mirrors/linux
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git synced 2025-12-27 13:30:45 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
37bfb464ddca87f203071b5bd562cd91ddc0b40a
linux/fs
History
Vasiliy Kovalev 37bfb464dd jfs: validate AG parameters in dbMount() to prevent crashes 
Validate db_agheight, db_agwidth, and db_agstart in dbMount to catch
corrupted metadata early and avoid undefined behavior in dbAllocAG.
Limits are derived from L2LPERCTL, LPERCTL/MAXAG, and CTLTREESIZE:

- agheight: 0 to L2LPERCTL/2 (0 to 5) ensures shift
  (L2LPERCTL - 2*agheight) >= 0.
- agwidth: 1 to min(LPERCTL/MAXAG, 2^(L2LPERCTL - 2*agheight))
  ensures agperlev >= 1.
  - Ranges: 1-8 (agheight 0-3), 1-4 (agheight 4), 1 (agheight 5).
  - LPERCTL/MAXAG = 1024/128 = 8 limits leaves per AG;
    2^(10 - 2*agheight) prevents division to 0.
- agstart: 0 to CTLTREESIZE-1 - agwidth*(MAXAG-1) keeps ti within
  stree (size 1365).
  - Ranges: 0-1237 (agwidth 1), 0-348 (agwidth 8).

UBSAN: shift-out-of-bounds in fs/jfs/jfs_dmap.c:1400:9
shift exponent -335544310 is negative
CPU: 0 UID: 0 PID: 5822 Comm: syz-executor130 Not tainted 6.14.0-rc5-syzkaller #0
Hardware name: Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120
 ubsan_epilogue lib/ubsan.c:231 [inline]
 __ubsan_handle_shift_out_of_bounds+0x3c8/0x420 lib/ubsan.c:468
 dbAllocAG+0x1087/0x10b0 fs/jfs/jfs_dmap.c:1400
 dbDiscardAG+0x352/0xa20 fs/jfs/jfs_dmap.c:1613
 jfs_ioc_trim+0x45a/0x6b0 fs/jfs/jfs_discard.c:105
 jfs_ioctl+0x2cd/0x3e0 fs/jfs/ioctl.c:131
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:906 [inline]
 __se_sys_ioctl+0xf5/0x170 fs/ioctl.c:892
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f

Found by Linux Verification Center (linuxtesting.org) with Syzkaller.

Cc: stable@vger.kernel.org
Fixes: 1da177e4c3 ("Linux-2.6.12-rc2")
Reported-by: syzbot+fe8264911355151c487f@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=fe8264911355151c487f
Signed-off-by: Vasiliy Kovalev <kovalev@altlinux.org>
Signed-off-by: Dave Kleikamp <dave.kleikamp@oracle.com>
2025-04-03 09:11:42 -05:00
..
