!5581 CVE-2023-52622

						   in the flex group */

	__u16 *bg_flags;			/* block group flags of groups

						   in @groups */

	ext4_group_t resize_bg;			/* number of allocated

						   new_group_data */

	ext4_group_t count;			/* number of groups in @groups

						 */

};

/*

 * Avoiding memory allocation failures due to too many groups added each time.

 */

#define MAX_RESIZE_BG				16384

/*

 * alloc_flex_gd() allocates a ext4_new_flex_group_data with size of

 * @flexbg_size.

 *

 * Returns NULL on failure otherwise address of the allocated structure.

 */

static struct ext4_new_flex_group_data *alloc_flex_gd(unsigned long flexbg_size)

static struct ext4_new_flex_group_data *alloc_flex_gd(unsigned int flexbg_size)

{

	struct ext4_new_flex_group_data *flex_gd;

	if (flex_gd == NULL)

		goto out3;

	if (flexbg_size >= UINT_MAX / sizeof(struct ext4_new_group_data))

		goto out2;

	flex_gd->count = flexbg_size;

	if (unlikely(flexbg_size > MAX_RESIZE_BG))

		flex_gd->resize_bg = MAX_RESIZE_BG;

	else

		flex_gd->resize_bg = flexbg_size;

	flex_gd->groups = kmalloc_array(flexbg_size,

	flex_gd->groups = kmalloc_array(flex_gd->resize_bg,

					sizeof(struct ext4_new_group_data),

					GFP_NOFS);

	if (flex_gd->groups == NULL)

		goto out2;

	flex_gd->bg_flags = kmalloc_array(flexbg_size, sizeof(__u16),

	flex_gd->bg_flags = kmalloc_array(flex_gd->resize_bg, sizeof(__u16),

					  GFP_NOFS);

	if (flex_gd->bg_flags == NULL)

		goto out1;

 */

static int ext4_alloc_group_tables(struct super_block *sb,

				struct ext4_new_flex_group_data *flex_gd,

				int flexbg_size)

				unsigned int flexbg_size)

{

	struct ext4_new_group_data *group_data = flex_gd->groups;

	ext4_fsblk_t start_blk;

		group = group_data[0].group;

		printk(KERN_DEBUG "EXT4-fs: adding a flex group with "

		       "%d groups, flexbg size is %d:\n", flex_gd->count,

		       "%u groups, flexbg size is %u:\n", flex_gd->count,

		       flexbg_size);

		for (i = 0; i < flex_gd->count; i++) {

			ext4_debug(

			       "adding %s group %u: %u blocks (%d free, %d mdata blocks)\n",

			       "adding %s group %u: %u blocks (%u free, %u mdata blocks)\n",

			       ext4_bg_has_super(sb, group + i) ? "normal" :

			       "no-super", group + i,

			       group_data[i].blocks_count,

static int ext4_setup_next_flex_gd(struct super_block *sb,

				    struct ext4_new_flex_group_data *flex_gd,

				    ext4_fsblk_t n_blocks_count,

				    unsigned long flexbg_size)

				    ext4_fsblk_t n_blocks_count)

{

	struct ext4_sb_info *sbi = EXT4_SB(sb);

	struct ext4_super_block *es = sbi->s_es;

	BUG_ON(last);

	ext4_get_group_no_and_offset(sb, n_blocks_count - 1, &n_group, &last);

	last_group = group | (flexbg_size - 1);

	last_group = group | (flex_gd->resize_bg - 1);

	if (last_group > n_group)

		last_group = n_group;

	ext4_fsblk_t o_blocks_count;

	ext4_fsblk_t n_blocks_count_retry = 0;

	unsigned long last_update_time = 0;

	int err = 0, flexbg_size = 1 << sbi->s_log_groups_per_flex;

	int err = 0;

	int meta_bg;

	unsigned int flexbg_size = ext4_flex_bg_size(sbi);

	/* See if the device is actually as big as what was requested */

	bh = ext4_sb_bread(sb, n_blocks_count - 1, 0);

	/* Add flex groups. Note that a regular group is a

	 * flex group with 1 group.

	 */

	while (ext4_setup_next_flex_gd(sb, flex_gd, n_blocks_count,

					      flexbg_size)) {

	while (ext4_setup_next_flex_gd(sb, flex_gd, n_blocks_count)) {

		if (jiffies - last_update_time > HZ * 10) {

			if (last_update_time)

				ext4_msg(sb, KERN_INFO,