git.samba.org / sfrench / cifs-2.6.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
fs/ext4: fix integer overflow in s_log_groups_per_flex
[sfrench/cifs-2.6.git] / fs / ext4 / mballoc.c
diff --git a/fs/ext4/mballoc.c b/fs/ext4/mballoc.c
index 99bf091fee10eeb0f6dbc250389e664ba8d07633..a02fadf4fc84e21e0b4b94182d66e07b2a52ae1c 100644 (file)
--- a/fs/ext4/mballoc.c
+++ b/fs/ext4/mballoc.c
@@ -2709,8 +2709,15 @@ static int ext4_mb_init_backend(struct super_block *sb)
        }
 
        if (ext4_has_feature_flex_bg(sb)) {
-               /* a single flex group is supposed to be read by a single IO */
-               sbi->s_mb_prefetch = min(1 << sbi->s_es->s_log_groups_per_flex,
+               /* a single flex group is supposed to be read by a single IO.
+                * 2 ^ s_log_groups_per_flex != UINT_MAX as s_mb_prefetch is
+                * unsigned integer, so the maximum shift is 32.
+                */
+               if (sbi->s_es->s_log_groups_per_flex >= 32) {
+                       ext4_msg(sb, KERN_ERR, "too many log groups per flexible block group");
+                       goto err_freesgi;
+               }
+               sbi->s_mb_prefetch = min_t(uint, 1 << sbi->s_es->s_log_groups_per_flex,
                        BLK_MAX_SEGMENT_SIZE >> (sb->s_blocksize_bits - 9));
                sbi->s_mb_prefetch *= 8; /* 8 prefetch IOs in flight at most */
        } else {
Unnamed repository; edit this file 'description' to name the repository.