9p
Change inode_operations.mkdir to return struct dentry *
2025-02-27 20:00:17 +01:00
adfs
Merge patch series "adfs, affs, befs, hfs, hfsplus: convert to new mount api"
2024-10-08 14:41:53 +02:00
affs
Merge tag 'vfs-6.15-rc1.async.dir' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs
2025-03-24 10:47:14 -07:00
afs
Merge tag 'vfs-6.15-rc1.afs' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs
2025-03-24 13:15:16 -07:00
autofs
Merge tag 'vfs-6.15-rc1.async.dir' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs
2025-03-24 10:47:14 -07:00
bcachefs
Merge tag 'mm-stable-2025-03-30-16-52' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
2025-04-01 09:29:18 -07:00
befs
bfs
btrfs
Merge tag 'mm-nonmm-stable-2025-03-30-18-23' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
2025-04-01 10:06:52 -07:00
cachefiles
cachefiles: Fix oops in vfs_mkdir from cachefiles_get_directory
2025-03-25 14:59:14 +01:00
ceph
Merge tag 'vfs-6.15-rc1.ceph' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs
2025-03-24 12:17:13 -07:00
coda
Change inode_operations.mkdir to return struct dentry *
2025-02-27 20:00:17 +01:00
configfs
Change inode_operations.mkdir to return struct dentry *
2025-02-27 20:00:17 +01:00
cramfs
crypto
Merge tag 'for-6.15/block-20250322' of git://git.kernel.dk/linux
2025-03-26 18:08:55 -07:00
debugfs
debugfs: Fix the missing initializations in __debugfs_file_get()
2025-01-30 08:22:31 +01:00
devpts
vfs: Convert devpts to use the new mount API
2025-02-06 11:51:43 +01:00
dlm
dlm: make tcp still work in multi-link env
2025-03-18 10:49:22 -05:00
ecryptfs
Merge tag 'vfs-6.15-rc1.async.dir' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs
2025-03-24 10:47:14 -07:00
efivarfs
Merge tag 'efi-next-for-v6.15' of git://git.kernel.org/pub/scm/linux/kernel/git/efi/efi
2025-03-29 11:36:19 -07:00
efs
efs: fix the efs new mount api implementation
2024-10-15 15:58:36 +02:00
erofs
erofs: enable 48-bit layout support
2025-03-17 14:02:16 +08:00
exfat
exfat: call bh_read in get_block only when necessary
2025-03-29 22:03:11 +09:00
exportfs
exportfs: add module description
2025-03-25 15:57:58 +01:00
ext2
Merge tag 'fs_for_v6.15-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/jack/linux-fs
2025-03-31 17:53:44 -07:00
ext4
Merge tag 'mm-stable-2025-03-30-16-52' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
2025-04-01 09:29:18 -07:00
f2fs
Merge tag 'f2fs-for-6.15-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/jaegeuk/f2fs
2025-03-27 12:55:54 -07:00
fat
Change inode_operations.mkdir to return struct dentry *
2025-02-27 20:00:17 +01:00
freevxfs
freevxfs: Replace one-element array with flexible array member
2024-11-06 10:42:06 +01:00
fuse
Merge tag 'fuse-update-6.15' of git://git.kernel.org/pub/scm/linux/kernel/git/mszeredi/fuse
2025-04-02 16:36:59 -07:00
gfs2
Merge tag 'gfs2-for-6.15' of git://git.kernel.org/pub/scm/linux/kernel/git/gfs2/linux-gfs2
2025-03-27 12:09:25 -07:00
hfs
Change inode_operations.mkdir to return struct dentry *
2025-02-27 20:00:17 +01:00
hfsplus
Change inode_operations.mkdir to return struct dentry *
2025-02-27 20:00:17 +01:00
hostfs
Merge tag 'uml-for-linux-6.15-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/uml/linux
2025-04-02 12:25:03 -07:00
hpfs
Change inode_operations.mkdir to return struct dentry *
2025-02-27 20:00:17 +01:00
hugetlbfs
