ext4: add more mount time checks of the superblock

The kernel's ext4 mount-time checks were more permissive than e2fsprogs's libext2fs checks when opening a file system. The superblock is considered too insane for debugfs or e2fsck to operate on it, the kernel has no business trying to mount it. This will make file system fuzzing tools work harder, but the failure cases that they find will be more useful and be easier to evaluate. Signed-off-by: Theodore Ts'o <tytso@mit.edu> Cc: stable@kernel.org
author: Theodore Ts'o <tytso@mit.edu> 2018-06-17 18:11:20 -0400
committer: Theodore Ts'o <tytso@mit.edu> 2018-06-17 18:11:20 -0400
commit: bfe0a5f47ada40d7984de67e59a7d3390b9b9ecc (patch)
tree: bb20c9d7def61a74f3d0e1686358849ac9110309
parent: c37e9e013469521d9adb932d17a1795c139b36db (diff)
1 files changed, 26 insertions, 11 deletions
diff --git a/fs/ext4/super.c b/fs/ext4/super.c
index 1f955c128e0d..b37b00befd65 100644
--- a/fs/ext4/super.c
+++ b/fs/ext4/super.c
@@ -3793,6 +3793,13 @@ static int ext4_fill_super(struct super_block *sb, void *data, int silent)
                         le32_to_cpu(es->s_log_block_size));
                goto failed_mount;
        }
+        if (le32_to_cpu(es->s_log_cluster_size) >
+            (EXT4_MAX_CLUSTER_LOG_SIZE - EXT4_MIN_BLOCK_LOG_SIZE)) {
+                ext4_msg(sb, KERN_ERR,
+                         "Invalid log cluster size: %u",
+                         le32_to_cpu(es->s_log_cluster_size));
+                goto failed_mount;
+        }
        if (le16_to_cpu(sbi->s_es->s_reserved_gdt_blocks) > (blocksize / 4)) {
                ext4_msg(sb, KERN_ERR,
@@ -3939,13 +3946,6 @@ static int ext4_fill_super(struct super_block *sb, void *data, int silent)
                                 "block size (%d)", clustersize, blocksize);
                        goto failed_mount;
                }
-                if (le32_to_cpu(es->s_log_cluster_size) >
-                    (EXT4_MAX_CLUSTER_LOG_SIZE - EXT4_MIN_BLOCK_LOG_SIZE)) {
-                        ext4_msg(sb, KERN_ERR,
-                                 "Invalid log cluster size: %u",
-                                 le32_to_cpu(es->s_log_cluster_size));
-                        goto failed_mount;
-                }
                sbi->s_cluster_bits = le32_to_cpu(es->s_log_cluster_size) -
                        le32_to_cpu(es->s_log_block_size);
                sbi->s_clusters_per_group =
@@ -3966,10 +3966,10 @@ static int ext4_fill_super(struct super_block *sb, void *data, int silent)
                }
        } else {
                if (clustersize != blocksize) {
-                        ext4_warning(sb, "fragment/cluster size (%d) != "
+                        ext4_msg(sb, KERN_ERR,
-                                     "block size (%d)", clustersize,
+                                 "fragment/cluster size (%d) != "
-                                     blocksize);
+                                 "block size (%d)", clustersize, blocksize);
-                        clustersize = blocksize;
+                        goto failed_mount;
                }
                if (sbi->s_blocks_per_group > blocksize * 8) {
                        ext4_msg(sb, KERN_ERR,
@@ -4023,6 +4023,13 @@ static int ext4_fill_super(struct super_block *sb, void *data, int silent)
                         ext4_blocks_count(es));
                goto failed_mount;
        }
+        if ((es->s_first_data_block == 0) && (es->s_log_block_size == 0) &&
+            (sbi->s_cluster_ratio == 1)) {
+                ext4_msg(sb, KERN_WARNING, "bad geometry: first data "
+                         "block is 0 with a 1k block and cluster size");
+                goto failed_mount;
+        }
        blocks_count = (ext4_blocks_count(es) -
                        le32_to_cpu(es->s_first_data_block) +
                        EXT4_BLOCKS_PER_GROUP(sb) - 1);
@@ -4058,6 +4065,14 @@ static int ext4_fill_super(struct super_block *sb, void *data, int silent)
                ret = -ENOMEM;
                goto failed_mount;
        }
+        if (((u64)sbi->s_groups_count * sbi->s_inodes_per_group) !=
+            le32_to_cpu(es->s_inodes_count)) {
+                ext4_msg(sb, KERN_ERR, "inodes count not valid: %u vs %llu",
+                         le32_to_cpu(es->s_inodes_count),
+                         ((u64)sbi->s_groups_count * sbi->s_inodes_per_group));
+                ret = -EINVAL;
+                goto failed_mount;
+        }
        bgl_lock_init(sbi->s_blockgroup_lock);
author	Theodore Ts'o <tytso@mit.edu>	2018-06-17 18:11:20 -0400
committer	Theodore Ts'o <tytso@mit.edu>	2018-06-17 18:11:20 -0400
commit	bfe0a5f47ada40d7984de67e59a7d3390b9b9ecc (patch)
tree	bb20c9d7def61a74f3d0e1686358849ac9110309
parent	c37e9e013469521d9adb932d17a1795c139b36db (diff)