From: Matt Jan <zoo868e@gmail.com>
To: Dave Kleikamp <shaggy@kernel.org>,
jfs-discussion@lists.sourceforge.net,
linux-kernel@vger.kernel.org,
Shuah Khan <skhan@linuxfoundation.org>
Cc: Matt Jan <zoo868e@gmail.com>,
syzbot+9e90a1c5eedb9dc4c6cc@syzkaller.appspotmail.com
Subject: [PATCH v3] jfs: UBSAN: shift-out-of-bounds in dbFindBits
Date: Sat, 26 Oct 2024 01:00:10 +0800 [thread overview]
Message-ID: <20241025170010.19654-1-zoo868e@gmail.com> (raw)
In-Reply-To: <671b3f75.050a0220.2eb763.00d7.GAE@google.com>
Return immediately if the needed free bits span a full word to avoid
out-of-bounds shifting.
#syz test
Reported-by: syzbot+9e90a1c5eedb9dc4c6cc@syzkaller.appspotmail.com
Signed-off-by: Matt Jan <zoo868e@gmail.com>
---
Changes in v3: Return the result earlier instead of assert it
Changes in v2: Test if the patch resolve the issue through syzbot and
reference the reporter.
fs/jfs/jfs_dmap.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/fs/jfs/jfs_dmap.c b/fs/jfs/jfs_dmap.c
index 974ecf5e0d95..45b7a393b769 100644
--- a/fs/jfs/jfs_dmap.c
+++ b/fs/jfs/jfs_dmap.c
@@ -3012,6 +3012,11 @@ static int dbFindBits(u32 word, int l2nb)
int bitno, nb;
u32 mask;
+ /* return immediately if the number of free bits is a word
+ */
+ if (l2nb == BUDMIN)
+ return (!!word) << BUDMIN;
+
/* get the number of bits.
*/
nb = 1 << l2nb;
--
2.25.1
next prev parent reply other threads:[~2024-10-25 17:00 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-10-25 6:49 [syzbot] [jfs?] UBSAN: shift-out-of-bounds in dbFindBits (2) syzbot
2024-10-25 15:24 ` [PATCH v2] jfs: UBSAN: shift-out-of-bounds in dbFindBits Matt Jan
2024-10-25 15:39 ` [syzbot] [jfs?] UBSAN: shift-out-of-bounds in dbFindBits (2) syzbot
2024-10-25 16:30 ` [syzbot] [PATCH v3] jfs: UBSAN: shift-out-of-bounds in dbFindBits syzbot
2024-10-25 17:00 ` Matt Jan [this message]
2024-10-25 17:20 ` [syzbot] [jfs?] UBSAN: shift-out-of-bounds in dbFindBits (2) syzbot
2024-10-30 15:15 ` [PATCH v3] jfs: UBSAN: shift-out-of-bounds in dbFindBits Dave Kleikamp
2024-11-01 9:59 ` [PATCH v4] " Matt Jan
2024-11-01 10:20 ` [syzbot] [jfs?] UBSAN: shift-out-of-bounds in dbFindBits (2) syzbot
2024-12-02 20:53 ` [PATCH v4] jfs: UBSAN: shift-out-of-bounds in dbFindBits Dave Kleikamp
2025-09-28 1:00 ` Forwarded: Re: [syzbot] [jfs?] UBSAN: shift-out-of-bounds in dbFindBits (2) syzbot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20241025170010.19654-1-zoo868e@gmail.com \
--to=zoo868e@gmail.com \
--cc=jfs-discussion@lists.sourceforge.net \
--cc=linux-kernel@vger.kernel.org \
--cc=shaggy@kernel.org \
--cc=skhan@linuxfoundation.org \
--cc=syzbot+9e90a1c5eedb9dc4c6cc@syzkaller.appspotmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.