ext2: fix block range in ext2_data_block_valid()

For block validity we should check the block range
from start_block to start_block + count - 1, so fix
the range in ext2_data_block_valid() and also modify
the count argument properly in calling place.

Signed-off-by: Chengguang Xu <cgxu519@zoho.com.cn>
Link: https://lore.kernel.org/r/20190723112155.20329-1-cgxu519@zoho.com.cn
Signed-off-by: Jan Kara <jack@suse.cz>

diff --git a/fs/ext2/balloc.c b/fs/ext2/balloc.c
index 547c165299c0c5a209cd6f5f45d2e31e5e3f364e..92e9a74891746ef578fba06566c83c72d1bc24f1 100644 (file)
--- a/fs/ext2/balloc.c
+++ b/fs/ext2/balloc.c
@@ -1203,13 +1203,13 @@ int ext2_data_block_valid(struct ext2_sb_info *sbi, ext2_fsblk_t start_blk,
                          unsigned int count)
 {
        if ((start_blk <= le32_to_cpu(sbi->s_es->s_first_data_block)) ||
-           (start_blk + count < start_blk) ||
-           (start_blk > le32_to_cpu(sbi->s_es->s_blocks_count)))
+           (start_blk + count - 1 < start_blk) ||
+           (start_blk + count - 1 >= le32_to_cpu(sbi->s_es->s_blocks_count)))
                return 0;
 
        /* Ensure we do not step over superblock */
        if ((start_blk <= sbi->s_sb_block) &&
-           (start_blk + count >= sbi->s_sb_block))
+           (start_blk + count - 1 >= sbi->s_sb_block))
                return 0;
 
        return 1;

diff --git a/fs/ext2/xattr.c b/fs/ext2/xattr.c
index 79369c13cc55780d06ef382940e4b2c029212a38..0456bc990b5ee92c775af7d533aa327ff585b961 100644 (file)
--- a/fs/ext2/xattr.c
+++ b/fs/ext2/xattr.c
@@ -794,7 +794,7 @@ ext2_xattr_delete_inode(struct inode *inode)
        if (!EXT2_I(inode)->i_file_acl)
                goto cleanup;
 
-       if (!ext2_data_block_valid(sbi, EXT2_I(inode)->i_file_acl, 0)) {
+       if (!ext2_data_block_valid(sbi, EXT2_I(inode)->i_file_acl, 1)) {
                ext2_error(inode->i_sb, "ext2_xattr_delete_inode",
                        "inode %ld: xattr block %d is out of data blocks range",
                        inode->i_ino, EXT2_I(inode)->i_file_acl);