Unverified Commit 554a17c2 authored Nov 04, 2024 by openeuler-ci-bot Committed by Gitee Nov 04, 2024

!12944 fix CVE-2024-47723

Merge Pull Request from: @ci-robot 
 
PR sync from: Jinjiang Tu <tujinjiang@huawei.com>
https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/KD6EYJYWZHFX6QRBBAQHM3MN3KR7GW2H/ 
Dave Kleikamp (1):
  jfs: Fix sanity check in dbMount

Jeongjun Park (1):
  jfs: fix out-of-bounds in dbNextAG() and diAlloc()


-- 
2.34.1
 
https://gitee.com/src-openeuler/kernel/issues/IAYQS5 
 
Link:https://gitee.com/openeuler/kernel/pulls/12944

 

Reviewed-by: Yang Yingliang <yangyingliang@huawei.com>
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>

parents 413663a4 a89e80f8

fs/jfs/jfs_dmap.c

+2 −2

Original line number	Diff line number	Diff line
		@@ -187,7 +187,7 @@ int dbMount(struct inode *ipbmap)
		}

		bmp->db_numag = le32_to_cpu(dbmp_le->dn_numag);
		if (!bmp->db_numag) {
		if (!bmp->db_numag \|\| bmp->db_numag > MAXAG) {
		err = -EINVAL;
		goto err_release_metapage;
		}
		@@ -652,7 +652,7 @@ int dbNextAG(struct inode *ipbmap)
		* average free space.
		*/
		for (i = 0 ; i < bmp->db_numag; i++, agpref++) {
		if (agpref == bmp->db_numag)
		if (agpref >= bmp->db_numag)
		agpref = 0;

		if (atomic_read(&bmp->db_active[agpref]))

fs/jfs/jfs_imap.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -1362,7 +1362,7 @@ int diAlloc(struct inode pip, bool dir, struct inode ip)
		/* get the ag number of this iag */
		agno = BLKTOAG(JFS_IP(pip)->agstart, JFS_SBI(pip->i_sb));
		dn_numag = JFS_SBI(pip->i_sb)->bmap->db_numag;
		if (agno < 0 \|\| agno > dn_numag)
		if (agno < 0 \|\| agno > dn_numag \|\| agno >= MAXAG)
		return -EIO;

		if (atomic_read(&JFS_SBI(pip->i_sb)->bmap->db_active[agno])) {