Commit fb45e5b3 authored Nov 04, 2024 by Edward Adam Davis Committed by Yongjian Sun Nov 04, 2024

ext4: no need to continue when the number of entries is 1

mainline inclusion
from mainline-v6.12-rc1
commit 1a00a393d6a7fb1e745a41edd09019bd6a0ad64c
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/IAYRCB
CVE: CVE-2024-49967

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1a00a393d6a7fb1e745a41edd09019bd6a0ad64c



--------------------------------

Fixes: ac27a0ec ("[PATCH] ext4: initial copy of files from ext3")
Reported-by:  <syzbot+ae688d469e36fb5138d0@syzkaller.appspotmail.com>
Closes: https://syzkaller.appspot.com/bug?extid=ae688d469e36fb5138d0


Signed-off-by: Edward Adam Davis <eadavis@qq.com>
Reported-and-tested-by:  <syzbot+ae688d469e36fb5138d0@syzkaller.appspotmail.com>
Link: https://patch.msgid.link/tencent_BE7AEE6C7C2D216CB8949CE8E6EE7ECC2C0A@qq.com


Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Cc: stable@kernel.org
Signed-off-by: Yongjian Sun <sunyongjian1@huawei.com>

parent b324fa0a

fs/ext4/namei.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -2045,7 +2045,7 @@ static struct ext4_dir_entry_2 do_split(handle_t handle, struct inode *dir,
		split = count/2;

		hash2 = map[split].hash;
		continued = hash2 == map[split - 1].hash;
		continued = split > 0 ? hash2 == map[split - 1].hash : 0;
		dxtrace(printk(KERN_INFO "Split block %lu at %x, %i/%i\n",
		(unsigned long)dx_get_block(frame->at),
		hash2, split, count-split));