2022-10-18 09:03:33

by Dongliang Mu

[permalink] [raw]
Subject: [PATCH] fs: jfs: use the correct value to do sanity check

The previous commit 920f4b7e923b ("fs: jfs: fix shift-out-of-bounds
in dbAllocAG") incorrectly uses MAXMAPSIZE - L2MAXAG as upper bound to
limit bmp->db_agl2size. The right value should be L2MAXL2SIZE - L2MAXAG,
i.e., 13 + 10*3 - 7 = 36, according to Dave Kleikamp.

Fix this by modifying the upper bound to the correct value.

Reported-by: kernel test robot <[email protected]>
Fixes: 920f4b7e923b ("fs: jfs: fix shift-out-of-bounds in dbAllocAG")
Signed-off-by: Dongliang Mu <[email protected]>
---
fs/jfs/jfs_dmap.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/fs/jfs/jfs_dmap.c b/fs/jfs/jfs_dmap.c
index 962c855631cb..e1cbfbb60303 100644
--- a/fs/jfs/jfs_dmap.c
+++ b/fs/jfs/jfs_dmap.c
@@ -193,7 +193,7 @@ int dbMount(struct inode *ipbmap)
bmp->db_agwidth = le32_to_cpu(dbmp_le->dn_agwidth);
bmp->db_agstart = le32_to_cpu(dbmp_le->dn_agstart);
bmp->db_agl2size = le32_to_cpu(dbmp_le->dn_agl2size);
- if (bmp->db_agl2size > MAXMAPSIZE - L2MAXAG) {
+ if (bmp->db_agl2size > L2MAXL2SIZE - L2MAXAG) {
err = -EINVAL;
goto err_release_metapage;
}
--
2.35.1