* [PATCH] jfs: validate max amount of blocks before allocation.
@ 2023-07-22 14:24 Aleksei Filippov
2023-07-22 15:16 ` Greg KH
0 siblings, 1 reply; 10+ messages in thread
From: Aleksei Filippov @ 2023-07-22 14:24 UTC (permalink / raw)
To: shaggy, gregkh
Cc: jfs-discussion, linux-kernel, Alexei Filippov,
syzbot+5f088f29593e6b4c8db8
From: Alexei Filippov <halip0503@gmail.com>
The lack of checking bmp->db_max_freebud in extBalloc() can lead to
shift out of bounds, so this patch prevents undefined behavior,
because bmp->db_max_freebud == -1 only if there
is no free space.
Signed-off-by: Aleksei Filippov <halip0503@gmail.com>
Reported-and-tested-by: syzbot+5f088f29593e6b4c8db8@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?id=01abadbd6ae6a08b1f1987aa61554c6b3ac19ff2
---
fs/jfs/jfs_extent.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/fs/jfs/jfs_extent.c b/fs/jfs/jfs_extent.c
index ae99a7e232ee..a82751e6c47f 100644
--- a/fs/jfs/jfs_extent.c
+++ b/fs/jfs/jfs_extent.c
@@ -311,6 +311,11 @@ extBalloc(struct inode *ip, s64 hint, s64 * nblocks, s64 * blkno)
* blocks in the map. in that case, we'll start off with the
* maximum free.
*/
+
+ /* give up if no space left */
+ if (bmp->db_maxfreebud == -1)
+ return -ENOSPC;
+
max = (s64) 1 << bmp->db_maxfreebud;
if (*nblocks >= max && *nblocks > nbperpage)
nb = nblks = (max > nbperpage) ? max : nbperpage;
--
2.25.1
^ permalink raw reply related [flat|nested] 10+ messages in thread
* Re: [PATCH] jfs: validate max amount of blocks before allocation.
2023-07-22 14:24 [PATCH] jfs: validate max amount of blocks before allocation Aleksei Filippov
@ 2023-07-22 15:16 ` Greg KH
2023-07-23 12:02 ` Aleksei Filippov
0 siblings, 1 reply; 10+ messages in thread
From: Greg KH @ 2023-07-22 15:16 UTC (permalink / raw)
To: Aleksei Filippov
Cc: shaggy, jfs-discussion, linux-kernel, syzbot+5f088f29593e6b4c8db8
On Sat, Jul 22, 2023 at 05:24:01PM +0300, Aleksei Filippov wrote:
> From: Alexei Filippov <halip0503@gmail.com>
>
> The lack of checking bmp->db_max_freebud in extBalloc() can lead to
> shift out of bounds, so this patch prevents undefined behavior,
> because bmp->db_max_freebud == -1 only if there
> is no free space.
Please wrap at 72 columns properly.
>
> Signed-off-by: Aleksei Filippov <halip0503@gmail.com>
> Reported-and-tested-by: syzbot+5f088f29593e6b4c8db8@syzkaller.appspotmail.com
> Closes: https://syzkaller.appspot.com/bug?id=01abadbd6ae6a08b1f1987aa61554c6b3ac19ff2
> ---
> fs/jfs/jfs_extent.c | 5 +++++
> 1 file changed, 5 insertions(+)
What commit id does this fix?
Is it needed for stable kernels? If so, please tag it as such.
thanks,
greg k-h
^ permalink raw reply [flat|nested] 10+ messages in thread
* [PATCH] jfs: validate max amount of blocks before allocation.
2023-07-22 15:16 ` Greg KH
@ 2023-07-23 12:02 ` Aleksei Filippov
2023-07-23 12:06 ` Greg KH
0 siblings, 1 reply; 10+ messages in thread
From: Aleksei Filippov @ 2023-07-23 12:02 UTC (permalink / raw)
To: gregkh
Cc: halip0503, jfs-discussion, linux-kernel, shaggy,
syzbot+5f088f29593e6b4c8db8
From: Alexei Filippov <halip0503@gmail.com>
The lack of checking bmp->db_max_freebud in extBalloc() can lead to
shift out of bounds, so this patch prevents undefined behavior, because
bmp->db_max_freebud == -1 only if there is no free space.