Merge tag 'mm-stable-2025-03-30-16-52' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
2025-04-01 09:29:18 -07:00
iomap
Merge tag 'mm-stable-2025-03-30-16-52' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
2025-04-01 09:29:18 -07:00
isofs
isofs: fix KMSAN uninit-value bug in do_isofs_readdir()
2025-02-12 14:25:19 +01:00
jbd2
jbd2: add a missing data flush during file and fs synchronization
2025-03-21 00:59:28 -04:00
jffs2
Change inode_operations.mkdir to return struct dentry *
2025-02-27 20:00:17 +01:00
jfs
jfs: validate AG parameters in dbMount() to prevent crashes
2025-04-03 09:11:42 -05:00
kernfs
Merge tag 'driver-core-6.15-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/gregkh/driver-core
2025-04-01 11:02:03 -07:00
lockd
sysctl: Fixes nsm_local_state bounds
2025-03-10 09:11:13 -04:00
minix
Change inode_operations.mkdir to return struct dentry *
2025-02-27 20:00:17 +01:00
netfs
netfs: Fix netfs_unbuffered_read() to return ssize_t rather than int
2025-03-19 10:04:23 +01:00
nfs
Merge tag 'nfs-for-6.15-1' of git://git.linux-nfs.org/projects/trondmy/linux-nfs
2025-04-02 17:06:31 -07:00
nfs_common
fs: nfs: acl: Avoid -Wflex-array-member-not-at-end warning
2025-03-10 09:11:04 -04:00
nfsd
Merge tag 'nfsd-6.15' of git://git.kernel.org/pub/scm/linux/kernel/git/cel/linux
2025-03-31 17:28:17 -07:00
nilfs2
Change inode_operations.mkdir to return struct dentry *
2025-02-27 20:00:17 +01:00
nls
move asm/unaligned.h to linux/unaligned.h
2024-10-02 17:23:23 -04:00
notify
Merge tag 'vfs-6.15-rc1.mount' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs
2025-03-24 09:34:10 -07:00
ntfs3
Merge tag 'ntfs3_for_6.15' of https://github.com/Paragon-Software-Group/linux-ntfs3
2025-04-02 16:30:02 -07:00
ocfs2
Merge tag 'mm-nonmm-stable-2025-03-30-18-23' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
2025-04-01 10:06:52 -07:00
omfs
Change inode_operations.mkdir to return struct dentry *
2025-02-27 20:00:17 +01:00
openpromfs
orangefs
Merge tag 'for-linus-6.15-ofs1' of git://git.kernel.org/pub/scm/linux/kernel/git/hubcap/linux
2025-03-27 13:14:39 -07:00
overlayfs
Merge tag 'vfs-6.15-rc1.async.dir' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs
2025-03-24 10:47:14 -07:00
proc
Merge tag 'mm-nonmm-stable-2025-03-30-18-23' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
2025-04-01 10:06:52 -07:00
pstore
Merge tag 'pstore-v6.15-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux
2025-03-24 15:43:28 -07:00
qnx4
qnx6
fs/qnx6: Fix building with GCC 15
2024-12-03 10:40:36 +01:00
quota
treewide: const qualify ctl_tables where applicable
2025-01-28 13:48:37 +01:00
ramfs
Change inode_operations.mkdir to return struct dentry *
2025-02-27 20:00:17 +01:00
romfs
smb
Merge tag 'v6.15rc-part1-ksmbd-server-fixes' of git://git.samba.org/ksmbd
2025-03-31 17:42:26 -07:00
squashfs
squashfs: fix invalid pointer dereference in squashfs_cache_delete
2025-03-16 17:40:24 -07:00
sysfs
kernfs: Use RCU to access kernfs_node::name.
2025-02-15 17:46:32 +01:00
tests
tracefs
Change inode_operations.mkdir to return struct dentry *
2025-02-27 20:00:17 +01:00
ubifs
Merge tag 'v6.15-p1' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6
2025-03-29 10:01:55 -07:00
udf
Merge tag 'mm-stable-2025-03-30-16-52' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
2025-04-01 09:29:18 -07:00
ufs
Change inode_operations.mkdir to return struct dentry *
2025-02-27 20:00:17 +01:00
