ext4: fix overflow when updating superblock backups after resize

commit 9378c6768e4fca48971e7b6a9075bc006eda981d upstream.

When there are no meta block groups update_backups() will compute the
backup block in 32-bit arithmetics thus possibly overflowing the block
number and corrupting the filesystem. OTOH filesystems without meta
block groups larger than 16 TB should be rare. Fix the problem by doing
the counting in 64-bit arithmetics.

Coverity-id: 741252
Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Reviewed-by: Lukas Czerner <lczerner@redhat.com>
[lizf: Backported to 3.4: adjust context]
Signed-off-by: Zefan Li <lizefan@huawei.com>

diff --git a/fs/ext4/resize.c b/fs/ext4/resize.c
index a43e43c835d1a2b6e11509ee8dc9741c618f77ee..cfd321104250f7ea9d1c991a2e7de949e76237bb 100644 (file)
--- a/fs/ext4/resize.c
+++ b/fs/ext4/resize.c
@@ -991,7 +991,7 @@ static void update_backups(struct super_block *sb,
                    (err = ext4_journal_restart(handle, EXT4_MAX_TRANS_DATA)))
                        break;
 
-               bh = sb_getblk(sb, group * bpg + blk_off);
+               bh = sb_getblk(sb, ((ext4_fsblk_t)group) * bpg + blk_off);
                if (!bh) {
                        err = -ENOMEM;
                        break;