Signed-off-by: Aleksei Filippov <halip0503@gmail.com>
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Reported-and-tested-by: syzbot+5f088f29593e6b4c8db8@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?id=01abadbd6ae6a08b1f1987aa61554c6b3ac19ff2
---
fs/jfs/jfs_extent.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/fs/jfs/jfs_extent.c b/fs/jfs/jfs_extent.c
index ae99a7e232ee..a82751e6c47f 100644
--- a/fs/jfs/jfs_extent.c
+++ b/fs/jfs/jfs_extent.c
@@ -311,6 +311,11 @@ extBalloc(struct inode *ip, s64 hint, s64 * nblocks, s64 * blkno)
* blocks in the map. in that case, we'll start off with the
* maximum free.
*/
+
+ /* give up if no space left */
+ if (bmp->db_maxfreebud == -1)
+ return -ENOSPC;
+
max = (s64) 1 << bmp->db_maxfreebud;
if (*nblocks >= max && *nblocks > nbperpage)
nb = nblks = (max > nbperpage) ? max : nbperpage;
--
2.25.1
^ permalink raw reply related [flat|nested] 10+ messages in thread
* Re: [PATCH] jfs: validate max amount of blocks before allocation.
2023-07-23 12:02 ` Aleksei Filippov
@ 2023-07-23 12:06 ` Greg KH
2023-07-23 13:29 ` [PATCH v3] " Aleksei Filippov
0 siblings, 1 reply; 10+ messages in thread
From: Greg KH @ 2023-07-23 12:06 UTC (permalink / raw)
To: Aleksei Filippov
Cc: jfs-discussion, linux-kernel, shaggy, syzbot+5f088f29593e6b4c8db8
On Sun, Jul 23, 2023 at 03:02:09PM +0300, Aleksei Filippov wrote:
> From: Alexei Filippov <halip0503@gmail.com>
>
> The lack of checking bmp->db_max_freebud in extBalloc() can lead to
> shift out of bounds, so this patch prevents undefined behavior, because
> bmp->db_max_freebud == -1 only if there is no free space.
>
> Signed-off-by: Aleksei Filippov <halip0503@gmail.com>
> Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
> Reported-and-tested-by: syzbot+5f088f29593e6b4c8db8@syzkaller.appspotmail.com
> Closes: https://syzkaller.appspot.com/bug?id=01abadbd6ae6a08b1f1987aa61554c6b3ac19ff2
> ---
> fs/jfs/jfs_extent.c | 5 +++++
> 1 file changed, 5 insertions(+)
>
> diff --git a/fs/jfs/jfs_extent.c b/fs/jfs/jfs_extent.c
> index ae99a7e232ee..a82751e6c47f 100644
> --- a/fs/jfs/jfs_extent.c
> +++ b/fs/jfs/jfs_extent.c
> @@ -311,6 +311,11 @@ extBalloc(struct inode *ip, s64 hint, s64 * nblocks, s64 * blkno)
> * blocks in the map. in that case, we'll start off with the
> * maximum free.
> */
> +
> + /* give up if no space left */
> + if (bmp->db_maxfreebud == -1)
> + return -ENOSPC;
> +
> max = (s64) 1 << bmp->db_maxfreebud;
> if (*nblocks >= max && *nblocks > nbperpage)
> nb = nblks = (max > nbperpage) ? max : nbperpage;
> --
> 2.25.1
>
Hi,
This is the friendly patch-bot of Greg Kroah-Hartman. You have sent him
a patch that has triggered this response. He used to manually respond
to these common problems, but in order to save his sanity (he kept
writing the same thing over and over, yet to different people), I was
created. Hopefully you will not take offence and will fix the problem
in your patch and resubmit it so that it can be accepted into the Linux
kernel tree.
You are receiving this message because of the following common error(s)
as indicated below:
- This looks like a new version of a previously submitted patch, but you
did not list below the --- line any changes from the previous version.
Please read the section entitled "The canonical patch format" in the
kernel file, Documentation/process/submitting-patches.rst for what
needs to be done here to properly describe this.
If you wish to discuss this problem further, or you have questions about
how to resolve this issue, please feel free to respond to this email and
Greg will reply once he has dug out from the pending patches received
from other developers.
thanks,
greg k-h's patch email bot
^ permalink raw reply [flat|nested] 10+ messages in thread
* [PATCH v3] jfs: validate max amount of blocks before allocation.
