ACK: [SRU][Trusty][PATCH 1/1] ext4: fix bitmap position validation

Stefan Bader stefan.bader at canonical.com
Wed Sep 5 12:53:37 UTC 2018 

On 31.08.2018 16:04, Joseph Salisbury wrote:
> From: Lukas Czerner <lczerner at redhat.com>
> 
> BugLink: https://bugs.launchpad.net/bugs/1789131
> 
> Currently in ext4_valid_block_bitmap() we expect the bitmap to be
> positioned anywhere between 0 and s_blocksize clusters, but that's
> wrong because the bitmap can be placed anywhere in the block group. This
> causes false positives when validating bitmaps on perfectly valid file
> system layouts. Fix it by checking whether the bitmap is within the group
> boundary.
> 
> The problem can be reproduced using the following
> 
> mkfs -t ext3 -E stride=256 /dev/vdb1
> mount /dev/vdb1 /mnt/test
> cd /mnt/test
> wget https://cdn.kernel.org/pub/linux/kernel/v4.x/linux-4.16.3.tar.xz
> tar xf linux-4.16.3.tar.xz
> 
> This will result in the warnings in the logs
> 
> EXT4-fs error (device vdb1): ext4_validate_block_bitmap:399: comm tar: bg 84: block 2774529: invalid block bitmap
> 
> [ Changed slightly for clarity and to not drop a overflow test -- TYT ]
> 
> Signed-off-by: Lukas Czerner <lczerner at redhat.com>
> Signed-off-by: Theodore Ts'o <tytso at mit.edu>
> Reported-by: Ilya Dryomov <idryomov at gmail.com>
> Fixes: 7dac4a1726a9 ("ext4: add validity checks for bitmap block numbers")
> Cc: stable at vger.kernel.org
> (cherry picked from commit 22be37acce25d66ecf6403fc8f44df9c5ded2372)
Acked-by: Stefan Bader <stefan.bader at canonical.com>
> Signed-off-by: Joseph Salisbury <joseph.salisbury at canonical.com>
> Reviewed-by: Tyler Hicks <tyhicks at canonical.com>
> ---
>  fs/ext4/balloc.c | 9 +++++----
>  1 file changed, 5 insertions(+), 4 deletions(-)
> 
> diff --git a/fs/ext4/balloc.c b/fs/ext4/balloc.c
> index c19e367..7f0300f 100644
> --- a/fs/ext4/balloc.c
> +++ b/fs/ext4/balloc.c
> @@ -311,6 +311,7 @@ static ext4_fsblk_t ext4_valid_block_bitmap(struct super_block *sb,
>  	struct ext4_sb_info *sbi = EXT4_SB(sb);
>  	ext4_grpblk_t offset;
>  	ext4_grpblk_t next_zero_bit;
> +	ext4_grpblk_t max_bit = EXT4_CLUSTERS_PER_GROUP(sb);
>  	ext4_fsblk_t blk;
>  	ext4_fsblk_t group_first_block;
>  
> @@ -328,7 +329,7 @@ static ext4_fsblk_t ext4_valid_block_bitmap(struct super_block *sb,
>  	/* check whether block bitmap block number is set */
>  	blk = ext4_block_bitmap(sb, desc);
>  	offset = blk - group_first_block;
> -	if (offset < 0 || EXT4_B2C(sbi, offset) >= sb->s_blocksize ||
> +	if (offset < 0 || EXT4_B2C(sbi, offset) >= max_bit ||
>  	    !ext4_test_bit(EXT4_B2C(sbi, offset), bh->b_data))
>  		/* bad block bitmap */
>  		return blk;
> @@ -336,7 +337,7 @@ static ext4_fsblk_t ext4_valid_block_bitmap(struct super_block *sb,
>  	/* check whether the inode bitmap block number is set */
>  	blk = ext4_inode_bitmap(sb, desc);
>  	offset = blk - group_first_block;
> -	if (offset < 0 || EXT4_B2C(sbi, offset) >= sb->s_blocksize ||
> +	if (offset < 0 || EXT4_B2C(sbi, offset) >= max_bit ||
>  	    !ext4_test_bit(EXT4_B2C(sbi, offset), bh->b_data))
>  		/* bad block bitmap */
>  		return blk;
> @@ -344,8 +345,8 @@ static ext4_fsblk_t ext4_valid_block_bitmap(struct super_block *sb,
>  	/* check whether the inode table block number is set */
>  	blk = ext4_inode_table(sb, desc);
>  	offset = blk - group_first_block;
> -	if (offset < 0 || EXT4_B2C(sbi, offset) >= sb->s_blocksize ||
> -	    EXT4_B2C(sbi, offset + sbi->s_itb_per_group) >= sb->s_blocksize)
> +	if (offset < 0 || EXT4_B2C(sbi, offset) >= max_bit ||
> +	    EXT4_B2C(sbi, offset + sbi->s_itb_per_group) >= max_bit)
>  		return blk;
>  	next_zero_bit = ext4_find_next_zero_bit(bh->b_data,
>  			EXT4_B2C(sbi, offset + EXT4_SB(sb)->s_itb_per_group),
> 


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20180905/47771725/attachment.sig>

More information about the kernel-team mailing list