linux/fs/ext4
Theodore Ts'o e861b5e9a4 ext4: avoid possible overflow in ext4_map_blocks()
The ext4_map_blocks() function returns the number of blocks which
satisfying the caller's request.  This number of blocks requested by
the caller is specified by an unsigned integer, but the return value
of ext4_map_blocks() is a signed integer (to accomodate error codes
per the kernel's standard error signalling convention).

Historically, overflows could never happen since mballoc() will refuse
to allocate more than 2048 blocks at a time (which is something we
should fix), and if the blocks were already allocated, the fact that
there would be some number of intervening metadata blocks pretty much
guaranteed that there could never be a contiguous region of data
blocks that was greater than 2**31 blocks.

However, this is now possible if there is a file system which is a bit
bigger than 8TB, and is created using the new mke2fs hugeblock
feature, which can create a perfectly contiguous file.  In that case,
if a userspace program attempted to call fallocate() on this already
fully allocated file, it's possible that ext4_map_blocks() could
return a number large enough that it would overflow a signed integer,
resulting in a ext4 thinking that the ext4_map_blocks() call had
failed with some strange error code.

Since ext4_map_blocks() is always free to return a smaller number of
blocks than what was requested by the caller, fix this by capping the
number of blocks that ext4_map_blocks() will ever try to map to 2**31
- 1.  In practice this should never get hit, except by someone
deliberately trying to provke the above-described bug.

Thanks to the PaX team for asking whethre this could possibly happen
in some off-line discussions about using some static code checking
technology they are developing to find bugs in kernel code.

Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
2014-02-20 12:54:05 -05:00
..
acl.c ext2/3/4: use generic posix ACL infrastructure 2014-01-25 23:58:19 -05:00
acl.h ext2/3/4: use generic posix ACL infrastructure 2014-01-25 23:58:19 -05:00
balloc.c ext4: don't count free clusters from a corrupt block group 2013-10-31 11:46:31 -04:00
bitmap.c ext4: Checksum the block bitmap properly with bigalloc enabled 2012-10-22 00:34:32 -04:00
block_validity.c fs/ext4: use rbtree postorder iteration helper instead of opencoding 2014-01-23 16:37:03 -08:00
dir.c fs/ext4: use rbtree postorder iteration helper instead of opencoding 2014-01-23 16:37:03 -08:00
ext4_extents.h ext4: isolate ext4_extents.h file 2013-08-28 14:47:06 -04:00
ext4_jbd2.c ext4: call ext4_error_inode() if jbd2_journal_dirty_metadata() fails 2013-12-02 09:31:36 -05:00
ext4_jbd2.h ext4: Fix misspellings using 'codespell' tool 2013-08-28 14:40:12 -04:00
ext4.h ext4: don't leave i_crtime.tv_sec uninitialized 2014-02-16 19:29:32 -05:00
extents_status.c ext4: add ext4_es_store_pblock_status() 2014-02-19 20:15:15 -05:00
extents_status.h ext4: add ext4_es_store_pblock_status() 2014-02-19 20:15:15 -05:00
extents.c ext4: fix error return from ext4_ext_handle_uninitialized_extents() 2014-02-19 18:52:39 -05:00
file.c fix O_SYNC|O_APPEND syncing the wrong range on write() 2014-02-09 15:18:09 -05:00
fsync.c ext4: Fix fsync error handling after filesystem abort 2013-06-12 22:38:04 -04:00
hash.c ext4: reduce one "if" comparison in ext4_dirhash() 2013-02-01 22:33:21 -05:00
ialloc.c ext4: use prandom_u32() instead of get_random_bytes() 2013-11-08 00:14:53 -05:00
indirect.c ext4: isolate ext4_extents.h file 2013-08-28 14:47:06 -04:00
inline.c ext4: delete "set but not used" variables 2014-01-11 13:26:56 -05:00
inode.c ext4: avoid possible overflow in ext4_map_blocks() 2014-02-20 12:54:05 -05:00
ioctl.c ext4: clean up error handling in swap_inode_boot_loader() 2014-02-17 20:44:36 -05:00
Kconfig ext4: fix Kconfig documentation for CONFIG_EXT4_DEBUG 2013-04-21 20:32:03 -04:00
Makefile ext4: Remove CONFIG_EXT4_FS_XATTR 2012-12-10 16:30:43 -05:00
mballoc.c ext4: make sure ex.fe_logical is initialized 2014-02-20 00:36:41 -05:00
mballoc.h ext4: address a benign compiler warning 2014-02-17 20:50:59 -05:00
migrate.c ext4: Fix misspellings using 'codespell' tool 2013-08-28 14:40:12 -04:00
mmp.c ext4: use prandom_u32() instead of get_random_bytes() 2013-11-08 00:14:53 -05:00
move_extent.c ext4: remove an unneeded check in mext_page_mkuptodate() 2014-02-17 20:46:40 -05:00
namei.c Bug fixes and cleanups for ext4. We also enable the punch hole 2014-01-28 08:54:16 -08:00
page-io.c block: Abstract out bvec iterator 2013-11-23 22:33:47 -08:00
resize.c ext4: fix online resize with a non-standard blocks per group setting 2014-02-15 22:42:25 -05:00
super.c ext4: Add __init marking to init_inodecache 2014-02-17 20:34:53 -05:00
symlink.c ext4: Remove CONFIG_EXT4_FS_XATTR 2012-12-10 16:30:43 -05:00
truncate.h
xattr_security.c Merge branch 'for_linus' into for_linus_merged 2012-01-10 11:54:07 -05:00
xattr_trusted.c ext2/3/4: delete unneeded includes of module.h 2012-01-09 13:52:10 +01:00
xattr_user.c ext2/3/4: delete unneeded includes of module.h 2012-01-09 13:52:10 +01:00
xattr.c ext4: don't calculate total xattr header size unless needed 2014-02-19 20:15:21 -05:00
xattr.h ext2/3/4: use generic posix ACL infrastructure 2014-01-25 23:58:19 -05:00