2023-07-23 12:06 ` Greg KH
@ 2023-07-23 13:29 ` Aleksei Filippov
2023-07-23 13:40 ` Greg KH
0 siblings, 1 reply; 10+ messages in thread
From: Aleksei Filippov @ 2023-07-23 13:29 UTC (permalink / raw)
To: gregkh
Cc: halip0503, jfs-discussion, linux-kernel, shaggy,
syzbot+5f088f29593e6b4c8db8
From: Alexei Filippov <halip0503@gmail.com>
The lack of checking bmp->db_max_freebud in extBalloc() can lead to
shift out of bounds, so this patch prevents undefined behavior, because
bmp->db_max_freebud == -1 only if there is no free space.
Signed-off-by: Aleksei Filippov <halip0503@gmail.com>
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Reported-and-tested-by: syzbot+5f088f29593e6b4c8db8@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?id=01abadbd6ae6a08b1f1987aa61554c6b3ac19ff2
---
fs/jfs/jfs_extent.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/fs/jfs/jfs_extent.c b/fs/jfs/jfs_extent.c
index ae99a7e232ee..a82751e6c47f 100644
--- a/fs/jfs/jfs_extent.c
+++ b/fs/jfs/jfs_extent.c
@@ -311,6 +311,11 @@ extBalloc(struct inode *ip, s64 hint, s64 * nblocks, s64 * blkno)
* blocks in the map. in that case, we'll start off with the
* maximum free.
*/
+
+ /* give up if no space left */
+ if (bmp->db_maxfreebud == -1)
+ return -ENOSPC;
+
max = (s64) 1 << bmp->db_maxfreebud;
if (*nblocks >= max && *nblocks > nbperpage)
nb = nblks = (max > nbperpage) ? max : nbperpage;
--
2.25.1
Fix commit message.
^ permalink raw reply related [flat|nested] 10+ messages in thread
* Re: [PATCH v3] jfs: validate max amount of blocks before allocation.
2023-07-23 13:29 ` [PATCH v3] " Aleksei Filippov
@ 2023-07-23 13:40 ` Greg KH
2023-07-23 13:58 ` [PATCH v4] " Aleksei Filippov
0 siblings, 1 reply; 10+ messages in thread
From: Greg KH @ 2023-07-23 13:40 UTC (permalink / raw)
To: Aleksei Filippov
Cc: jfs-discussion, linux-kernel, shaggy, syzbot+5f088f29593e6b4c8db8
On Sun, Jul 23, 2023 at 04:29:59PM +0300, Aleksei Filippov wrote:
> From: Alexei Filippov <halip0503@gmail.com>
>
> The lack of checking bmp->db_max_freebud in extBalloc() can lead to
> shift out of bounds, so this patch prevents undefined behavior, because
> bmp->db_max_freebud == -1 only if there is no free space.
>
> Signed-off-by: Aleksei Filippov <halip0503@gmail.com>
> Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
> Reported-and-tested-by: syzbot+5f088f29593e6b4c8db8@syzkaller.appspotmail.com
> Closes: https://syzkaller.appspot.com/bug?id=01abadbd6ae6a08b1f1987aa61554c6b3ac19ff2
> ---
> fs/jfs/jfs_extent.c | 5 +++++
> 1 file changed, 5 insertions(+)
>
> diff --git a/fs/jfs/jfs_extent.c b/fs/jfs/jfs_extent.c
> index ae99a7e232ee..a82751e6c47f 100644
> --- a/fs/jfs/jfs_extent.c
> +++ b/fs/jfs/jfs_extent.c
> @@ -311,6 +311,11 @@ extBalloc(struct inode *ip, s64 hint, s64 * nblocks, s64 * blkno)
> * blocks in the map. in that case, we'll start off with the
> * maximum free.
> */
> +
> + /* give up if no space left */
> + if (bmp->db_maxfreebud == -1)
> + return -ENOSPC;
> +
> max = (s64) 1 << bmp->db_maxfreebud;
> if (*nblocks >= max && *nblocks > nbperpage)
> nb = nblks = (max > nbperpage) ? max : nbperpage;
> --
> 2.25.1
>
> Fix commit message.
The --- information for the version goes below the first --- line, not
the last. Look at the examples on the mailing lists for the proper
format.
thanks,
greg k-h
^ permalink raw reply [flat|nested] 10+ messages in thread
* [PATCH v4] jfs: validate max amount of blocks before allocation.
