RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 643390 - mke2fs -G hangs up if an argument value exceeding INT_MAX is specified for the option
Summary: mke2fs -G hangs up if an argument value exceeding INT_MAX is specified for th...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: e2fsprogs
Version: 6.0
Hardware: All
OS: Linux
high
high
Target Milestone: rc
: ---
Assignee: Eric Sandeen
QA Contact: BaseOS QE - Apps
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2010-10-15 13:32 UTC by Debbie Johnson
Modified: 2018-11-14 16:57 UTC (History)
4 users (show)

Fixed In Version: e2fsprogs-1.41.12-4.el6
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2011-05-19 14:07:10 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)
patch file containing proposed fix (14.75 KB, application/octet-stream)
2010-10-15 13:32 UTC, Debbie Johnson 		no flags Details
View All


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2011:0702 0 normal SHIPPED_LIVE e2fsprogs bug fix and enhancement update 2011-05-18 18:10:09 UTC

Description Debbie Johnson 2010-10-15 13:32:54 UTC 
Created attachment 453730 [details]
patch file containing proposed fix

Description of problem:
mke2fs -G hangs up if an argument value exceeding INT_MAX is specified for the option

Version-Release number of selected component (if applicable):
V6.0

How reproducible:
every time

Steps to Reproduce:

"mke2fs -G" hangs up if an argument value exceeding INT_MAX, e.g. 2147483648,
is specified for the option. We believe that this problem occurs due to the
following source code.

[misc/mke2fs.c]
static void PRS(int argc, char *argv[])
{
<snip>
fs_param.s_log_groups_per_flex = int_log2(flex_bg_size);
}

On the above source code, mke2fs calculates logarithm of an argument value
specified with -G option by calling the following int_log2().

static int int_log2(int arg)
{
int l = 0;

arg >>= 1;
while (arg) {
l++;
arg >>= 1;
}
return l;
}

As you see, int_log2()'s argument type is "int". If an argument value
exceeding INT_MAX, e.g. 2147483648, is specified for -G option, the value
of "arg" surely overflows. We believe mke2fs hangs up due to this bad code.
We know the patch for this problem has already been provided. Please see below.

http://git.kernel.org/?p=fs/ext2/e2fsprogs.git;a=commitdiff;h=02d6f47e9647d3155a38c8676c2da6ea773d9b68 


Additional info:

I backported this to V6.0 and customer tested.  NOTE:  Additional functions and variables needed to be modified that were not included in git.  I have attached the patch that was tested at customer site.

Debbie
SEG
Comment 1 Debbie Johnson 2010-10-15 13:39:00 UTC 
Last update comment as of 2010-10-11 21:27:07:
Dear Mr.Oshiro, Mr.Debbie,

We verified the test package for mke2fs you provided on 00352867.
As the result, this problem didn't occur.  Please see below.

# rpm -q e2fsprogs e2fsprogs-libs
e2fsprogs-1.41.12-3.00352396.el6.x86_64
e2fsprogs-libs-1.41.12-3.00352396.el6.x86_64

# mke2fs -t ext4 -G 2147483648 /dev/sda5
mke2fs 1.41.12 (17-May-2010)
Filesystem label=
OS type: Linux
Block size=1024 (log=0)
Fragment size=1024 (log=0)
Stride=0 blocks, Stripe width=0 blocks
6080512 inodes, 48637952 blocks
2431897 blocks (5.00%) reserved for the super user
First data block=1
Maximum filesystem blocks=115867648
5938 block groups
8192 blocks per group, 8192 fragments per group
1024 inodes per group
Superblock backups stored on blocks:
        8193, 24577, 40961, 57345, 73729, 204801, 221185, 401409, 663553,
        1024001, 1990657, 2809857, 5120001, 5971969, 17915905, 19668993,
        25600001

Writing inode tables: done
Creating journal (32768 blocks): done
Writing superblocks and filesystem accounting information: done

This filesystem will be automatically checked every 33 mounts or
180 days, whichever comes first.  Use tune2fs -c or -i to override.
# echo $?
0

As you see, mke2fs ran correctly.
Thank you!
Comment 2 Ondrej Vasik 2010-10-15 13:45:13 UTC 
mke2fs is not from filesystem package - filesystem is just package with basic directory layout. Reassigning to e2fsprogs (feel free to reassign it to kernel, if you meant this is ext4 issue).
Comment 3 Eric Sandeen 2010-10-15 14:40:39 UTC 
Thanks; I may approach this differently, as specifying that big a number to -G really doesn't even make much sense so handling it may be best accomplished by rejecting it.

