBSAN: shift-out-of-bounds in fs/ext4/mballoc.c:2713:24
shift exponent 60 is too large for 32-bit type 'int'
Call Trace:
 __dump_stack lib/dump_stack.c:79 [inline]
 dump_stack+0x137/0x1be lib/dump_stack.c:120
 ubsan_epilogue lib/ubsan.c:148 [inline]
 __ubsan_handle_shift_out_of_bounds+0x432/0x4d0 lib/ubsan.c:395
 ext4_mb_init_backend fs/ext4/mballoc.c:2713 [inline]
 ext4_mb_init+0x19bc/0x19f0 fs/ext4/mballoc.c:2898
 ext4_fill_super+0xc2ec/0xfbe0 fs/ext4/super.c:4983

Reported-by: syzbot+a8b4b0c60155e87e9484@syzkaller.appspotmail.com
Signed-off-by: Sabyrzhan Tasbolatov <snovitoll@gmail.com>
Reviewed-by: Jan Kara <jack@suse.cz>
Link: https://lore.kernel.org/r/20210224095800.3350002-1-snovitoll@gmail.com
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
2021-03-06 11:56:11 -05:00
..
.kunitconfig ext4: add .kunitconfig fragment to enable ext4-specific tests 2021-02-11 23:16:30 -05:00
acl.c ext4: support idmapped mounts 2021-01-24 14:43:46 +01:00
acl.h fs: make helpers idmap mount aware 2021-01-24 14:27:20 +01:00
balloc.c ext4: shrink race window in ext4_should_retry_alloc() 2021-03-06 11:56:10 -05:00
bitmap.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
block_validity.c ext4: standardize error message in ext4_protect_reserved_inode() 2020-12-17 13:30:55 -05:00
dir.c f2fs-for-5.11-rc1 2020-12-17 11:18:00 -08:00
ext4_extents.h ext4: fix EXT_MAX_EXTENT/INDEX to check for zeroed eh_max 2020-06-03 23:16:49 -04:00
ext4_jbd2.c ext4: drop ext4_handle_dirty_super() 2020-12-22 13:08:46 -05:00
ext4_jbd2.h ext4: drop ext4_handle_dirty_super() 2020-12-22 13:08:46 -05:00
ext4.h ext4: shrink race window in ext4_should_retry_alloc() 2021-03-06 11:56:10 -05:00
extents_status.c ext4: fast commit recovery path 2020-10-21 23:22:38 -04:00
extents_status.h ext4: fix extent_status trace points 2020-01-25 02:03:03 -05:00
extents.c ext4: reset retry counter when ext4_alloc_file_blocks() makes progress 2021-02-08 18:03:56 -05:00
fast_commit.c Miscellaneous ext4 cleanups and bug fixes. Pretty boring this 2021-02-25 10:06:55 -08:00
fast_commit.h ext4: make fast_commit.h byte identical with e2fsprogs/fast_commit.h 2020-12-17 13:30:45 -05:00
file.c iomap: pass a flags argument to iomap_dio_rw 2021-01-23 10:06:09 -08:00
fsmap.c jbd2: rename j_maxlen to j_total_len and add jbd2_journal_max_txn_bufs 2020-11-06 23:01:02 -05:00
fsmap.h ext4: fix up remaining files with SPDX cleanups 2017-12-17 22:00:59 -05:00
fsync.c block: use an on-stack bio in blkdev_issue_flush 2021-01-27 09:51:48 -07:00
hash.c ext4: use generic casefolding support 2020-10-28 13:43:13 -04:00
ialloc.c idmapped-mounts-v5.12 2021-02-23 13:39:45 -08:00
indirect.c ext4: use ASSERT() to replace J_ASSERT() 2020-12-03 09:36:57 -05:00
inline.c ext4: unlock xattr_sem properly in ext4_inline_data_truncate() 2020-11-06 22:52:36 -05:00
inode-test.c fs: ext4: Modify inode-test.c to use KUnit parameterized testing feature 2020-12-02 16:07:25 -07:00
inode.c idmapped-mounts-v5.12 2021-02-23 13:39:45 -08:00
ioctl.c idmapped-mounts-v5.12 2021-02-23 13:39:45 -08:00
Kconfig ext: EXT4_KUNIT_TESTS should depend on EXT4_FS instead of selecting it 2021-02-11 23:12:59 -05:00
Makefile ext4 / jbd2: add fast commit initialization 2020-10-21 23:22:26 -04:00
mballoc.c fs/ext4: fix integer overflow in s_log_groups_per_flex 2021-03-06 11:56:11 -05:00
mballoc.h ext4: limit the length of per-inode prealloc list 2020-08-19 12:04:36 -04:00
migrate.c ext4: handle ext4_mark_inode_dirty errors 2020-06-03 23:16:50 -04:00
mmp.c ext4: use common helpers in all places reading metadata buffers 2020-10-18 10:37:14 -04:00
move_extent.c ext4: use common helpers in all places reading metadata buffers 2020-10-18 10:37:14 -04:00
namei.c Miscellaneous ext4 cleanups and bug fixes. Pretty boring this 2021-02-25 10:06:55 -08:00
page-io.c ext4: remove unnecessary wbc parameter from ext4_bio_write_page 2020-12-22 13:08:45 -05:00
readpage.c block: Add bio_max_segs 2021-02-26 15:49:51 -07:00
resize.c ext4: drop ext4_handle_dirty_super() 2020-12-22 13:08:46 -05:00
super.c ext4: shrink race window in ext4_should_retry_alloc() 2021-03-06 11:56:10 -05:00
symlink.c ext4: switch to fscrypt_get_symlink() 2018-01-11 22:10:40 -05:00
sysfs.c ext4: shrink race window in ext4_should_retry_alloc() 2021-03-06 11:56:10 -05:00
truncate.h ext4: handle layout changes to pinned DAX mappings 2018-07-29 17:00:22 -04:00
verity.c mm/readahead: make page_cache_ra_unbounded take a readahead_control 2020-10-16 11:11:16 -07:00
xattr_hurd.c acl: handle idmapped mounts 2021-01-24 14:27:17 +01:00
xattr_security.c acl: handle idmapped mounts 2021-01-24 14:27:17 +01:00
xattr_trusted.c acl: handle idmapped mounts 2021-01-24 14:27:17 +01:00
xattr_user.c acl: handle idmapped mounts 2021-01-24 14:27:17 +01:00
xattr.c ext4: add reclaim checks to xattr code 2021-03-06 11:56:10 -05:00
xattr.h ext4: support xattr gnu.* namespace for the Hurd 2020-06-12 13:23:34 -04:00