unicode
unicode: kunit: change tests filename and path
2025-02-12 14:00:11 -08:00
vboxsf
Merge tag 'vfs-6.15-rc1.async.dir' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs
2025-03-24 10:47:14 -07:00
verity
Revert "fsverity: relax build time dependency on CRYPTO_SHA256"
2025-02-17 11:34:15 -08:00
xfs
Merge tag 'mm-nonmm-stable-2025-03-30-18-23' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
2025-04-01 10:06:52 -07:00
zonefs
iomap: pass private data to iomap_page_mkwrite
2025-02-06 13:02:15 +01:00
aio.c
treewide: const qualify ctl_tables where applicable
2025-01-28 13:48:37 +01:00
anon_inodes.c
add a string-to-qstr constructor
2025-01-27 19:25:45 -05:00
attr.c
fs: handle delegated timestamps in setattr_copy_mgtime
2024-10-10 10:20:51 +02:00
backing-file.c
tree-wide: s/revert_creds_light()/revert_creds()/g
2024-12-02 11:25:09 +01:00
bad_inode.c
Change inode_operations.mkdir to return struct dentry *
2025-02-27 20:00:17 +01:00
binfmt_elf_fdpic.c
binfmt_elf_fdpic: fix variable set but not used warning
2025-03-07 20:07:33 -08:00
binfmt_elf.c
binfmt_elf: Use note name macros
2025-02-10 16:47:07 -08:00
binfmt_flat.c
binfmt_flat: Fix integer overflow bug on 32 bit systems
2025-01-10 08:49:05 -08:00
binfmt_misc.c
Merge tag 'execve-v6.14-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux
2025-01-20 13:27:58 -08:00
binfmt_script.c
bpf_fs_kfuncs.c
bpf: fs/xattr: Add BPF kfuncs to set and remove xattrs
2025-02-13 19:35:32 -08:00
buffer.c
Merge tag 'mm-stable-2025-03-30-16-52' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
2025-04-01 09:29:18 -07:00
char_dev.c
fs: Reorganize kerneldoc parameter names
2024-10-22 11:16:57 +02:00
compat_binfmt_elf.c
binfmt_elf: Wire up AT_HWCAP3 at AT_HWCAP4
2024-10-17 18:38:49 +01:00
coredump.c
Merge tag 'sysctl-6.15-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/sysctl/sysctl
2025-03-26 21:02:05 -07:00
d_path.c
dax.c
Merge tag 'mm-stable-2025-03-30-16-52' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
2025-04-01 09:29:18 -07:00
dcache.c
Merge tag 'sysctl-6.15-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/sysctl/sysctl
2025-03-26 21:02:05 -07:00
direct-io.c
drop_caches.c
fs: drop_caches: move sysctl to fs/drop_caches.c
2025-02-07 16:53:04 +01:00
eventfd.c
make use of anon_inode_getfile_fmode()
2025-02-21 10:25:31 +01:00
eventpoll.c
Merge tag 'net-next-6.15' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next
2025-03-26 21:48:21 -07:00
exec.c
exec: fix the racy usage of fs_struct->in_exec
2025-03-25 14:59:05 +01:00
fcntl.c
fs: get rid of __FMODE_NONOTIFY kludge
2024-12-09 11:34:29 +01:00
fhandle.c
exportfs: add permission method
2024-12-17 09:16:11 +01:00
file_table.c
Merge tag 'vfs-6.15-rc1.file' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs
2025-03-24 13:19:17 -07:00
file.c
Merge tag 'vfs-6.15-rc1.file' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs
2025-03-24 13:19:17 -07:00
filesystems.c
fs_context.c
fs: fc_log replace magic number 7 with ARRAY_SIZE()
2024-12-22 11:29:52 +01:00
fs_parser.c
bcachefs: add support for true/false & yes/no in bool-type options
2024-12-21 01:36:17 -05:00
fs_pin.c
fs_struct.c
fs_types.c
fs-writeback.c
fs: fs-writeback: move sysctl to fs/fs-writeback.c
2025-02-07 16:53:04 +01:00
fsopen.c
fs: support O_PATH fds with FSCONFIG_SET_FD
2025-02-12 10:02:10 +01:00
init.c
VFS: Change vfs_mkdir() to return the dentry.