       -G number-of-groups
              Specify  the number of block groups that will be packed together 
              to create a larger virtual block group (or "flex_bg group") in an
              ext4 filesystem. 

As you can see:

# mke2fs -t ext4 -G 2147483648 /dev/sda5
mke2fs 1.41.12 (17-May-2010)
...
5938 block groups
...

so you have asked it to pack together 2147483648 groups in a 5938-group filesystem, which is nonsensical when you think about it.

Further, e2fsprogs today still only supports 2^32 block filesystems, so asking for more than 2^32 block -groups- is a request which clearly cannot be honored.

Until we have bona-fide 64-bit support in e2fsprogs it may be simpler to just reject a number that overflows here, so a simpler patch may be in order.

I agree it needs fixing one way or the other though, thanks.

-Eric
Comment 4 Eric Sandeen 2010-10-26 22:05:26 UTC 
I think I'll fix this problem for now by simply making the int_log2() function take an unsigned int arg for now.
Comment 5 Eric Sandeen 2010-10-26 22:28:16 UTC 
And restrict it to INT_MAX+1 as well, so the result does not wrap.
Comment 6 Eric Sandeen 2010-10-29 21:32:39 UTC 
Built and tagged in e2fsprogs-1.41.12-4.el6
Comment 7 Shinji Kito 2010-11-24 01:15:31 UTC 
Here is the test feedback from Fujitsu.
<snip>
We verified the fixed package.
As the result, the package is OK!
Please see below.

Check the package version.
 # rpm -q e2fsprogs
 e2fsprogs-1.41.12-4.el6.x86_64

Run the mke2fs command with -G option.
 # mke2fs -t ext4 -G 2147483648 /dev/sda5 ; echo $?
 mke2fs 1.41.12 (17-May-2010)
 Filesystem label=
 OS type: Linux
 Block size=4096 (log=2)
 Fragment size=4096 (log=2)
 Stride=0 blocks, Stripe width=0 blocks
 3041472 inodes, 12159488 blocks
 607974 blocks (5.00%) reserved for the super user
 First data block=0
 Maximum filesystem blocks=4294967296
 372 block groups
 32768 blocks per group, 32768 fragments per group
 8176 inodes per group
 Superblock backups stored on blocks:
         32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208,
         4096000, 7962624, 11239424

 Writing inode tables: done
 Creating journal (32768 blocks): done
 Writing superblocks and filesystem accounting information: done

 This filesystem will be automatically checked every 31 mounts or
 180 days, whichever comes first.  Use tune2fs -c or -i to override.
 0 <- OK!

As you see, the mke2fs command doesn't hang up at all.
</snip>
Comment 9 Branislav Náter 2011-03-04 13:03:59 UTC 
Bugfix was successfully verified on e2fsprogs-1.41.12-7.el6.{i386,x86_64,ppc64,s390x}

mke2fs with -G argument greater then INT_MAX does not hang up now.

# mke2fs -t ext4 -G 2147483648 /dev/loop7
mke2fs 1.41.12 (17-May-2010)
Filesystem label=
OS type: Linux
Block size=1024 (log=0)
Fragment size=1024 (log=0)
Stride=0 blocks, Stripe width=0 blocks
7680 inodes, 30720 blocks
1536 blocks (5.00%) reserved for the super user
First data block=1
Maximum filesystem blocks=31457280
4 block groups
8192 blocks per group, 8192 fragments per group
1920 inodes per group
Superblock backups stored on blocks: 
        8193, 24577

Writing inode tables: done                            
Creating journal (1024 blocks): done
Writing superblocks and filesystem accounting information: done

This filesystem will be automatically checked every 23 mounts or
180 days, whichever comes first.  Use tune2fs -c or -i to override.
Comment 10 errata-xmlrpc 2011-05-19 14:07:10 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2011-0702.html
Note You need to log in before you can comment on or make changes to this bug.