Bug 643390 - mke2fs -G hangs up if an argument value exceeding INT_MAX is specified for the option
Summary: mke2fs -G hangs up if an argument value exceeding INT_MAX is specified for th...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: e2fsprogs
Version: 6.0
Hardware: All
OS: Linux
high
high
Target Milestone: rc
: ---
Assignee: Eric Sandeen
QA Contact: BaseOS QE - Apps
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2010-10-15 13:32 UTC by Debbie Johnson
Modified: 2018-11-14 16:57 UTC (History)
4 users (show)

Fixed In Version: e2fsprogs-1.41.12-4.el6
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2011-05-19 14:07:10 UTC
Target Upstream Version:


Attachments (Terms of Use)
patch file containing proposed fix (14.75 KB, application/octet-stream)
2010-10-15 13:32 UTC, Debbie Johnson
no flags Details


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2011:0702 normal SHIPPED_LIVE e2fsprogs bug fix and enhancement update 2011-05-18 18:10:09 UTC

Description Debbie Johnson 2010-10-15 13:32:54 UTC
Created attachment 453730 [details]
patch file containing proposed fix

Description of problem:
mke2fs -G hangs up if an argument value exceeding INT_MAX is specified for the option

Version-Release number of selected component (if applicable):
V6.0

How reproducible:
every time

Steps to Reproduce:

"mke2fs -G" hangs up if an argument value exceeding INT_MAX, e.g. 2147483648,
is specified for the option. We believe that this problem occurs due to the
following source code.

[misc/mke2fs.c]
static void PRS(int argc, char *argv[])
{
<snip>
fs_param.s_log_groups_per_flex = int_log2(flex_bg_size);
}

On the above source code, mke2fs calculates logarithm of an argument value
specified with -G option by calling the following int_log2().

static int int_log2(int arg)
{
int l = 0;

arg >>= 1;
while (arg) {
l++;
arg >>= 1;
}
return l;
}

As you see, int_log2()'s argument type is "int". If an argument value
exceeding INT_MAX, e.g. 2147483648, is specified for -G option, the value
of "arg" surely overflows. We believe mke2fs hangs up due to this bad code.
We know the patch for this problem has already been provided. Please see below.

http://git.kernel.org/?p=fs/ext2/e2fsprogs.git;a=commitdiff;h=02d6f47e9647d3155a38c8676c2da6ea773d9b68 


Additional info:

I backported this to V6.0 and customer tested.  NOTE:  Additional functions and variables needed to be modified that were not included in git.  I have attached the patch that was tested at customer site.

Debbie
SEG

Comment 1 Debbie Johnson 2010-10-15 13:39:00 UTC
Last update comment as of 2010-10-11 21:27:07:
Dear Mr.Oshiro, Mr.Debbie,

We verified the test package for mke2fs you provided on 00352867.
As the result, this problem didn't occur.  Please see below.

# rpm -q e2fsprogs e2fsprogs-libs
e2fsprogs-1.41.12-3.00352396.el6.x86_64
e2fsprogs-libs-1.41.12-3.00352396.el6.x86_64

# mke2fs -t ext4 -G 2147483648 /dev/sda5
mke2fs 1.41.12 (17-May-2010)
Filesystem label=
OS type: Linux
Block size=1024 (log=0)
Fragment size=1024 (log=0)
Stride=0 blocks, Stripe width=0 blocks
6080512 inodes, 48637952 blocks
2431897 blocks (5.00%) reserved for the super user
First data block=1
Maximum filesystem blocks=115867648
5938 block groups
8192 blocks per group, 8192 fragments per group
1024 inodes per group
Superblock backups stored on blocks:
        8193, 24577, 40961, 57345, 73729, 204801, 221185, 401409, 663553,
        1024001, 1990657, 2809857, 5120001, 5971969, 17915905, 19668993,
        25600001

Writing inode tables: done
Creating journal (32768 blocks): done
Writing superblocks and filesystem accounting information: done

This filesystem will be automatically checked every 33 mounts or
180 days, whichever comes first.  Use tune2fs -c or -i to override.
# echo $?
0

As you see, mke2fs ran correctly.
Thank you!

Comment 2 Ondrej Vasik 2010-10-15 13:45:13 UTC
mke2fs is not from filesystem package - filesystem is just package with basic directory layout. Reassigning to e2fsprogs (feel free to reassign it to kernel, if you meant this is ext4 issue).

