| From de0ca30bddfa2e6ef13a69c35638aceec209bee1 Mon Sep 17 00:00:00 2001 |
| From: Theodore Ts'o <tytso@mit.edu> |
| Date: Mon, 23 Nov 2009 07:24:46 -0500 |
| Subject: [PATCH 58/85] ext4: avoid divide by zero when trying to mount a corrupted file system |
| |
| (cherry picked from commit 503358ae01b70ce6909d19dd01287093f6b6271c) |
| |
| If s_log_groups_per_flex is greater than 31, then groups_per_flex will |
| will overflow and cause a divide by zero error. This can cause kernel |
| BUG if such a file system is mounted. |
| |
| Thanks to Nageswara R Sastry for analyzing the failure and providing |
| an initial patch. |
| |
| http://bugzilla.kernel.org/show_bug.cgi?id=14287 |
| |
| Signed-off-by: "Theodore Ts'o" <tytso@mit.edu> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> |
| --- |
| fs/ext4/super.c | 8 ++++---- |
| 1 file changed, 4 insertions(+), 4 deletions(-) |
| |
| --- a/fs/ext4/super.c |
| +++ b/fs/ext4/super.c |
| @@ -1695,14 +1695,14 @@ static int ext4_fill_flex_info(struct su |
| size_t size; |
| int i; |
| |
| - if (!sbi->s_es->s_log_groups_per_flex) { |
| + sbi->s_log_groups_per_flex = sbi->s_es->s_log_groups_per_flex; |
| + groups_per_flex = 1 << sbi->s_log_groups_per_flex; |
| + |
| + if (groups_per_flex < 2) { |
| sbi->s_log_groups_per_flex = 0; |
| return 1; |
| } |
| |
| - sbi->s_log_groups_per_flex = sbi->s_es->s_log_groups_per_flex; |
| - groups_per_flex = 1 << sbi->s_log_groups_per_flex; |
| - |
| /* We allocate both existing and potentially added groups */ |
| flex_group_count = ((sbi->s_groups_count + groups_per_flex - 1) + |
| ((le16_to_cpu(sbi->s_es->s_reserved_gdt_blocks) + 1) << |
