Received: by 2002:a05:6500:1b8f:b0:1fa:5c73:8e2d with SMTP id df15csp1295981lqb;
        Thu, 30 May 2024 06:29:41 -0700 (PDT)
X-Forwarded-Encrypted: i=3; AJvYcCVu1yYhBotXugiR43LkHO0Q77qekIsOKtwAl1N+Gaej3i6UhMGEdYyQTNiDPHnpTne/dBd8Ber0VE+UOM4tMyM3lxMAAKIVUShxU89hAA==
X-Google-Smtp-Source: AGHT+IHvfJ5d8q36rGgvHaSgPNTpgegfO+hYdV5ONF73F+43jSSlSkzDCPWk/eLunfR8v4wKT6He
X-Received: by 2002:a05:6a20:2453:b0:1af:f89d:831d with SMTP id adf61e73a8af0-1b26454ad3bmr2267711637.24.1717075780857;
        Thu, 30 May 2024 06:29:40 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1717075780; cv=pass;
        d=google.com; s=arc-20160816;
        b=rNAXyC0u2TJN4FceXicNdgGEpJnMW+qfOhKNkUlRbYMhyObRuGhiYPbDYJU//lU7zz
         mV84b5jrw/lQgdefJFzN9oYiRhPdNgtrs0QxjCmOvyEfV9MVpqjH2DeM5h70zZ/BEzjs
         YTwNgeZeUCJAyoNLeZsAwym9MqZjRuDtzFUbGgpaPbE1suh2E3iNrtmjH8X3rsZfUSjr
         AGSO4400t3YZerSrtKEkaZ9/nyfO4tAjq+MiMQg/JQOe6DWidGlws3eOcwSe60G1D4jB
         LMon7KpyGofB1fWdlA7Y5pm8Q2Xn8xtGLFq29QjF2LwUah8VcrhF2fiNaxCA4r+be0he
         xEyQ==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=content-transfer-encoding:mime-version:list-unsubscribe
         :list-subscribe:list-id:precedence:references:in-reply-to:message-id
         :date:subject:cc:to:from:dkim-signature;
        bh=VGr470UzYPkb1JrCxKxwFe0Io6yxwP6cL+xsfiNCuy8=;
        fh=xo/dI2TxU8etvZe7B082moKUGPhQUDepqUT0VkuHHYE=;
        b=gcy/Kt8fJeIt8J+K9w0r8JcyKreU5ZJw3idqtuWpcxKLd4Qq9X6AIRU/u3dACFzv4I
         xeedEJe+xAO6sg/s9BwCrwlsIiNxPovUg0lLY0956eWLIgBZMmGFowUeHB9iZICf/Qls
         1N0ZP2p6LbLnknHbAV6lQIUSHWCIusdhpRDcir/8aQirzu+bRaWCTCR3fUSk4shDAJEF
         HkvvqWyxslFVj6cKEtLY22KgB48/vKwg3U8Rn3KYO9yiP9K/bRafcd2HrI/PNN/ylEmx
         dCC/Dzhsyk7WtJzi++XIJT/r93im1lih51pBvzQB2nKPOEkKcz5hbDaENX19WzonRc0f
         5MVQ==;
        dara=google.com
ARC-Authentication-Results: i=2; mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20230601 header.b=VauoZJ7I;
       arc=pass (i=1 spf=pass spfdomain=gmail.com dkim=pass dkdomain=gmail.com dmarc=pass fromdomain=gmail.com);
       spf=pass (google.com: domain of linux-kernel+bounces-195423-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-195423-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Return-Path: <linux-kernel+bounces-195423-linux.lists.archive=gmail.com@vger.kernel.org>
Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [139.178.88.99])
        by mx.google.com with ESMTPS id 41be03b00d2f7-682278902e1si12210789a12.349.2024.05.30.06.29.40
        for <linux.lists.archive@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 30 May 2024 06:29:40 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel+bounces-195423-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) client-ip=139.178.88.99;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@gmail.com header.s=20230601 header.b=VauoZJ7I;
       arc=pass (i=1 spf=pass spfdomain=gmail.com dkim=pass dkdomain=gmail.com dmarc=pass fromdomain=gmail.com);
       spf=pass (google.com: domain of linux-kernel+bounces-195423-linux.lists.archive=gmail.com@vger.kernel.org designates 139.178.88.99 as permitted sender) smtp.mailfrom="linux-kernel+bounces-195423-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by sv.mirrors.kernel.org (Postfix) with ESMTPS id 7D146284F31
	for <linux.lists.archive@gmail.com>; Thu, 30 May 2024 13:29:40 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id 995B417C22C;
	Thu, 30 May 2024 13:29:24 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="VauoZJ7I"
Received: from mail-pl1-f181.google.com (mail-pl1-f181.google.com [209.85.214.181])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7B25E17C204;
	Thu, 30 May 2024 13:29:22 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.181