2023-07-23 13:40 ` Greg KH
@ 2023-07-23 13:58 ` Aleksei Filippov
2023-07-23 14:11 ` Greg KH
0 siblings, 1 reply; 10+ messages in thread
From: Aleksei Filippov @ 2023-07-23 13:58 UTC (permalink / raw)
To: gregkh
Cc: halip0503, jfs-discussion, linux-kernel, shaggy,
syzbot+5f088f29593e6b4c8db8
From: Alexei Filippov <halip0503@gmail.com>
The lack of checking bmp->db_max_freebud in extBalloc() can lead to
shift out of bounds, so this patch prevents undefined behavior, because
bmp->db_max_freebud == -1 only if there is no free space.
Signed-off-by: Aleksei Filippov <halip0503@gmail.com>
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Reported-and-tested-by: syzbot+5f088f29593e6b4c8db8@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?id=01abadbd6ae6a08b1f1987aa61554c6b3ac19ff2
---
Changes:
Fix commit message.
fs/jfs/jfs_extent.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/fs/jfs/jfs_extent.c b/fs/jfs/jfs_extent.c
index ae99a7e232ee..a82751e6c47f 100644
--- a/fs/jfs/jfs_extent.c
+++ b/fs/jfs/jfs_extent.c
@@ -311,6 +311,11 @@ extBalloc(struct inode *ip, s64 hint, s64 * nblocks, s64 * blkno)
* blocks in the map. in that case, we'll start off with the
* maximum free.
*/
+
+ /* give up if no space left */
+ if (bmp->db_maxfreebud == -1)
+ return -ENOSPC;
+
max = (s64) 1 << bmp->db_maxfreebud;
if (*nblocks >= max && *nblocks > nbperpage)
nb = nblks = (max > nbperpage) ? max : nbperpage;
--
2.25.1
^ permalink raw reply related [flat|nested] 10+ messages in thread
* Re: [PATCH v4] jfs: validate max amount of blocks before allocation.
2023-07-23 13:58 ` [PATCH v4] " Aleksei Filippov
@ 2023-07-23 14:11 ` Greg KH
2023-08-19 17:32 ` [PATCH v5] " Aleksei Filippov
0 siblings, 1 reply; 10+ messages in thread
From: Greg KH @ 2023-07-23 14:11 UTC (permalink / raw)
To: Aleksei Filippov
Cc: jfs-discussion, linux-kernel, shaggy, syzbot+5f088f29593e6b4c8db8
On Sun, Jul 23, 2023 at 04:58:22PM +0300, Aleksei Filippov wrote:
> From: Alexei Filippov <halip0503@gmail.com>
>
> The lack of checking bmp->db_max_freebud in extBalloc() can lead to
> shift out of bounds, so this patch prevents undefined behavior, because
> bmp->db_max_freebud == -1 only if there is no free space.
>
> Signed-off-by: Aleksei Filippov <halip0503@gmail.com>
> Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
> Reported-and-tested-by: syzbot+5f088f29593e6b4c8db8@syzkaller.appspotmail.com
> Closes: https://syzkaller.appspot.com/bug?id=01abadbd6ae6a08b1f1987aa61554c6b3ac19ff2
> ---
> Changes:
> Fix commit message.
> fs/jfs/jfs_extent.c | 5 +++++
> 1 file changed, 5 insertions(+)
{sigh}
Please, take some time, read the documentation for how to do this
correctly. Wait a day, and then submit it again, properly.
Also, do you have a jfs system? Isn't this filesystem obsolete?
thanks,
greg k-h
^ permalink raw reply [flat|nested] 10+ messages in thread
* [PATCH v5] jfs: validate max amount of blocks before allocation.
2023-07-23 14:11 ` Greg KH
@ 2023-08-19 17:32 ` Aleksei Filippov
2023-08-29 17:28 ` Dave Kleikamp
0 siblings, 1 reply; 10+ messages in thread
From: Aleksei Filippov @ 2023-08-19 17:32 UTC (permalink / raw)
To: gregkh
Cc: halip0503, jfs-discussion, linux-kernel, shaggy,
syzbot+5f088f29593e6b4c8db8
From: Alexei Filippov <halip0503@gmail.com>
The lack of checking bmp->db_max_freebud in extBalloc() can lead to
shift out of bounds, so this patch prevents undefined behavior, because
bmp->db_max_freebud == -1 only if there is no free space.
