<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux.git/fs/jfs, branch v6.13</title>
<subtitle>Linux kernel source tree</subtitle>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/'/>
<entry>
<title>Merge tag 'jfs-6.13' of github.com:kleikamp/linux-shaggy</title>
<updated>2024-11-21T17:59:59+00:00</updated>
<author>
<name>Linus Torvalds</name>
<email>torvalds@linux-foundation.org</email>
</author>
<published>2024-11-21T17:59:59+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=fc39fb56917bb3cb53e99560ca3612a84456ada2'/>
<id>fc39fb56917bb3cb53e99560ca3612a84456ada2</id>
<content type='text'>
Pull jfs updates from Dave Kleikamp:
 "A few more patches to add sanity checks in jfs"

* tag 'jfs-6.13' of github.com:kleikamp/linux-shaggy:
  jfs: add a check to prevent array-index-out-of-bounds in dbAdjTree
  jfs: xattr: check invalid xattr size more strictly
  jfs: fix array-index-out-of-bounds in jfs_readdir
  jfs: fix shift-out-of-bounds in dbSplit
  jfs: array-index-out-of-bounds fix in dtReadFirst
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Pull jfs updates from Dave Kleikamp:
 "A few more patches to add sanity checks in jfs"

* tag 'jfs-6.13' of github.com:kleikamp/linux-shaggy:
  jfs: add a check to prevent array-index-out-of-bounds in dbAdjTree
  jfs: xattr: check invalid xattr size more strictly
  jfs: fix array-index-out-of-bounds in jfs_readdir
  jfs: fix shift-out-of-bounds in dbSplit
  jfs: array-index-out-of-bounds fix in dtReadFirst
</pre>
</div>
</content>
</entry>
<entry>
<title>Merge tag 'vfs-6.13.mount.api' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs</title>
<updated>2024-11-18T17:33:34+00:00</updated>
<author>
<name>Linus Torvalds</name>
<email>torvalds@linux-foundation.org</email>
</author>
<published>2024-11-18T17:33:34+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=4eb98b7760e8078dbc984ee08b02b5b4c3cff088'/>
<id>4eb98b7760e8078dbc984ee08b02b5b4c3cff088</id>
<content type='text'>
Pull vfs mount api conversions from Christian Brauner:
 "Convert adfs, affs, befs, hfs, hfsplus, jfs, and hpfs to the new mount
  api"

* tag 'vfs-6.13.mount.api' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs:
  efs: fix the efs new mount api implementation
  ubifs: Convert ubifs to use the new mount API
  hpfs: convert hpfs to use the new mount api
  jfs: convert jfs to use the new mount api
  hfsplus: convert hfsplus to use the new mount api
  hfs: convert hfs to use the new mount api
  befs: convert befs to use the new mount api
  affs: convert affs to use the new mount api
  adfs: convert adfs to use the new mount api
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Pull vfs mount api conversions from Christian Brauner:
 "Convert adfs, affs, befs, hfs, hfsplus, jfs, and hpfs to the new mount
  api"

* tag 'vfs-6.13.mount.api' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs:
  efs: fix the efs new mount api implementation
  ubifs: Convert ubifs to use the new mount API
  hpfs: convert hpfs to use the new mount api
  jfs: convert jfs to use the new mount api
  hfsplus: convert hfsplus to use the new mount api
  hfs: convert hfs to use the new mount api
  befs: convert befs to use the new mount api
  affs: convert affs to use the new mount api
  adfs: convert adfs to use the new mount api
</pre>
</div>
</content>
</entry>
<entry>
<title>jfs: add a check to prevent array-index-out-of-bounds in dbAdjTree</title>
<updated>2024-10-29T22:43:41+00:00</updated>
<author>
<name>Nihar Chaithanya</name>
<email>niharchaithanya@gmail.com</email>
</author>
<published>2024-10-08T20:21:38+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=a174706ba4dad895c40b1d2277bade16dfacdcd9'/>
<id>a174706ba4dad895c40b1d2277bade16dfacdcd9</id>
<content type='text'>
When the value of lp is 0 at the beginning of the for loop, it will
become negative in the next assignment and we should bail out.

Reported-by: syzbot+412dea214d8baa3f7483@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=412dea214d8baa3f7483
Tested-by: syzbot+412dea214d8baa3f7483@syzkaller.appspotmail.com
Signed-off-by: Nihar Chaithanya &lt;niharchaithanya@gmail.com&gt;
Signed-off-by: Dave Kleikamp &lt;dave.kleikamp@oracle.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
When the value of lp is 0 at the beginning of the for loop, it will
become negative in the next assignment and we should bail out.

Reported-by: syzbot+412dea214d8baa3f7483@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=412dea214d8baa3f7483
Tested-by: syzbot+412dea214d8baa3f7483@syzkaller.appspotmail.com
Signed-off-by: Nihar Chaithanya &lt;niharchaithanya@gmail.com&gt;
Signed-off-by: Dave Kleikamp &lt;dave.kleikamp@oracle.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>jfs: xattr: check invalid xattr size more strictly</title>
<updated>2024-10-29T22:17:43+00:00</updated>
<author>
<name>Artem Sadovnikov</name>
<email>ancowi69@gmail.com</email>
</author>
<published>2024-10-05T10:06:57+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=d9f9d96136cba8fedd647d2c024342ce090133c2'/>
<id>d9f9d96136cba8fedd647d2c024342ce090133c2</id>
<content type='text'>
Commit 7c55b78818cf ("jfs: xattr: fix buffer overflow for invalid xattr")
also addresses this issue but it only fixes it for positive values, while
ea_size is an integer type and can take negative values, e.g. in case of
a corrupted filesystem. This still breaks validation and would overflow
because of implicit conversion from int to size_t in print_hex_dump().

Fix this issue by clamping the ea_size value instead.

Found by Linux Verification Center (linuxtesting.org) with Syzkaller.

Cc: stable@vger.kernel.org
Signed-off-by: Artem Sadovnikov &lt;ancowi69@gmail.com&gt;
Signed-off-by: Dave Kleikamp &lt;dave.kleikamp@oracle.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Commit 7c55b78818cf ("jfs: xattr: fix buffer overflow for invalid xattr")
also addresses this issue but it only fixes it for positive values, while
ea_size is an integer type and can take negative values, e.g. in case of
a corrupted filesystem. This still breaks validation and would overflow
because of implicit conversion from int to size_t in print_hex_dump().

Fix this issue by clamping the ea_size value instead.

Found by Linux Verification Center (linuxtesting.org) with Syzkaller.

Cc: stable@vger.kernel.org
Signed-off-by: Artem Sadovnikov &lt;ancowi69@gmail.com&gt;
Signed-off-by: Dave Kleikamp &lt;dave.kleikamp@oracle.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>jfs: fix array-index-out-of-bounds in jfs_readdir</title>
<updated>2024-10-29T22:03:41+00:00</updated>
<author>
<name>Ghanshyam Agrawal</name>
<email>ghanshyam1898@gmail.com</email>
</author>
<published>2024-10-01T06:05:47+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=839f102efb168f02dfdd46717b7c6dddb26b015e'/>
<id>839f102efb168f02dfdd46717b7c6dddb26b015e</id>
<content type='text'>
The stbl might contain some invalid values. Added a check to
return error code in that case.

Reported-by: syzbot+0315f8fe99120601ba88@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=0315f8fe99120601ba88
Signed-off-by: Ghanshyam Agrawal &lt;ghanshyam1898@gmail.com&gt;
Signed-off-by: Dave Kleikamp &lt;dave.kleikamp@oracle.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
The stbl might contain some invalid values. Added a check to
return error code in that case.

Reported-by: syzbot+0315f8fe99120601ba88@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=0315f8fe99120601ba88
Signed-off-by: Ghanshyam Agrawal &lt;ghanshyam1898@gmail.com&gt;
Signed-off-by: Dave Kleikamp &lt;dave.kleikamp@oracle.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>jfs: fix shift-out-of-bounds in dbSplit</title>
<updated>2024-10-29T21:53:18+00:00</updated>
<author>
<name>Ghanshyam Agrawal</name>
<email>ghanshyam1898@gmail.com</email>
</author>
<published>2024-09-30T08:12:18+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=a5f5e4698f8abbb25fe4959814093fb5bfa1aa9d'/>
<id>a5f5e4698f8abbb25fe4959814093fb5bfa1aa9d</id>
<content type='text'>
When dmt_budmin is less than zero, it causes errors
in the later stages. Added a check to return an error beforehand
in dbAllocCtl itself.

Reported-by: syzbot+b5ca8a249162c4b9a7d0@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=b5ca8a249162c4b9a7d0
Signed-off-by: Ghanshyam Agrawal &lt;ghanshyam1898@gmail.com&gt;
Signed-off-by: Dave Kleikamp &lt;dave.kleikamp@oracle.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
When dmt_budmin is less than zero, it causes errors
in the later stages. Added a check to return an error beforehand
in dbAllocCtl itself.

Reported-by: syzbot+b5ca8a249162c4b9a7d0@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=b5ca8a249162c4b9a7d0
Signed-off-by: Ghanshyam Agrawal &lt;ghanshyam1898@gmail.com&gt;
Signed-off-by: Dave Kleikamp &lt;dave.kleikamp@oracle.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>jfs: array-index-out-of-bounds fix in dtReadFirst</title>
<updated>2024-10-29T21:13:36+00:00</updated>
<author>
<name>Ghanshyam Agrawal</name>
<email>ghanshyam1898@gmail.com</email>
</author>
<published>2024-09-28T08:37:22+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=ca84a2c9be482836b86d780244f0357e5a778c46'/>
<id>ca84a2c9be482836b86d780244f0357e5a778c46</id>
<content type='text'>
The value of stbl can be sometimes out of bounds due
to a bad filesystem. Added a check with appopriate return
of error code in that case.

Reported-by: syzbot+65fa06e29859e41a83f3@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=65fa06e29859e41a83f3
Signed-off-by: Ghanshyam Agrawal &lt;ghanshyam1898@gmail.com&gt;
Signed-off-by: Dave Kleikamp &lt;dave.kleikamp@oracle.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
The value of stbl can be sometimes out of bounds due
to a bad filesystem. Added a check with appopriate return
of error code in that case.

Reported-by: syzbot+65fa06e29859e41a83f3@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=65fa06e29859e41a83f3
Signed-off-by: Ghanshyam Agrawal &lt;ghanshyam1898@gmail.com&gt;
Signed-off-by: Dave Kleikamp &lt;dave.kleikamp@oracle.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>jfs: Fix sanity check in dbMount</title>
<updated>2024-10-22T14:40:37+00:00</updated>
<author>
<name>Dave Kleikamp</name>
<email>dave.kleikamp@oracle.com</email>
</author>
<published>2024-10-22T14:40:37+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=67373ca8404fe57eb1bb4b57f314cff77ce54932'/>
<id>67373ca8404fe57eb1bb4b57f314cff77ce54932</id>
<content type='text'>
MAXAG is a legitimate value for bmp-&gt;db_numag

Fixes: e63866a47556 ("jfs: fix out-of-bounds in dbNextAG() and diAlloc()")

Signed-off-by: Dave Kleikamp &lt;dave.kleikamp@oracle.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
MAXAG is a legitimate value for bmp-&gt;db_numag

Fixes: e63866a47556 ("jfs: fix out-of-bounds in dbNextAG() and diAlloc()")

Signed-off-by: Dave Kleikamp &lt;dave.kleikamp@oracle.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>jfs: convert jfs to use the new mount api</title>
<updated>2024-10-08T12:41:53+00:00</updated>
<author>
<name>Eric Sandeen</name>
<email>sandeen@redhat.com</email>
</author>
<published>2024-09-26T17:19:46+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=945be8ca819e8a1fa2e2f2132475261b26c4f817'/>
<id>945be8ca819e8a1fa2e2f2132475261b26c4f817</id>
<content type='text'>
Convert the jfs filesystem to use the new mount API.
Tested by comparing random mount &amp; remount options before and after
the change.

Signed-off-by: Eric Sandeen &lt;sandeen@redhat.com&gt;
Link: https://lore.kernel.org/r/20240926171947.682881-1-sandeen@redhat.com
Signed-off-by: Christian Brauner &lt;brauner@kernel.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Convert the jfs filesystem to use the new mount API.
Tested by comparing random mount &amp; remount options before and after
the change.

Signed-off-by: Eric Sandeen &lt;sandeen@redhat.com&gt;
Link: https://lore.kernel.org/r/20240926171947.682881-1-sandeen@redhat.com
Signed-off-by: Christian Brauner &lt;brauner@kernel.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>Merge tag 'jfs-6.12' of github.com:kleikamp/linux-shaggy</title>
<updated>2024-09-19T04:38:43+00:00</updated>
<author>
<name>Linus Torvalds</name>
<email>torvalds@linux-foundation.org</email>
</author>
<published>2024-09-19T04:38:43+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=cc3804443b4b367aba9eed58bb98959376bce1d1'/>
<id>cc3804443b4b367aba9eed58bb98959376bce1d1</id>
<content type='text'>
Pull jfs updates from David Kleikamp:
 "A few fixes for jfs"

* tag 'jfs-6.12' of github.com:kleikamp/linux-shaggy:
  jfs: Fix uninit-value access of new_ea in ea_buffer
  jfs: check if leafidx greater than num leaves per dmap tree
  jfs: Fix uaf in dbFreeBits
  jfs: fix out-of-bounds in dbNextAG() and diAlloc()
  jfs: UBSAN: shift-out-of-bounds in dbFindBits
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Pull jfs updates from David Kleikamp:
 "A few fixes for jfs"

* tag 'jfs-6.12' of github.com:kleikamp/linux-shaggy:
  jfs: Fix uninit-value access of new_ea in ea_buffer
  jfs: check if leafidx greater than num leaves per dmap tree
  jfs: Fix uaf in dbFreeBits
  jfs: fix out-of-bounds in dbNextAG() and diAlloc()
  jfs: UBSAN: shift-out-of-bounds in dbFindBits
</pre>
</div>
</content>
</entry>
</feed>