2025-03-05 11:52:50 +01:00
inode.c
fs: call inode_sb_list_add() outside of inode hash lock
2025-03-20 13:06:51 +01:00
internal.h
Merge tag 'vfs-6.15-rc1.file' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs
2025-03-24 13:19:17 -07:00
ioctl.c
ioctl: Fix return type of several functions from long to int
2025-02-21 10:25:32 +01:00
Kconfig
Merge tag 'mm-stable-2025-03-30-16-52' of git://git.kernel.org/pub/scm/linux/kernel/git/akpm/mm
2025-04-01 09:29:18 -07:00
Kconfig.binfmt
kernel_read_file.c
fdget(), trivial conversions
2024-11-03 01:28:06 -05:00
libfs.c
Merge tag 'vfs-6.15-rc1.pidfs' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs
2025-03-24 10:16:37 -07:00
locks.c
treewide: const qualify ctl_tables where applicable
2025-01-28 13:48:37 +01:00
Makefile
sysv: Remove the filesystem
2025-02-21 10:32:47 +01:00
mbcache.c
mnt_idmapping.c
statmount: allow to retrieve idmappings
2025-02-12 12:12:27 +01:00
mount.h
Merge tag 'vfs-6.15-rc1.mount.namespace' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs
2025-03-24 11:41:41 -07:00
mpage.c
fs/buffer fs/mpage: remove large folio restriction
2025-02-24 11:44:44 +01:00
namei.c
Merge tag 'vfs-6.15-rc1.file' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs
2025-03-24 13:19:17 -07:00
namespace.c
fs: namespace: Avoid -Wflex-array-member-not-at-end warning
2025-03-28 10:18:34 +01:00
nsfs.c
Merge tag 'vfs-6.15-rc1.nsfs' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs
2025-03-24 11:38:12 -07:00
open.c
Merge tag 'vfs-6.15-rc1.file' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs
2025-03-24 13:19:17 -07:00
pidfs.c
Merge tag 'vfs-6.15-rc1.pidfs' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs
2025-03-24 10:16:37 -07:00
pipe.c
Merge patch series "pipe: Trivial cleanups"
2025-03-10 08:55:13 +01:00
pnode.c
Merge tag 'vfs-6.15-rc1.mount.namespace' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs
2025-03-24 11:41:41 -07:00
pnode.h
mount: handle mount propagation for detached mount trees
2025-03-04 09:29:54 +01:00
posix_acl.c
acl: Annotate struct posix_acl with __counted_by()
2024-10-22 11:16:59 +02:00
proc_namespace.c
read_write.c
fs: don't needlessly acquire f_lock
2025-02-21 10:25:32 +01:00
readdir.c
introduce "fd_pos" class, convert fdget_pos() users to it.
2024-11-03 01:28:06 -05:00
remap_range.c
convert vfs_dedupe_file_range().
2024-11-03 01:28:07 -05:00
select.c
select: Fix unbalanced user_access_end()
2025-01-13 16:24:16 +01:00
seq_file.c
fs: Reorganize kerneldoc parameter names
2024-10-22 11:16:57 +02:00
signalfd.c
make use of anon_inode_getfile_fmode()
2025-02-21 10:25:31 +01:00
splice.c
fs/splice: Use pipe_buf() helper to retrieve pipe buffer
2025-03-10 08:55:05 +01:00
stack.c
stat.c
fs/stat.c: avoid harmless garbage value problem in vfs_statx_path()
2025-02-07 10:27:24 +01:00
statfs.c
fdget_raw() users: switch to CLASS(fd_raw)
2024-11-03 01:28:06 -05:00
super.c
Merge tag 'vfs-6.15-rc1.misc' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs
2025-03-24 09:13:50 -07:00
sync.c
fdget(), trivial conversions
2024-11-03 01:28:06 -05:00
sysctls.c
treewide: const qualify ctl_tables where applicable
2025-01-28 13:48:37 +01:00
timerfd.c
Merge tag 'timers-cleanups-2025-03-23' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
2025-03-25 10:54:15 -07:00
userfaultfd.c
treewide: const qualify ctl_tables where applicable
2025-01-28 13:48:37 +01:00
utimes.c
fdget(), more trivial conversions
2024-11-03 01:28:06 -05:00
xattr.c
xattr: remove redundant check on variable err
2024-11-06 13:00:01 -05:00