Bug 2238197 - integer overflow in _fs_reduce newsize_bytes_lv calculation
Summary: integer overflow in _fs_reduce newsize_bytes_lv calculation
Keywords:
Status: CLOSED NEXTRELEASE
Alias: None
Product: LVM and device-mapper
Classification: Community
Component: lvm2
Version: unspecified
Hardware: x86_64
OS: Linux
unspecified
medium
Target Milestone: ---
: ---
Assignee: LVM Team
QA Contact: cluster-qe
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2023-09-10 03:17 UTC by xiaoliniess
Modified: 2023-09-11 17:22 UTC (History)
8 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2023-09-11 17:22:17 UTC
Embargoed:
pm-rhel: lvm-technical-solution?
pm-rhel: lvm-test-coverage?

Attachments (Terms of Use)

Description xiaoliniess 2023-09-10 03:17:01 UTC 
Description of problem:
when run lv reduce on large lv, lvreduce incorrectly reported size not enough when there is enough size for fs

# lvresize -L-1G /dev/vg_coldbackup/lv_coldbackup_encrypted 
  Checking crypt device /dev/dm-6 on LV vg_coldbackup/lv_coldbackup_encrypted.
  File system size 485314527232b is adjusted for crypt data offset 16777216b.
  File system ext4+crypto_LUKS found on vg_coldbackup/lv_coldbackup_encrypted mounted at /run/media/iess/coldbackup.
  File system size (2.25 TiB) is larger than the requested size (451.98 GiB).
  File system reduce is required (see resize2fs or --resizefs.)

Version-Release number of selected component (if applicable):
lvm2 v2_03_17
commit 264827cb98458f7100456eeebf7fdde8dcbc0ad4

How reproducible:
always

Steps to Reproduce:
1. create a large enough lv, make sure lp->extents * lv->vg->extent_size overflow uint32
2. create an ext4 file system on lv, and reduce its size a little (leaving room to shrink lv)
3. run lvreduce to shrink the lv near the underlying file system size

Actual results:
lvreduce report requested size not match requested size, and less than the file system size, refuse to reduce

Expected results:
lv successfully reduced to requested size

Additional info:
in _fs_reduce() function
newsize_bytes_lv = lp->extents * lv->vg->extent_size * SECTOR_SIZE;
the extents and extent_size are all uint32, when lv large enough, the first multiple will overflow and produce incorrect result
Comment 1 David Teigland 2023-09-11 17:22:17 UTC 
Thanks for the report.
fixed in https://gitlab.com/lvmteam/lvm2/-/commit/fa496513010976aac21584b5081529b76462f9a9
Note You need to log in before you can comment on or make changes to this bug.