Commit b1cb8bf4 authored Aug 01, 2023 by Kemeng Shi Committed by Greg Kroah-Hartman Sep 19, 2023

ext4: avoid potential data overflow in next_linear_group



[ Upstream commit 60c672b7 ]

ngroups is ext4_group_t (unsigned int) while next_linear_group treat it
in int. If ngroups is bigger than max number described by int, it will
be treat as a negative number. Then "return group + 1 >= ngroups ? 0 :
group + 1;" may keep returning 0.
Switch int to ext4_group_t in next_linear_group to fix the overflow.

Fixes: 196e402a ("ext4: improve cr 0 / cr 1 group scanning")
Signed-off-by: Kemeng Shi <shikemeng@huaweicloud.com>
Reviewed-by: Ritesh Harjani (IBM) <ritesh.list@gmail.com>
Link: https://lore.kernel.org/r/20230801143204.2284343-3-shikemeng@huaweicloud.com


Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Sasha Levin <sashal@kernel.org>

parent 3e24082f

Show whitespace changes

Inline Side-by-side

CodeLinaro @codelinaro
mentioned in commit 6dfd4d40
· Nov 05, 2025

mentioned in commit 6dfd4d40

mentioned in commit 6dfd4d406c10cabfd9de5696b20d728f713816ce

Toggle commit list
CodeLinaro @codelinaro
mentioned in commit c43b7972
· Nov 05, 2025

mentioned in commit c43b7972

mentioned in commit c43b7972a727fb2763939c927fe6ee14d9c1b552

Toggle commit list

Please to comment