reisze2fs: sanity check free block group counts when calculating minimum size
If one or more block group descriptor's free blocks count is insane,
it's possible this can lead to a infinite loop in the function
calculate_minimum_resize_size(), which is called by resize2fs -P or
resize2fs -M.
Add some sanity checks to avoid this. In the case where the file
system is corrupt, this will result in resize2fs -P reporting an
incorrect value, but that's OK, since when we try to do an actual
resize operation, resize2fs requires that the file system be freshly
checked using e2fsck.
https://github.com/tytso/e2fsprogs/issues/94
Fixes: ac94445fc01f ("resize2fs: make minimum size estimates more reliable for mounted fs")
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
diff --git a/resize/resize2fs.c b/resize/resize2fs.c
index 73174be..b9783e8 100644
--- a/resize/resize2fs.c
+++ b/resize/resize2fs.c
@@ -3002,8 +3002,17 @@
/* calculate how many blocks are needed for data */
data_needed = ext2fs_blocks_count(fs->super);
for (grp = 0; grp < fs->group_desc_count; grp++) {
- data_needed -= calc_group_overhead(fs, grp, old_desc_blocks);
- data_needed -= ext2fs_bg_free_blocks_count(fs, grp);
+ __u32 n = ext2fs_bg_free_blocks_count(fs, grp);
+
+ if (n > EXT2_BLOCKS_PER_GROUP(fs->super))
+ n = EXT2_BLOCKS_PER_GROUP(fs->super);
+ n += calc_group_overhead(fs, grp, old_desc_blocks);
+ if (data_needed < n) {
+ if (flags & RESIZE_DEBUG_MIN_CALC)
+ printf("file system appears inconsistent?!?\n");
+ return ext2fs_blocks_count(fs->super);
+ }
+ data_needed -= n;
}
#ifdef RESIZE2FS_DEBUG
if (flags & RESIZE_DEBUG_MIN_CALC)
diff --git a/tests/r_corrupt_fs/expect b/tests/r_corrupt_fs/expect
new file mode 100644
index 0000000..fe0f2bc
--- /dev/null
+++ b/tests/r_corrupt_fs/expect
@@ -0,0 +1,4 @@
+mke2fs -q -F -t ext4 -o Linux -b 1024 test.img 32M
+debugfs -w -R "set_bg 1 free_blocks_count 65536" /tmp/foo.img
+resize2fs -P /tmp/foo.img
+Estimated minimum size of the filesystem: 6604
diff --git a/tests/r_corrupt_fs/name b/tests/r_corrupt_fs/name
new file mode 100644
index 0000000..ed62741
--- /dev/null
+++ b/tests/r_corrupt_fs/name
@@ -0,0 +1 @@
+resize2fs -P of a corrupted file system
diff --git a/tests/r_corrupt_fs/script b/tests/r_corrupt_fs/script
new file mode 100644
index 0000000..08af91e
--- /dev/null
+++ b/tests/r_corrupt_fs/script
@@ -0,0 +1,45 @@
+if ! test -x $RESIZE2FS_EXE -o ! -x $DEBUGFS_EXE; then
+ echo "$test_name: $test_description: skipped (no debugfs/resize2fs)"
+ return 0
+fi
+
+OUT=$test_name.log
+if [ -f $test_dir/expect.gz ]; then
+ EXP=$test_name.tmp
+ gunzip < $test_dir/expect.gz > $EXP1
+else
+ EXP=$test_dir/expect
+fi
+
+echo mke2fs -q -F -t ext4 -o Linux -b 1024 test.img 32M > $OUT.new
+$MKE2FS -q -F -t ext4 -o Linux -b 1024 $TMPFILE 32M >> $OUT.new 2>&1
+
+echo debugfs -w -R \"set_bg 1 free_blocks_count 65536\" /tmp/foo.img >> $OUT.new
+$DEBUGFS -w -R "set_bg 1 free_blocks_count 65536" $TMPFILE > /dev/null 2>&1
+
+if type timeout > /dev/null 2>&1 ; then
+ TIMEOUT="timeout -v 30s"
+else
+ TIMEOUT=
+fi
+
+echo resize2fs -P /tmp/foo.img >> $OUT.new
+$TIMEOUT $RESIZE2FS -P $TMPFILE >> $OUT.new 2>&1
+
+sed -f $cmd_dir/filter.sed < $OUT.new > $OUT
+
+rm -f $TMPFILE $OUT.new
+
+cmp -s $OUT $EXP
+status=$?
+
+if [ "$status" = 0 ] ; then
+ echo "$test_name: $test_description: ok"
+ touch $test_name.ok
+else
+ echo "$test_name: $test_description: failed"
+ diff $DIFF_OPTS $EXP $OUT > $test_name.failed
+ rm -f $test_name.tmp
+fi
+
+unset IMAGE OUT EXP TIMEOUT