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1717075763; cv=none; b=P7fiVRkPc/skYfDosZHsjctqnccFMXuZJxMoE9TiW3tnIDEmPHKz5szNFpAKFbf2MizBlY+lam16iwR985Q0C1VjklIavbWTOlFMXziQphRrvOT9AFqgVvdWPbIhxYyD7Gxr6TNMpBPhECo3P1O9GpqYAzRDapRPx8Uf/Cn4WTM=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1717075763; c=relaxed/simple;
	bh=zMMp1cir+0YHe4gw1xEIqjsYAXeoxkN2vahiR5UsUhs=;
	h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References:
	 MIME-Version:Content-Type; b=OZEqqpzT1Rt6Jr85Fi22vZ10hPIVWqS3Cy05KVWh3E+NzjZ9pmFAEXKBOI9J3iXKj0Sy9kdrJijDx3xMYzfK49yhZAS6X+vzkILXArmAF7OH+obIEVB6Re7CQrfnhojupEM+HZVpiLoCrvePR2jju+Wq2Gkf++cn+0owNPk6SKA=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=VauoZJ7I; arc=none smtp.client-ip=209.85.214.181
Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com
Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com
Received: by mail-pl1-f181.google.com with SMTP id d9443c01a7336-1f47f07aceaso7663215ad.0;
        Thu, 30 May 2024 06:29:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1717075762; x=1717680562; darn=vger.kernel.org;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:from:to:cc:subject:date
         :message-id:reply-to;
        bh=VGr470UzYPkb1JrCxKxwFe0Io6yxwP6cL+xsfiNCuy8=;
        b=VauoZJ7Iu+SyLI9fIl18MuWSnPX5GbxItSxCoXQyKniqCVOgI7mmzxgEMGggUvpryk
         pKMMWPCVRE9pd18PxjqTNwOmoKJC6lFGoqo2ErXwlkiDafVVfUk4/TsHG7Nys1gQPVSU
         b85FdDk+rVscC3FsvYz2j5OCqxH72JBdhQg8aTCmF92dGs5VEPYekK4LqOpKtaIuF5br
         zfO6Z3gbYNaLcPHrOTnEzSE2k+oGTgOSgiFG5Sv7qyRTLlKx/kBp8/OW3m5Zi8/mu/le
         ZzEDqynDT6KbTdcJBKqsC6hfphe0O/dla2lOWCiQK0n5xfILVgwRxoTFAtqkuO1Efjif
         wh+g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1717075762; x=1717680562;
        h=content-transfer-encoding:mime-version:references:in-reply-to
         :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=VGr470UzYPkb1JrCxKxwFe0Io6yxwP6cL+xsfiNCuy8=;
        b=tyHONS0LxQJM506bI3+MYMiNxSlwJT96n83k56Dd8L+YFgYlqBDYIQmYXT0aRRV0jS
         Zk+5E8RYMigV0ump8Dr/FzODd16pse3GwDHuxLSxCcQxmBvbhN1qiP+pIVQQwPoLqCHN
         o6b2/osUARqexrztfexmXmPpfllLgMNWGgVM9bpV/6G4qozpnOzXcP5FCeZVtUgJgSAy
         pngaVw6fDBZjKkN3cpC33coGmaPMESyDBiF0Y72Fj9bFvYZ6MujAzZWOQz14PRLDIS1V
         CvOv5x3ypMYuui5btjxLWP+PZkT64nqzf2BNSCpJdKkMDIS4BG73aLiwb5C4fk+FmYsn
         xhqA==
X-Forwarded-Encrypted: i=1; AJvYcCV+HV1I9nBv26uy2A0W63SU/7B99n88by6RFD2hrXe8KFvhDzj82S3dBVrUTrCCntjV426xeuOJ7qQ0foW8AWpdBPnZxoxHpHTZw1ieLVEqaPz7uJR8AQRoqH2SbiLgB0zKz7We6Py5MNYMEQ==
X-Gm-Message-State: AOJu0YyIhqQJfy83KbTpJ1Kx/voT+CCLtTul2Ur6eqtiS0nG5GdPKkc3
	Bf6oFCfTFZHmHbepGCf78mRr9okITdrlxwLAGrbvR/fAqzxjuEyW34jPi5SI
X-Received: by 2002:a17:903:32c2:b0:1e2:9aa7:fd21 with SMTP id d9443c01a7336-1f619934e5amr21391285ad.54.1717075761592;
        Thu, 30 May 2024 06:29:21 -0700 (PDT)
Received: from localhost.localdomain ([121.185.186.233])
        by smtp.gmail.com with ESMTPSA id d9443c01a7336-1f627aedb2asm5825305ad.84.2024.05.30.06.29.19
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 30 May 2024 06:29:21 -0700 (PDT)
From: Jeongjun Park <aha310510@gmail.com>
To: dave.kleikamp@oracle.com,
	shaggy@kernel.org
Cc: jfs-discussion@lists.sourceforge.net,
	linux-fsdevel@vger.kernel.org,
	linux-kernel@vger.kernel.org,
	syzbot+241c815bda521982cb49@syzkaller.appspotmail.com,
	syzkaller-bugs@googlegroups.com,
	willy@infradead.org,
	Jeongjun Park <aha310510@gmail.com>
Subject: Re: [PATCH] jfs: Fix array-index-out-of-bounds in diFree
Date: Thu, 30 May 2024 22:28:09 +0900
Message-Id: <20240530132809.4388-1-aha310510@gmail.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20240426034156.52928-1-aha310510@gmail.com>
References: <20240426034156.52928-1-aha310510@gmail.com>
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