Comment 3 Eric Sandeen 2010-10-15 14:40:39 UTC
Thanks; I may approach this differently, as specifying that big a number to -G really doesn't even make much sense so handling it may be best accomplished by rejecting it.

       -G number-of-groups
              Specify  the number of block groups that will be packed together 
              to create a larger virtual block group (or "flex_bg group") in an
              ext4 filesystem. 

As you can see:

# mke2fs -t ext4 -G 2147483648 /dev/sda5
mke2fs 1.41.12 (17-May-2010)
...
5938 block groups
...

so you have asked it to pack together 2147483648 groups in a 5938-group filesystem, which is nonsensical when you think about it.

Further, e2fsprogs today still only supports 2^32 block filesystems, so asking for more than 2^32 block -groups- is a request which clearly cannot be honored.

Until we have bona-fide 64-bit support in e2fsprogs it may be simpler to just reject a number that overflows here, so a simpler patch may be in order.

I agree it needs fixing one way or the other though, thanks.

-Eric

Comment 4 Eric Sandeen 2010-10-26 22:05:26 UTC
I think I'll fix this problem for now by simply making the int_log2() function take an unsigned int arg for now.

Comment 5 Eric Sandeen 2010-10-26 22:28:16 UTC
And restrict it to INT_MAX+1 as well, so the result does not wrap.

Comment 6 Eric Sandeen 2010-10-29 21:32:39 UTC
Built and tagged in e2fsprogs-1.41.12-4.el6

Comment 7 Shinji Kito 2010-11-24 01:15:31 UTC
Here is the test feedback from Fujitsu.
<snip>
We verified the fixed package.
As the result, the package is OK!
Please see below.

Check the package version.
 # rpm -q e2fsprogs
 e2fsprogs-1.41.12-4.el6.x86_64

Run the mke2fs command with -G option.
 # mke2fs -t ext4 -G 2147483648 /dev/sda5 ; echo $?
 mke2fs 1.41.12 (17-May-2010)
 Filesystem label=
 OS type: Linux
 Block size=4096 (log=2)
 Fragment size=4096 (log=2)
 Stride=0 blocks, Stripe width=0 blocks
 3041472 inodes, 12159488 blocks
 607974 blocks (5.00%) reserved for the super user
 First data block=0
 Maximum filesystem blocks=4294967296
 372 block groups
 32768 blocks per group, 32768 fragments per group
 8176 inodes per group
 Superblock backups stored on blocks:
         32768, 98304, 163840, 229376, 294912, 819200, 884736, 1605632, 2654208,
         4096000, 7962624, 11239424

 Writing inode tables: done
 Creating journal (32768 blocks): done
 Writing superblocks and filesystem accounting information: done

 This filesystem will be automatically checked every 31 mounts or
 180 days, whichever comes first.  Use tune2fs -c or -i to override.
 0 <- OK!

As you see, the mke2fs command doesn't hang up at all.
</snip>

Comment 9 Branislav Náter 2011-03-04 13:03:59 UTC
Bugfix was successfully verified on e2fsprogs-1.41.12-7.el6.{i386,x86_64,ppc64,s390x}

mke2fs with -G argument greater then INT_MAX does not hang up now.

# mke2fs -t ext4 -G 2147483648 /dev/loop7
mke2fs 1.41.12 (17-May-2010)
Filesystem label=
OS type: Linux
Block size=1024 (log=0)
Fragment size=1024 (log=0)
Stride=0 blocks, Stripe width=0 blocks
7680 inodes, 30720 blocks
1536 blocks (5.00%) reserved for the super user
First data block=1
Maximum filesystem blocks=31457280
4 block groups
8192 blocks per group, 8192 fragments per group
1920 inodes per group
Superblock backups stored on blocks: 
        8193, 24577

Writing inode tables: done                            
Creating journal (1024 blocks): done
Writing superblocks and filesystem accounting information: done

This filesystem will be automatically checked every 23 mounts or
180 days, whichever comes first.  Use tune2fs -c or -i to override.

Comment 10 errata-xmlrpc 2011-05-19 14:07:10 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2011-0702.html


Note You need to log in before you can comment on or make changes to this bug.