From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 16E3BC001B0 for ; Sun, 23 Jul 2023 12:06:38 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229792AbjGWMGh (ORCPT ); Sun, 23 Jul 2023 08:06:37 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40680 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229640AbjGWMGf (ORCPT ); Sun, 23 Jul 2023 08:06:35 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 789B81BF for ; Sun, 23 Jul 2023 05:06:34 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 0D35C60CEB for ; Sun, 23 Jul 2023 12:06:34 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 0D7DBC433C7; Sun, 23 Jul 2023 12:06:32 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1690113993; bh=lCA7wyn7EJy5EJxSIML6nBv4d37+7+FxeiGSeIwj+JU=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=O5TsTrihRy4Hqcqkwhs0jdj5vodaDq5XpA+yJobPmqyDIwvJ9Bz3CIshuo/2IwydS my68wzYF+XWCIcY5vy0876bqDA6YxgbB4cam9PEQ7GwBDctgcLvsRuzLyXJrhtvg4z c2SODRfZ3znAgrWmjO4zMQ+A9Y0ZPSfgybGBoXr8= Date: Sun, 23 Jul 2023 14:06:30 +0200 From: Greg KH To: Aleksei Filippov Cc: jfs-discussion@lists.sourceforge.net, linux-kernel@vger.kernel.org, shaggy@kernel.org, syzbot+5f088f29593e6b4c8db8@syzkaller.appspotmail.com Subject: Re: [PATCH] jfs: validate max amount of blocks before allocation. Message-ID: <2023072318-semantic-payee-0162@gregkh> References: <2023072251-spokesman-zebra-908d@gregkh> <20230723120209.7963-1-halip0503@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20230723120209.7963-1-halip0503@gmail.com> Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sun, Jul 23, 2023 at 03:02:09PM +0300, Aleksei Filippov wrote: > From: Alexei Filippov > > The lack of checking bmp->db_max_freebud in extBalloc() can lead to > shift out of bounds, so this patch prevents undefined behavior, because > bmp->db_max_freebud == -1 only if there is no free space. > > Signed-off-by: Aleksei Filippov > Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") > Reported-and-tested-by: syzbot+5f088f29593e6b4c8db8@syzkaller.appspotmail.com > Closes: https://syzkaller.appspot.com/bug?id=01abadbd6ae6a08b1f1987aa61554c6b3ac19ff2 > --- > fs/jfs/jfs_extent.c | 5 +++++ > 1 file changed, 5 insertions(+) > > diff --git a/fs/jfs/jfs_extent.c b/fs/jfs/jfs_extent.c > index ae99a7e232ee..a82751e6c47f 100644 > --- a/fs/jfs/jfs_extent.c > +++ b/fs/jfs/jfs_extent.c > @@ -311,6 +311,11 @@ extBalloc(struct inode *ip, s64 hint, s64 * nblocks, s64 * blkno) > * blocks in the map. in that case, we'll start off with the > * maximum free. > */ > + > + /* give up if no space left */ > + if (bmp->db_maxfreebud == -1) > + return -ENOSPC; > + > max = (s64) 1 << bmp->db_maxfreebud; > if (*nblocks >= max && *nblocks > nbperpage) > nb = nblks = (max > nbperpage) ? max : nbperpage; > -- > 2.25.1 > Hi, This is the friendly patch-bot of Greg Kroah-Hartman. You have sent him a patch that has triggered this response. He used to manually respond to these common problems, but in order to save his sanity (he kept writing the same thing over and over, yet to different people), I was created. Hopefully you will not take offence and will fix the problem in your patch and resubmit it so that it can be accepted into the Linux kernel tree. You are receiving this message because of the following common error(s) as indicated below: - This looks like a new version of a previously submitted patch, but you did not list below the --- line any changes from the previous version. Please read the section entitled "The canonical patch format" in the kernel file, Documentation/process/submitting-patches.rst for what needs to be done here to properly describe this. If you wish to discuss this problem further, or you have questions about how to resolve this issue, please feel free to respond to this email and Greg will reply once he has dug out from the pending patches received from other developers. thanks, greg k-h's patch email bot