Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 7467ca10 authored by Manas Ghandat's avatar Manas Ghandat Committed by Greg Kroah-Hartman
Browse files

jfs: fix array-index-out-of-bounds in diAlloc 



[ Upstream commit 05d9ea1ceb62a55af6727a69269a4fd310edf483 ]

Currently there is not check against the agno of the iag while
allocating new inodes to avoid fragmentation problem. Added the check
which is required.

Reported-by: default avatar <syzbot+79d792676d8ac050949f@syzkaller.appspotmail.com>
Closes: https://syzkaller.appspot.com/bug?extid=79d792676d8ac050949f


Signed-off-by: default avatarManas Ghandat <ghandatmanas@gmail.com>
Signed-off-by: default avatarDave Kleikamp <dave.kleikamp@oracle.com>
Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
parent ecfb47f1

fs/jfs/jfs_imap.c

+4 −1
Original line number Diff line number Diff line
@@ -1322,7 +1322,7 @@ diInitInode(struct inode *ip, int iagno, int ino, int extno, struct iag * iagp) 
int diAlloc(struct inode *pip, bool dir, struct inode *ip)

{

	int rc, ino, iagno, addext, extno, bitno, sword;

	int nwords, rem, i, agno;

	int nwords, rem, i, agno, dn_numag;

	u32 mask, inosmap, extsmap;

	struct inode *ipimap;

	struct metapage *mp;
@@ -1358,6 +1358,9 @@ int diAlloc(struct inode *pip, bool dir, struct inode *ip) 


	/* get the ag number of this iag */

	agno = BLKTOAG(JFS_IP(pip)->agstart, JFS_SBI(pip->i_sb));

	dn_numag = JFS_SBI(pip->i_sb)->bmap->db_numag;

	if (agno < 0 || agno > dn_numag)

		return -EIO;



	if (atomic_read(&JFS_SBI(pip->i_sb)->bmap->db_active[agno])) {

		/*