summaryrefslogtreecommitdiffstats
path: root/fs/ext4/resize.c
diff options
context:
space:
mode:
authorTheodore Ts'o <tytso@mit.edu>2013-03-12 04:39:59 +0100
committerTheodore Ts'o <tytso@mit.edu>2013-03-12 04:39:59 +0100
commit90ba983f6889e65a3b506b30dc606aa9d1d46cd2 (patch)
tree964ad0ccf415e73a7760b5bfe65506f5d825e1cf /fs/ext4/resize.c
parentjbd2: fix use after free in jbd2_journal_dirty_metadata() (diff)
downloadlinux-90ba983f6889e65a3b506b30dc606aa9d1d46cd2.tar.xz
linux-90ba983f6889e65a3b506b30dc606aa9d1d46cd2.zip
ext4: use atomic64_t for the per-flexbg free_clusters count
A user who was using a 8TB+ file system and with a very large flexbg size (> 65536) could cause the atomic_t used in the struct flex_groups to overflow. This was detected by PaX security patchset: http://forums.grsecurity.net/viewtopic.php?f=3&t=3289&p=12551#p12551 This bug was introduced in commit 9f24e4208f7e, so it's been around since 2.6.30. :-( Fix this by using an atomic64_t for struct orlav_stats's free_clusters. Signed-off-by: "Theodore Ts'o" <tytso@mit.edu> Reviewed-by: Lukas Czerner <lczerner@redhat.com> Cc: stable@vger.kernel.org
Diffstat (limited to 'fs/ext4/resize.c')
-rw-r--r--fs/ext4/resize.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/fs/ext4/resize.c b/fs/ext4/resize.c
index b2c8ee56eb98..c169477a62c9 100644
--- a/fs/ext4/resize.c
+++ b/fs/ext4/resize.c
@@ -1360,8 +1360,8 @@ static void ext4_update_super(struct super_block *sb,
sbi->s_log_groups_per_flex) {
ext4_group_t flex_group;
flex_group = ext4_flex_group(sbi, group_data[0].group);
- atomic_add(EXT4_NUM_B2C(sbi, free_blocks),
- &sbi->s_flex_groups[flex_group].free_clusters);
+ atomic64_add(EXT4_NUM_B2C(sbi, free_blocks),
+ &sbi->s_flex_groups[flex_group].free_clusters);
atomic_add(EXT4_INODES_PER_GROUP(sb) * flex_gd->count,
&sbi->s_flex_groups[flex_group].free_inodes);
}