Commit 44c9bb16 authored Mar 28, 2024 by Baokun Li Committed by Yifan Qiao Mar 28, 2024

ext4: remove unnecessary check from alloc_flex_gd()

stable inclusion
from stable-v5.10.210
commit e7b9fa6c298fbe6d329ffdf0c98b91938e046946
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/I9BV4P
CVE: CVE-2023-52622

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=e7b9fa6c298fbe6d329ffdf0c98b91938e046946



--------------------------------

[ Upstream commit b099eb87de105cf07cad731ded6fb40b2675108b ]

In commit 967ac8af ("ext4: fix potential integer overflow in
alloc_flex_gd()"), an overflow check is added to alloc_flex_gd() to
prevent the allocated memory from being smaller than expected due to
the overflow. However, after kmalloc() is replaced with kmalloc_array()
in commit 6da2ec56 ("treewide: kmalloc() -> kmalloc_array()"), the
kmalloc_array() function has an overflow check, so the above problem
will not occur. Therefore, the extra check is removed.

Signed-off-by: Baokun Li <libaokun1@huawei.com>
Reviewed-by: Jan Kara <jack@suse.cz>
Link: https://lore.kernel.org/r/20231023013057.2117948-3-libaokun1@huawei.com


Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Lin Yujun <linyujun809@huawei.com>
Signed-off-by: Yifan Qiao <qiaoyifan4@huawei.com>

parent e9ed7f86

fs/ext4/resize.c

+0 −3

Original line number	Diff line number	Diff line
		@@ -245,10 +245,7 @@ static struct ext4_new_flex_group_data *alloc_flex_gd(unsigned long flexbg_size)
		if (flex_gd == NULL)
		goto out3;

		if (flexbg_size >= UINT_MAX / sizeof(struct ext4_new_group_data))
		goto out2;
		flex_gd->count = flexbg_size;

		flex_gd->groups = kmalloc_array(flexbg_size,
		sizeof(struct ext4_new_group_data),
		GFP_NOFS);