Unverified Commit 8efc19ad authored by openeuler-ci-bot's avatar openeuler-ci-bot Committed by Gitee
Browse files

!5433 [sync] PR-5232: jfs: fix cve issue 

Merge Pull Request from: @openeuler-sync-bot 
 

Origin pull request: 
https://gitee.com/openeuler/kernel/pulls/5232 
 
PR sync from: Long Li <leo.lilong@huawei.com>
https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/74B5SPSDSZDD3OVD6XFOTB32O6DM2FIJ/ 
This patch set fix two jfs cve issue.

Edward Adam Davis (2):
  jfs: fix uaf in jfs_evict_inode
  jfs: fix array-index-out-of-bounds in diNewExt


-- 
2.31.1
 
https://gitee.com/src-openeuler/kernel/issues/I96G7N
https://gitee.com/src-openeuler/kernel/issues/I96G7F 
 
Link:https://gitee.com/openeuler/kernel/pulls/5433

 

Reviewed-by: default avatarJialin Zhang <zhangjialin11@huawei.com>
Signed-off-by: default avatarJialin Zhang <zhangjialin11@huawei.com>
parents 1b5f6e5c c8b98fd9

fs/jfs/jfs_imap.c

+3 −0
Original line number Diff line number Diff line
@@ -2177,6 +2177,9 @@ static int diNewExt(struct inomap * imap, struct iag * iagp, int extno) 
	/* get the ag and iag numbers for this iag.

	 */

	agno = BLKTOAG(le64_to_cpu(iagp->agstart), sbi);

	if (agno >= MAXAG || agno < 0)

		return -EIO;



	iagno = le32_to_cpu(iagp->iagnum);



	/* check if this is the last free extent within the

fs/jfs/jfs_mount.c

+3 −3
Original line number Diff line number Diff line
@@ -172,15 +172,15 @@ int jfs_mount(struct super_block *sb) 
	}

	jfs_info("jfs_mount: ipimap:0x%p", ipimap);



	/* map further access of per fileset inodes by the fileset inode */

	sbi->ipimap = ipimap;



	/* initialize fileset inode allocation map */

	if ((rc = diMount(ipimap))) {

		jfs_err("jfs_mount: diMount failed w/rc = %d", rc);

		goto err_ipimap;

	}



	/* map further access of per fileset inodes by the fileset inode */

	sbi->ipimap = ipimap;



	return rc;



	/*