diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2023-06-29 13:10:32 -0700 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2023-06-29 13:10:32 -0700 |
| commit | b9d02c224d00a412d9c7fb1f92c358604038a783 (patch) | |
| tree | c6afab13c23ff126aeddc3e1c9bac681b3827580 /fs/jfs | |
| parent | be3c213150dc4370ef211a78d78457ff166eba4e (diff) | |
| parent | 95e2b352c03b0a86c5717ba1d24ea20969abcacc (diff) | |
| download | lwn-b9d02c224d00a412d9c7fb1f92c358604038a783.tar.gz lwn-b9d02c224d00a412d9c7fb1f92c358604038a783.zip | |
Merge tag 'jfs-6.5' of github.com:kleikamp/linux-shaggy
Pull jfs updates from David Kleikamp:
"Minor bug fixes and cleanups"
* tag 'jfs-6.5' of github.com:kleikamp/linux-shaggy:
FS: JFS: Check for read-only mounted filesystem in txBegin
FS: JFS: Fix null-ptr-deref Read in txBegin
fs: jfs: Fix UBSAN: array-index-out-of-bounds in dbAllocDmapLev
fs: jfs: (trivial) Fix typo in dbInitTree function
jfs: jfs_dmap: Validate db_l2nbperpage while mounting
Diffstat (limited to 'fs/jfs')
| -rw-r--r-- | fs/jfs/jfs_dmap.c | 11 | ||||
| -rw-r--r-- | fs/jfs/jfs_filsys.h | 2 | ||||
| -rw-r--r-- | fs/jfs/jfs_txnmgr.c | 5 | ||||
| -rw-r--r-- | fs/jfs/namei.c | 5 |
4 files changed, 22 insertions, 1 deletions
diff --git a/fs/jfs/jfs_dmap.c b/fs/jfs/jfs_dmap.c index a3eb1e826947..a14a0f18a4c4 100644 --- a/fs/jfs/jfs_dmap.c +++ b/fs/jfs/jfs_dmap.c @@ -178,7 +178,13 @@ int dbMount(struct inode *ipbmap) dbmp_le = (struct dbmap_disk *) mp->data; bmp->db_mapsize = le64_to_cpu(dbmp_le->dn_mapsize); bmp->db_nfree = le64_to_cpu(dbmp_le->dn_nfree); + bmp->db_l2nbperpage = le32_to_cpu(dbmp_le->dn_l2nbperpage); + if (bmp->db_l2nbperpage > L2PSIZE - L2MINBLOCKSIZE) { + err = -EINVAL; + goto err_release_metapage; + } + bmp->db_numag = le32_to_cpu(dbmp_le->dn_numag); if (!bmp->db_numag) { err = -EINVAL; @@ -1953,6 +1959,9 @@ dbAllocDmapLev(struct bmap * bmp, if (dbFindLeaf((dmtree_t *) & dp->tree, l2nb, &leafidx)) return -ENOSPC; + if (leafidx < 0) + return -EIO; + /* determine the block number within the file system corresponding * to the leaf at which free space was found. */ @@ -3851,7 +3860,7 @@ static int dbInitTree(struct dmaptree * dtp) l2max = le32_to_cpu(dtp->l2nleafs) + dtp->budmin; /* - * configure the leaf levevl into binary buddy system + * configure the leaf level into binary buddy system * * Try to combine buddies starting with a buddy size of 1 * (i.e. two leaves). At a buddy size of 1 two buddy leaves diff --git a/fs/jfs/jfs_filsys.h b/fs/jfs/jfs_filsys.h index b5d702df7111..33ef13a0b110 100644 --- a/fs/jfs/jfs_filsys.h +++ b/fs/jfs/jfs_filsys.h @@ -122,7 +122,9 @@ #define NUM_INODE_PER_IAG INOSPERIAG #define MINBLOCKSIZE 512 +#define L2MINBLOCKSIZE 9 #define MAXBLOCKSIZE 4096 +#define L2MAXBLOCKSIZE 12 #define MAXFILESIZE ((s64)1 << 52) #define JFS_LINK_MAX 0xffffffff diff --git a/fs/jfs/jfs_txnmgr.c b/fs/jfs/jfs_txnmgr.c index ffd4feece078..ce4b4760fcb1 100644 --- a/fs/jfs/jfs_txnmgr.c +++ b/fs/jfs/jfs_txnmgr.c @@ -354,6 +354,11 @@ tid_t txBegin(struct super_block *sb, int flag) jfs_info("txBegin: flag = 0x%x", flag); log = JFS_SBI(sb)->log; + if (!log) { + jfs_error(sb, "read-only filesystem\n"); + return 0; + } + TXN_LOCK(); INCREMENT(TxStat.txBegin); diff --git a/fs/jfs/namei.c b/fs/jfs/namei.c index 494b9f4043cf..9b030297aa64 100644 --- a/fs/jfs/namei.c +++ b/fs/jfs/namei.c @@ -799,6 +799,11 @@ static int jfs_link(struct dentry *old_dentry, if (rc) goto out; + if (isReadOnly(ip)) { + jfs_error(ip->i_sb, "read-only filesystem\n"); + return -EROFS; + } + tid = txBegin(ip->i_sb, 0); mutex_lock_nested(&JFS_IP(dir)->commit_mutex, COMMIT_MUTEX_PARENT); |