>
> Matthew Wilcox wrote:
> > This is not a good commit message.
>
> > > +   if(agno >= MAXAG || agno < 0)
> >
> > Please follow normal kernel whitespace rules -- one space between 'if'
> > and the open paren.
>
> Has confirmed. This is a patch that re-edited the relevant part to
> comply with the rules.
>
> Thanks.
>

I have just discovered that the patch I sent last time has been left 
unattended. It appears that the vulnerability continues to occur in 
version 6.10.0-rc1. I would appreciate it if you could review the patch
and let me know what might be wrong with it.

Regards

Reported-by: syzbot+241c815bda521982cb49@syzkaller.appspotmail.com
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Jeongjun Park <aha310510@gmail.com>
---
 fs/jfs/jfs_imap.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/fs/jfs/jfs_imap.c b/fs/jfs/jfs_imap.c
index 2ec35889ad24..1407feccbc2d 100644
--- a/fs/jfs/jfs_imap.c
+++ b/fs/jfs/jfs_imap.c
@@ -290,7 +290,7 @@ int diSync(struct inode *ipimap)
 int diRead(struct inode *ip)
 {
 	struct jfs_sb_info *sbi = JFS_SBI(ip->i_sb);
-	int iagno, ino, extno, rc;
+	int iagno, ino, extno, rc, agno;
 	struct inode *ipimap;
 	struct dinode *dp;
 	struct iag *iagp;
@@ -339,8 +339,11 @@ int diRead(struct inode *ip)
 
 	/* get the ag for the iag */
 	agstart = le64_to_cpu(iagp->agstart);
+	agno = BLKTOAG(agstart, JFS_SBI(ip->i_sb));
 
 	release_metapage(mp);
+	if (agno >= MAXAG || agno < 0)
+		return -EIO;
 
 	rel_inode = (ino & (INOSPERPAGE - 1));
 	pageno = blkno >> sbi->l2nbperpage;
-- 
2.34.1