git.ipfire.org Git - thirdparty/kernel/stable-queue.git/blob

   1 From 139a56170de67101791d6e6c8e940c6328393fe9 Mon Sep 17 00:00:00 2001
   2 From: Nikolay Borisov <nborisov@suse.com>
   3 Date: Mon, 18 Mar 2019 17:45:20 +0200
   4 Subject: btrfs: Avoid possible qgroup_rsv_size overflow in btrfs_calculate_inode_block_rsv_size
   5
   6 From: Nikolay Borisov <nborisov@suse.com>
   7
   8 commit 139a56170de67101791d6e6c8e940c6328393fe9 upstream.
   9
  10 qgroup_rsv_size is calculated as the product of
  11 outstanding_extent * fs_info->nodesize. The product is calculated with
  12 32 bit precision since both variables are defined as u32. Yet
  13 qgroup_rsv_size expects a 64 bit result.
  14
  15 Avoid possible multiplication overflow by casting outstanding_extent to
  16 u64. Such overflow would in the worst case (64K nodesize) require more
  17 than 65536 extents, which is quite large and i'ts not likely that it
  18 would happen in practice.
  19
  20 Fixes-coverity-id: 1435101
  21 Fixes: ff6bc37eb7f6 ("btrfs: qgroup: Use independent and accurate per inode qgroup rsv")
  22 CC: stable@vger.kernel.org # 4.19+
  23 Reviewed-by: Qu Wenruo <wqu@suse.com>
  24 Signed-off-by: Nikolay Borisov <nborisov@suse.com>
  25 Reviewed-by: David Sterba <dsterba@suse.com>
  26 Signed-off-by: David Sterba <dsterba@suse.com>
  27 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  28
  29 ---
  30  fs/btrfs/extent-tree.c |    2 +-
  31  1 file changed, 1 insertion(+), 1 deletion(-)
  32
  33 --- a/fs/btrfs/extent-tree.c
  34 +++ b/fs/btrfs/extent-tree.c
  35 @@ -6115,7 +6115,7 @@ static void btrfs_calculate_inode_block_
  36          *
  37          * This is overestimating in most cases.
  38          */
  39 -       qgroup_rsv_size = outstanding_extents * fs_info->nodesize;
  40 +       qgroup_rsv_size = (u64)outstanding_extents * fs_info->nodesize;
  41
  42         spin_lock(&block_rsv->lock);
  43         block_rsv->size = reserve_size;