Unverified Commit 26bfb7d9 authored by openeuler-ci-bot's avatar openeuler-ci-bot Committed by Gitee
Browse files

!8796 CVE-2023-52810 

Merge Pull Request from: @ci-robot 
 
PR sync from: Li Nan <linan122@huawei.com>
https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/QQ7JENTUKGNTCMISQSKH2TJVHQ5LMHUT/ 
Juntong Deng (1):
  fs/jfs: Add check for negative db_l2nbperpage

Siddh Raman Pant (1):
  jfs: jfs_dmap: Validate db_l2nbperpage while mounting


-- 
2.39.2
 
https://gitee.com/src-openeuler/kernel/issues/I9RFEZ 
 
Link:https://gitee.com/openeuler/kernel/pulls/8796

 

Reviewed-by: default avatarLiu YongQiang <liuyongqiang13@huawei.com>
Signed-off-by: default avatarZhang Changzhong <zhangchangzhong@huawei.com>
parents 9c467013 d61ec906

fs/jfs/jfs_dmap.c

+7 −0
Original line number Diff line number Diff line
@@ -191,7 +191,14 @@ int dbMount(struct inode *ipbmap) 
	dbmp_le = (struct dbmap_disk *) mp->data;

	bmp->db_mapsize = le64_to_cpu(dbmp_le->dn_mapsize);

	bmp->db_nfree = le64_to_cpu(dbmp_le->dn_nfree);



	bmp->db_l2nbperpage = le32_to_cpu(dbmp_le->dn_l2nbperpage);

	if (bmp->db_l2nbperpage > L2PSIZE - L2MINBLOCKSIZE ||

		bmp->db_l2nbperpage < 0) {

		err = -EINVAL;

		goto err_release_metapage;

	}



	bmp->db_numag = le32_to_cpu(dbmp_le->dn_numag);

	if (!bmp->db_numag) {

		err = -EINVAL;

fs/jfs/jfs_filsys.h

+2 −0
Original line number Diff line number Diff line
@@ -135,7 +135,9 @@ 
#define NUM_INODE_PER_IAG	INOSPERIAG



#define MINBLOCKSIZE		512

#define L2MINBLOCKSIZE		9

#define MAXBLOCKSIZE		4096

#define L2MAXBLOCKSIZE		12

#define	MAXFILESIZE		((s64)1 << 52)



#define JFS_LINK_MAX		0xffffffff