From: Theodore Ts'o <tytso@mit.edu>
Date: Sun, 8 Jul 2018 23:35:02 +0000 (-0400)
Subject: ext4: fix false negatives *and* false positives in ext4_check_descriptors()
X-Git-Tag: archive/raspbian/4.18.10-2+rpi1^2^2^2^2^2~18
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=d3c9719ae0a47a21646f438bbe04c40b898d2893;p=linux.git

ext4: fix false negatives *and* false positives in ext4_check_descriptors()

Ext4_check_descriptors() was getting called before s_gdb_count was
initialized.  So for file systems w/o the meta_bg feature, allocation
bitmaps could overlap the block group descriptors and ext4 wouldn't
notice.

For file systems with the meta_bg feature enabled, there was a
fencepost error which would cause the ext4_check_descriptors() to
incorrectly believe that the block allocation bitmap overlaps with the
block group descriptor blocks, and it would reject the mount.

Fix both of these problems.

Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Cc: stable@vger.kernel.org

Gbp-Pq: Topic bugfix/all
Gbp-Pq: Name ext4-fix-false-negatives-and-false-positives-in-ext4.patch
---

diff --git a/fs/ext4/super.c b/fs/ext4/super.c
index 17e8b7a98a5..fc310531002 100644
--- a/fs/ext4/super.c
+++ b/fs/ext4/super.c
@@ -2307,7 +2307,7 @@ static int ext4_check_descriptors(struct super_block *sb,
 	struct ext4_sb_info *sbi = EXT4_SB(sb);
 	ext4_fsblk_t first_block = le32_to_cpu(sbi->s_es->s_first_data_block);
 	ext4_fsblk_t last_block;
-	ext4_fsblk_t last_bg_block = sb_block + ext4_bg_num_gdb(sb, 0) + 1;
+	ext4_fsblk_t last_bg_block = sb_block + ext4_bg_num_gdb(sb, 0);
 	ext4_fsblk_t block_bitmap;
 	ext4_fsblk_t inode_bitmap;
 	ext4_fsblk_t inode_table;
@@ -4050,14 +4050,13 @@ static int ext4_fill_super(struct super_block *sb, void *data, int silent)
 			goto failed_mount2;
 		}
 	}
+	sbi->s_gdb_count = db_count;
 	if (!ext4_check_descriptors(sb, logical_sb_block, &first_not_zeroed)) {
 		ext4_msg(sb, KERN_ERR, "group descriptors corrupted!");
 		ret = -EFSCORRUPTED;
 		goto failed_mount2;
 	}
 
-	sbi->s_gdb_count = db_count;
-
 	timer_setup(&sbi->s_err_report, print_daily_error_info, 0);
 
 	/* Register extent status tree shrinker */