From: Manas Ghandat <ghandatmanas@gmail.com>
To: shaggy@kernel.org
Cc: syzbot+0558d19c373e44da3c18@syzkaller.appspotmail.com,
Linux-kernel-mentees@lists.linuxfoundation.org,
jfs-discussion@lists.sourceforge.net,
Manas Ghandat <ghandatmanas@gmail.com>,
linux-kernel@vger.kernel.org
Subject: [PATCH] jfs : fs array-index-out-of-bounds in txCommit
Date: Tue, 19 Sep 2023 21:25:42 +0530 [thread overview]
Message-ID: <20230919155542.4354-1-ghandatmanas@gmail.com> (raw)
Currently there is no check for out of bound access for xad in the
struct xtpage_t. Added the required check at various places for the same
Signed-off-by: Manas Ghandat <ghandatmanas@gmail.com>
Reported-by: syzbot+0558d19c373e44da3c18@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=0558d19c373e44da3c18
Fixes: df0cc57e057f
---
fs/jfs/jfs_txnmgr.c | 4 ++++
fs/jfs/jfs_xtree.c | 6 ++++++
2 files changed, 10 insertions(+)
diff --git a/fs/jfs/jfs_txnmgr.c b/fs/jfs/jfs_txnmgr.c
index ce4b4760fcb1..6c6640942bed 100644
--- a/fs/jfs/jfs_txnmgr.c
+++ b/fs/jfs/jfs_txnmgr.c
@@ -1722,6 +1722,10 @@ static void xtLog(struct jfs_log * log, struct tblock * tblk, struct lrd * lrd,
jfs_err("xtLog: lwm > next");
goto out;
}
+ if (lwm >= XTROOTMAXSLOT) {
+ jfs_err("xtLog: lwm out of range");
+ goto out;
+ }
tlck->flag |= tlckUPDATEMAP;
xadlock->flag = mlckALLOCXADLIST;
xadlock->count = next - lwm;
diff --git a/fs/jfs/jfs_xtree.c b/fs/jfs/jfs_xtree.c
index 2d304cee884c..57569c52663e 100644
--- a/fs/jfs/jfs_xtree.c
+++ b/fs/jfs/jfs_xtree.c
@@ -357,6 +357,9 @@ static int xtSearch(struct inode *ip, s64 xoff, s64 *nextp,
for (base = XTENTRYSTART; lim; lim >>= 1) {
index = base + (lim >> 1);
+ if (index >= XTROOTMAXSLOT)
+ goto out;
+
XT_CMP(cmp, xoff, &p->xad[index], t64);
if (cmp == 0) {
/*
@@ -618,6 +621,9 @@ int xtInsert(tid_t tid, /* transaction id */
memmove(&p->xad[index + 1], &p->xad[index],
(nextindex - index) * sizeof(xad_t));
+ if (index >= XTROOTMAXSLOT)
+ goto out;
+
/* insert the new entry: mark the entry NEW */
xad = &p->xad[index];
XT_PUTENTRY(xad, xflag, xoff, xlen, xaddr);
--
2.37.2
_______________________________________________
Linux-kernel-mentees mailing list
Linux-kernel-mentees@lists.linuxfoundation.org
https://lists.linuxfoundation.org/mailman/listinfo/linux-kernel-mentees
next reply other threads:[~2023-09-19 15:56 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-09-19 15:55 Manas Ghandat [this message]
2023-10-02 4:36 ` [PATCH] jfs : fs array-index-out-of-bounds in txCommit Manas Ghandat
2023-10-03 19:16 ` Dave Kleikamp
2023-10-05 5:15 ` Manas Ghandat
2023-10-05 14:20 ` Dave Kleikamp
2023-10-13 9:49 ` Manas Ghandat
2023-10-13 15:39 ` Dave Kleikamp
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230919155542.4354-1-ghandatmanas@gmail.com \
--to=ghandatmanas@gmail.com \
--cc=Linux-kernel-mentees@lists.linuxfoundation.org \
--cc=jfs-discussion@lists.sourceforge.net \
--cc=linux-kernel@vger.kernel.org \
--cc=shaggy@kernel.org \
--cc=syzbot+0558d19c373e44da3c18@syzkaller.appspotmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).