mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git
synced 2025-01-16 21:35:07 +00:00
A few fixes for jfs
-----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEIodevzQLVs53l6BhNqiEXrVAjGQFAmboijUACgkQNqiEXrVA jGRgChAArKwng92U1d8WOcv1Jv/Vr9vXXu5bFqnOxTrjqlRT4Jh8k2wRInsISU/0 mJ8ICbQU9XYkoY8zvqO6ZJmqqOSMYipcivQJEug6/RAEKWYRK8pt39O7QfEcdgKr RSjU+guBaAsnW1WFmKKSMQaDCsCkQp+UwryR/PQTQz54ADRtEJxLMQvU+u2Izj6E 3mfOsvrAZEJ3L5CRqZolcSlo3Ft20trd/shzzySx0lysBmJTU6qgxihzwASxlUNi 2y7jAX9wkHfKRwuj0uQROxtSBbpgNpi5qLs20DZA9WYPL9BqW9KupdRY1WAsIq9X 2vGDNr1ZtVWUu0fg227cDoNAxaMD1v9+lH9IdVixNUdMiG7VlEu7HFa12v8FKhaG 4ddomAtKJ508sVxAnWwOCruUMg+HevrpBo5s0CH01cjftfQ7yAWv0sfzTHyl39xD OEpNO4gcRkt+XdyXPdQ8ZuuD+zT8bxIW8iBqwPgu7nQgEB2+pVSrRUKfsms0swtf /16h/3rB4TAlIadTMg0nvwpr2Fd5+WHt+BRhpb2tbTWmjHykRXL5TB8I1hgRP6/e msAjDlvpw74Ev6W4LwuzQxCztaaXRVOvPNFqWHk+0pmjOUlrtacQhhthN7jM1wax 0AWnP9FN5zXoZCy+LUqVpOgj3+/0LHWIFmY3zYoHh1Au1d01nZI= =yxeO -----END PGP SIGNATURE----- Merge tag 'jfs-6.12' of github.com:kleikamp/linux-shaggy Pull jfs updates from David Kleikamp: "A few fixes for jfs" * tag 'jfs-6.12' of github.com:kleikamp/linux-shaggy: jfs: Fix uninit-value access of new_ea in ea_buffer jfs: check if leafidx greater than num leaves per dmap tree jfs: Fix uaf in dbFreeBits jfs: fix out-of-bounds in dbNextAG() and diAlloc() jfs: UBSAN: shift-out-of-bounds in dbFindBits
This commit is contained in:
commit
cc3804443b
@ -65,7 +65,7 @@ void jfs_issue_discard(struct inode *ip, u64 blkno, u64 nblocks)
|
||||
int jfs_ioc_trim(struct inode *ip, struct fstrim_range *range)
|
||||
{
|
||||
struct inode *ipbmap = JFS_SBI(ip->i_sb)->ipbmap;
|
||||
struct bmap *bmp = JFS_SBI(ip->i_sb)->bmap;
|
||||
struct bmap *bmp;
|
||||
struct super_block *sb = ipbmap->i_sb;
|
||||
int agno, agno_end;
|
||||
u64 start, end, minlen;
|
||||
@ -83,10 +83,15 @@ int jfs_ioc_trim(struct inode *ip, struct fstrim_range *range)
|
||||
if (minlen == 0)
|
||||
minlen = 1;
|
||||
|
||||
down_read(&sb->s_umount);
|
||||
bmp = JFS_SBI(ip->i_sb)->bmap;
|
||||
|
||||
if (minlen > bmp->db_agsize ||
|
||||
start >= bmp->db_mapsize ||
|
||||
range->len < sb->s_blocksize)
|
||||
range->len < sb->s_blocksize) {
|
||||
up_read(&sb->s_umount);
|
||||
return -EINVAL;
|
||||
}
|
||||
|
||||
if (end >= bmp->db_mapsize)
|
||||
end = bmp->db_mapsize - 1;
|
||||
@ -100,6 +105,8 @@ int jfs_ioc_trim(struct inode *ip, struct fstrim_range *range)
|
||||
trimmed += dbDiscardAG(ip, agno, minlen);
|
||||
agno++;
|
||||
}
|
||||
|
||||
up_read(&sb->s_umount);
|
||||
range->len = trimmed << sb->s_blocksize_bits;
|
||||
|
||||
return 0;
|
||||
|
@ -187,7 +187,7 @@ int dbMount(struct inode *ipbmap)
|
||||
}
|
||||
|
||||
bmp->db_numag = le32_to_cpu(dbmp_le->dn_numag);
|
||||
if (!bmp->db_numag) {
|
||||
if (!bmp->db_numag || bmp->db_numag >= MAXAG) {
|
||||
err = -EINVAL;
|
||||
goto err_release_metapage;
|
||||
}
|
||||
@ -652,7 +652,7 @@ int dbNextAG(struct inode *ipbmap)
|
||||
* average free space.
|
||||
*/
|
||||
for (i = 0 ; i < bmp->db_numag; i++, agpref++) {
|
||||
if (agpref == bmp->db_numag)
|
||||
if (agpref >= bmp->db_numag)
|
||||
agpref = 0;
|
||||
|
||||
if (atomic_read(&bmp->db_active[agpref]))
|
||||
@ -2944,9 +2944,10 @@ static void dbAdjTree(dmtree_t *tp, int leafno, int newval, bool is_ctl)
|
||||
static int dbFindLeaf(dmtree_t *tp, int l2nb, int *leafidx, bool is_ctl)
|
||||
{
|
||||
int ti, n = 0, k, x = 0;
|
||||
int max_size;
|
||||
int max_size, max_idx;
|
||||
|
||||
max_size = is_ctl ? CTLTREESIZE : TREESIZE;
|
||||
max_idx = is_ctl ? LPERCTL : LPERDMAP;
|
||||
|
||||
/* first check the root of the tree to see if there is
|
||||
* sufficient free space.
|
||||
@ -2978,6 +2979,8 @@ static int dbFindLeaf(dmtree_t *tp, int l2nb, int *leafidx, bool is_ctl)
|
||||
*/
|
||||
assert(n < 4);
|
||||
}
|
||||
if (le32_to_cpu(tp->dmt_leafidx) >= max_idx)
|
||||
return -ENOSPC;
|
||||
|
||||
/* set the return to the leftmost leaf describing sufficient
|
||||
* free space.
|
||||
@ -3022,7 +3025,7 @@ static int dbFindBits(u32 word, int l2nb)
|
||||
|
||||
/* scan the word for nb free bits at nb alignments.
|
||||
*/
|
||||
for (bitno = 0; mask != 0; bitno += nb, mask >>= nb) {
|
||||
for (bitno = 0; mask != 0; bitno += nb, mask = (mask >> nb)) {
|
||||
if ((mask & word) == mask)
|
||||
break;
|
||||
}
|
||||
|
@ -1360,7 +1360,7 @@ int diAlloc(struct inode *pip, bool dir, struct inode *ip)
|
||||
/* get the ag number of this iag */
|
||||
agno = BLKTOAG(JFS_IP(pip)->agstart, JFS_SBI(pip->i_sb));
|
||||
dn_numag = JFS_SBI(pip->i_sb)->bmap->db_numag;
|
||||
if (agno < 0 || agno > dn_numag)
|
||||
if (agno < 0 || agno > dn_numag || agno >= MAXAG)
|
||||
return -EIO;
|
||||
|
||||
if (atomic_read(&JFS_SBI(pip->i_sb)->bmap->db_active[agno])) {
|
||||
|
@ -434,6 +434,8 @@ static int ea_get(struct inode *inode, struct ea_buffer *ea_buf, int min_size)
|
||||
int rc;
|
||||
int quota_allocation = 0;
|
||||
|
||||
memset(&ea_buf->new_ea, 0, sizeof(ea_buf->new_ea));
|
||||
|
||||
/* When fsck.jfs clears a bad ea, it doesn't clear the size */
|
||||
if (ji->ea.flag == 0)
|
||||
ea_size = 0;
|
||||
|
Loading…
x
Reference in New Issue
Block a user