Signed-off-by: Aleksei Filippov <halip0503@gmail.com>
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Reported-and-tested-by: syzbot+5f088f29593e6b4c8db8@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?id=01abadbd6ae6a08b1f1987aa61554c6b3ac19ff2
---
Changes since v1:
-Commit message fix. Add Fixes line.
Changes since v2-v4:
-Commit message fixes.
fs/jfs/jfs_extent.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/fs/jfs/jfs_extent.c b/fs/jfs/jfs_extent.c
index ae99a7e232ee..a82751e6c47f 100644
--- a/fs/jfs/jfs_extent.c
+++ b/fs/jfs/jfs_extent.c
@@ -311,6 +311,11 @@ extBalloc(struct inode *ip, s64 hint, s64 * nblocks, s64 * blkno)
* blocks in the map. in that case, we'll start off with the
* maximum free.
*/
+
+ /* give up if no space left */
+ if (bmp->db_maxfreebud == -1)
+ return -ENOSPC;
+
max = (s64) 1 << bmp->db_maxfreebud;
if (*nblocks >= max && *nblocks > nbperpage)
nb = nblks = (max > nbperpage) ? max : nbperpage;
--
2.25.1
^ permalink raw reply related [flat|nested] 10+ messages in thread
* Re: [PATCH v5] jfs: validate max amount of blocks before allocation.
2023-08-19 17:32 ` [PATCH v5] " Aleksei Filippov
@ 2023-08-29 17:28 ` Dave Kleikamp
0 siblings, 0 replies; 10+ messages in thread
From: Dave Kleikamp @ 2023-08-29 17:28 UTC (permalink / raw)
To: Aleksei Filippov, gregkh
Cc: jfs-discussion, linux-kernel, syzbot+5f088f29593e6b4c8db8
On 8/19/23 12:32PM, Aleksei Filippov wrote:
> From: Alexei Filippov <halip0503@gmail.com>
>
> The lack of checking bmp->db_max_freebud in extBalloc() can lead to
> shift out of bounds, so this patch prevents undefined behavior, because
> bmp->db_max_freebud == -1 only if there is no free space.
Thanks. Applied.
>
> Signed-off-by: Aleksei Filippov <halip0503@gmail.com>
> Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
> Reported-and-tested-by: syzbot+5f088f29593e6b4c8db8@syzkaller.appspotmail.com
> Closes: https://syzkaller.appspot.com/bug?id=01abadbd6ae6a08b1f1987aa61554c6b3ac19ff2
> ---
>
> Changes since v1:
> -Commit message fix. Add Fixes line.
> Changes since v2-v4:
> -Commit message fixes.
> fs/jfs/jfs_extent.c | 5 +++++
> 1 file changed, 5 insertions(+)
>
> diff --git a/fs/jfs/jfs_extent.c b/fs/jfs/jfs_extent.c
> index ae99a7e232ee..a82751e6c47f 100644
> --- a/fs/jfs/jfs_extent.c
> +++ b/fs/jfs/jfs_extent.c
> @@ -311,6 +311,11 @@ extBalloc(struct inode *ip, s64 hint, s64 * nblocks, s64 * blkno)
> * blocks in the map. in that case, we'll start off with the
> * maximum free.
> */
> +
> + /* give up if no space left */
> + if (bmp->db_maxfreebud == -1)
> + return -ENOSPC;
> +
> max = (s64) 1 << bmp->db_maxfreebud;
> if (*nblocks >= max && *nblocks > nbperpage)
> nb = nblks = (max > nbperpage) ? max : nbperpage;
^ permalink raw reply [flat|nested] 10+ messages in thread
end of thread, other threads:[~2023-08-29 17:30 UTC | newest]
Thread overview: 10+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-07-22 14:24 [PATCH] jfs: validate max amount of blocks before allocation Aleksei Filippov
2023-07-22 15:16 ` Greg KH
2023-07-23 12:02 ` Aleksei Filippov
2023-07-23 12:06 ` Greg KH
2023-07-23 13:29 ` [PATCH v3] " Aleksei Filippov
2023-07-23 13:40 ` Greg KH
2023-07-23 13:58 ` [PATCH v4] " Aleksei Filippov
2023-07-23 14:11 ` Greg KH
2023-08-19 17:32 ` [PATCH v5] " Aleksei Filippov
2023-08-29 17:28 ` Dave Kleikamp
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox