<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux.git/fs/jfs, branch v6.14</title>
<subtitle>Linux kernel source tree</subtitle>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/'/>
<entry>
<title>Pass parent directory inode and expected name to -&gt;d_revalidate()</title>
<updated>2025-01-28T00:25:23+00:00</updated>
<author>
<name>Al Viro</name>
<email>viro@zeniv.linux.org.uk</email>
</author>
<published>2024-12-08T05:28:51+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=5be1fa8abd7b049f51e6e98e75a37eef5ae2c296'/>
<id>5be1fa8abd7b049f51e6e98e75a37eef5ae2c296</id>
<content type='text'>
-&gt;d_revalidate() often needs to access dentry parent and name; that has
to be done carefully, since the locking environment varies from caller
to caller.  We are not guaranteed that dentry in question will not be
moved right under us - not unless the filesystem is such that nothing
on it ever gets renamed.

It can be dealt with, but that results in boilerplate code that isn't
even needed - the callers normally have just found the dentry via dcache
lookup and want to verify that it's in the right place; they already
have the values of -&gt;d_parent and -&gt;d_name stable.  There is a couple
of exceptions (overlayfs and, to less extent, ecryptfs), but for the
majority of calls that song and dance is not needed at all.

It's easier to make ecryptfs and overlayfs find and pass those values if
there's a -&gt;d_revalidate() instance to be called, rather than doing that
in the instances.

This commit only changes the calling conventions; making use of supplied
values is left to followups.

NOTE: some instances need more than just the parent - things like CIFS
may need to build an entire path from filesystem root, so they need
more precautions than the usual boilerplate.  This series doesn't
do anything to that need - these filesystems have to keep their locking
mechanisms (rename_lock loops, use of dentry_path_raw(), private rwsem
a-la v9fs).

One thing to keep in mind when using name is that name-&gt;name will normally
point into the pathname being resolved; the filename in question occupies
name-&gt;len bytes starting at name-&gt;name, and there is NUL somewhere after it,
but it the next byte might very well be '/' rather than '\0'.  Do not
ignore name-&gt;len.

Reviewed-by: Jeff Layton &lt;jlayton@kernel.org&gt;
Reviewed-by: Gabriel Krisman Bertazi &lt;gabriel@krisman.be&gt;
Signed-off-by: Al Viro &lt;viro@zeniv.linux.org.uk&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
-&gt;d_revalidate() often needs to access dentry parent and name; that has
to be done carefully, since the locking environment varies from caller
to caller.  We are not guaranteed that dentry in question will not be
moved right under us - not unless the filesystem is such that nothing
on it ever gets renamed.

It can be dealt with, but that results in boilerplate code that isn't
even needed - the callers normally have just found the dentry via dcache
lookup and want to verify that it's in the right place; they already
have the values of -&gt;d_parent and -&gt;d_name stable.  There is a couple
of exceptions (overlayfs and, to less extent, ecryptfs), but for the
majority of calls that song and dance is not needed at all.

It's easier to make ecryptfs and overlayfs find and pass those values if
there's a -&gt;d_revalidate() instance to be called, rather than doing that
in the instances.

This commit only changes the calling conventions; making use of supplied
values is left to followups.

NOTE: some instances need more than just the parent - things like CIFS
may need to build an entire path from filesystem root, so they need
more precautions than the usual boilerplate.  This series doesn't
do anything to that need - these filesystems have to keep their locking
mechanisms (rename_lock loops, use of dentry_path_raw(), private rwsem
a-la v9fs).

One thing to keep in mind when using name is that name-&gt;name will normally
point into the pathname being resolved; the filename in question occupies
name-&gt;len bytes starting at name-&gt;name, and there is NUL somewhere after it,
but it the next byte might very well be '/' rather than '\0'.  Do not
ignore name-&gt;len.

Reviewed-by: Jeff Layton &lt;jlayton@kernel.org&gt;
Reviewed-by: Gabriel Krisman Bertazi &lt;gabriel@krisman.be&gt;
Signed-off-by: Al Viro &lt;viro@zeniv.linux.org.uk&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>Merge tag 'jfs-6.13' of github.com:kleikamp/linux-shaggy</title>
<updated>2024-11-21T17:59:59+00:00</updated>
<author>
<name>Linus Torvalds</name>
<email>torvalds@linux-foundation.org</email>
</author>
<published>2024-11-21T17:59:59+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=fc39fb56917bb3cb53e99560ca3612a84456ada2'/>
<id>fc39fb56917bb3cb53e99560ca3612a84456ada2</id>
<content type='text'>
Pull jfs updates from Dave Kleikamp:
 "A few more patches to add sanity checks in jfs"

* tag 'jfs-6.13' of github.com:kleikamp/linux-shaggy:
  jfs: add a check to prevent array-index-out-of-bounds in dbAdjTree
  jfs: xattr: check invalid xattr size more strictly
  jfs: fix array-index-out-of-bounds in jfs_readdir
  jfs: fix shift-out-of-bounds in dbSplit
  jfs: array-index-out-of-bounds fix in dtReadFirst
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Pull jfs updates from Dave Kleikamp:
 "A few more patches to add sanity checks in jfs"

* tag 'jfs-6.13' of github.com:kleikamp/linux-shaggy:
  jfs: add a check to prevent array-index-out-of-bounds in dbAdjTree
  jfs: xattr: check invalid xattr size more strictly
  jfs: fix array-index-out-of-bounds in jfs_readdir
  jfs: fix shift-out-of-bounds in dbSplit
  jfs: array-index-out-of-bounds fix in dtReadFirst
</pre>
</div>
</content>
</entry>
<entry>
<title>Merge tag 'vfs-6.13.mount.api' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs</title>
<updated>2024-11-18T17:33:34+00:00</updated>
<author>
<name>Linus Torvalds</name>
<email>torvalds@linux-foundation.org</email>
</author>
<published>2024-11-18T17:33:34+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=4eb98b7760e8078dbc984ee08b02b5b4c3cff088'/>
<id>4eb98b7760e8078dbc984ee08b02b5b4c3cff088</id>
<content type='text'>
Pull vfs mount api conversions from Christian Brauner:
 "Convert adfs, affs, befs, hfs, hfsplus, jfs, and hpfs to the new mount
  api"

* tag 'vfs-6.13.mount.api' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs:
  efs: fix the efs new mount api implementation
  ubifs: Convert ubifs to use the new mount API
  hpfs: convert hpfs to use the new mount api
  jfs: convert jfs to use the new mount api
  hfsplus: convert hfsplus to use the new mount api
  hfs: convert hfs to use the new mount api
  befs: convert befs to use the new mount api
  affs: convert affs to use the new mount api
  adfs: convert adfs to use the new mount api
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Pull vfs mount api conversions from Christian Brauner:
 "Convert adfs, affs, befs, hfs, hfsplus, jfs, and hpfs to the new mount
  api"

* tag 'vfs-6.13.mount.api' of git://git.kernel.org/pub/scm/linux/kernel/git/vfs/vfs:
  efs: fix the efs new mount api implementation
  ubifs: Convert ubifs to use the new mount API
  hpfs: convert hpfs to use the new mount api
  jfs: convert jfs to use the new mount api
  hfsplus: convert hfsplus to use the new mount api
  hfs: convert hfs to use the new mount api
  befs: convert befs to use the new mount api
  affs: convert affs to use the new mount api
  adfs: convert adfs to use the new mount api
</pre>
</div>
</content>
</entry>
<entry>
<title>jfs: add a check to prevent array-index-out-of-bounds in dbAdjTree</title>
<updated>2024-10-29T22:43:41+00:00</updated>
<author>
<name>Nihar Chaithanya</name>
<email>niharchaithanya@gmail.com</email>
</author>
<published>2024-10-08T20:21:38+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=a174706ba4dad895c40b1d2277bade16dfacdcd9'/>
<id>a174706ba4dad895c40b1d2277bade16dfacdcd9</id>
<content type='text'>
When the value of lp is 0 at the beginning of the for loop, it will
become negative in the next assignment and we should bail out.

Reported-by: syzbot+412dea214d8baa3f7483@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=412dea214d8baa3f7483
Tested-by: syzbot+412dea214d8baa3f7483@syzkaller.appspotmail.com
Signed-off-by: Nihar Chaithanya &lt;niharchaithanya@gmail.com&gt;
Signed-off-by: Dave Kleikamp &lt;dave.kleikamp@oracle.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
When the value of lp is 0 at the beginning of the for loop, it will
become negative in the next assignment and we should bail out.

Reported-by: syzbot+412dea214d8baa3f7483@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=412dea214d8baa3f7483
Tested-by: syzbot+412dea214d8baa3f7483@syzkaller.appspotmail.com
Signed-off-by: Nihar Chaithanya &lt;niharchaithanya@gmail.com&gt;
Signed-off-by: Dave Kleikamp &lt;dave.kleikamp@oracle.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>jfs: xattr: check invalid xattr size more strictly</title>
<updated>2024-10-29T22:17:43+00:00</updated>
<author>
<name>Artem Sadovnikov</name>
<email>ancowi69@gmail.com</email>
</author>
<published>2024-10-05T10:06:57+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=d9f9d96136cba8fedd647d2c024342ce090133c2'/>
<id>d9f9d96136cba8fedd647d2c024342ce090133c2</id>
<content type='text'>
Commit 7c55b78818cf ("jfs: xattr: fix buffer overflow for invalid xattr")
also addresses this issue but it only fixes it for positive values, while
ea_size is an integer type and can take negative values, e.g. in case of
a corrupted filesystem. This still breaks validation and would overflow
because of implicit conversion from int to size_t in print_hex_dump().

Fix this issue by clamping the ea_size value instead.

Found by Linux Verification Center (linuxtesting.org) with Syzkaller.

Cc: stable@vger.kernel.org
Signed-off-by: Artem Sadovnikov &lt;ancowi69@gmail.com&gt;
Signed-off-by: Dave Kleikamp &lt;dave.kleikamp@oracle.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Commit 7c55b78818cf ("jfs: xattr: fix buffer overflow for invalid xattr")
also addresses this issue but it only fixes it for positive values, while
ea_size is an integer type and can take negative values, e.g. in case of
a corrupted filesystem. This still breaks validation and would overflow
because of implicit conversion from int to size_t in print_hex_dump().

Fix this issue by clamping the ea_size value instead.

Found by Linux Verification Center (linuxtesting.org) with Syzkaller.

Cc: stable@vger.kernel.org
Signed-off-by: Artem Sadovnikov &lt;ancowi69@gmail.com&gt;
Signed-off-by: Dave Kleikamp &lt;dave.kleikamp@oracle.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>jfs: fix array-index-out-of-bounds in jfs_readdir</title>
<updated>2024-10-29T22:03:41+00:00</updated>
<author>
<name>Ghanshyam Agrawal</name>
<email>ghanshyam1898@gmail.com</email>
</author>
<published>2024-10-01T06:05:47+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=839f102efb168f02dfdd46717b7c6dddb26b015e'/>
<id>839f102efb168f02dfdd46717b7c6dddb26b015e</id>
<content type='text'>
The stbl might contain some invalid values. Added a check to
return error code in that case.

Reported-by: syzbot+0315f8fe99120601ba88@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=0315f8fe99120601ba88
Signed-off-by: Ghanshyam Agrawal &lt;ghanshyam1898@gmail.com&gt;
Signed-off-by: Dave Kleikamp &lt;dave.kleikamp@oracle.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
The stbl might contain some invalid values. Added a check to
return error code in that case.

Reported-by: syzbot+0315f8fe99120601ba88@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=0315f8fe99120601ba88
Signed-off-by: Ghanshyam Agrawal &lt;ghanshyam1898@gmail.com&gt;
Signed-off-by: Dave Kleikamp &lt;dave.kleikamp@oracle.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>jfs: fix shift-out-of-bounds in dbSplit</title>
<updated>2024-10-29T21:53:18+00:00</updated>
<author>
<name>Ghanshyam Agrawal</name>
<email>ghanshyam1898@gmail.com</email>
</author>
<published>2024-09-30T08:12:18+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=a5f5e4698f8abbb25fe4959814093fb5bfa1aa9d'/>
<id>a5f5e4698f8abbb25fe4959814093fb5bfa1aa9d</id>
<content type='text'>
When dmt_budmin is less than zero, it causes errors
in the later stages. Added a check to return an error beforehand
in dbAllocCtl itself.

Reported-by: syzbot+b5ca8a249162c4b9a7d0@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=b5ca8a249162c4b9a7d0
Signed-off-by: Ghanshyam Agrawal &lt;ghanshyam1898@gmail.com&gt;
Signed-off-by: Dave Kleikamp &lt;dave.kleikamp@oracle.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
When dmt_budmin is less than zero, it causes errors
in the later stages. Added a check to return an error beforehand
in dbAllocCtl itself.

Reported-by: syzbot+b5ca8a249162c4b9a7d0@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=b5ca8a249162c4b9a7d0
Signed-off-by: Ghanshyam Agrawal &lt;ghanshyam1898@gmail.com&gt;
Signed-off-by: Dave Kleikamp &lt;dave.kleikamp@oracle.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>jfs: array-index-out-of-bounds fix in dtReadFirst</title>
<updated>2024-10-29T21:13:36+00:00</updated>
<author>
<name>Ghanshyam Agrawal</name>
<email>ghanshyam1898@gmail.com</email>
</author>
<published>2024-09-28T08:37:22+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=ca84a2c9be482836b86d780244f0357e5a778c46'/>
<id>ca84a2c9be482836b86d780244f0357e5a778c46</id>
<content type='text'>
The value of stbl can be sometimes out of bounds due
to a bad filesystem. Added a check with appopriate return
of error code in that case.

Reported-by: syzbot+65fa06e29859e41a83f3@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=65fa06e29859e41a83f3
Signed-off-by: Ghanshyam Agrawal &lt;ghanshyam1898@gmail.com&gt;
Signed-off-by: Dave Kleikamp &lt;dave.kleikamp@oracle.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
The value of stbl can be sometimes out of bounds due
to a bad filesystem. Added a check with appopriate return
of error code in that case.

Reported-by: syzbot+65fa06e29859e41a83f3@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=65fa06e29859e41a83f3
Signed-off-by: Ghanshyam Agrawal &lt;ghanshyam1898@gmail.com&gt;
Signed-off-by: Dave Kleikamp &lt;dave.kleikamp@oracle.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>jfs: Fix sanity check in dbMount</title>
<updated>2024-10-22T14:40:37+00:00</updated>
<author>
<name>Dave Kleikamp</name>
<email>dave.kleikamp@oracle.com</email>
</author>
<published>2024-10-22T14:40:37+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=67373ca8404fe57eb1bb4b57f314cff77ce54932'/>
<id>67373ca8404fe57eb1bb4b57f314cff77ce54932</id>
<content type='text'>
MAXAG is a legitimate value for bmp-&gt;db_numag

Fixes: e63866a47556 ("jfs: fix out-of-bounds in dbNextAG() and diAlloc()")

Signed-off-by: Dave Kleikamp &lt;dave.kleikamp@oracle.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
MAXAG is a legitimate value for bmp-&gt;db_numag

Fixes: e63866a47556 ("jfs: fix out-of-bounds in dbNextAG() and diAlloc()")

Signed-off-by: Dave Kleikamp &lt;dave.kleikamp@oracle.com&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>jfs: convert jfs to use the new mount api</title>
<updated>2024-10-08T12:41:53+00:00</updated>
<author>
<name>Eric Sandeen</name>
<email>sandeen@redhat.com</email>
</author>
<published>2024-09-26T17:19:46+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=945be8ca819e8a1fa2e2f2132475261b26c4f817'/>
<id>945be8ca819e8a1fa2e2f2132475261b26c4f817</id>
<content type='text'>
Convert the jfs filesystem to use the new mount API.
Tested by comparing random mount &amp; remount options before and after
the change.

Signed-off-by: Eric Sandeen &lt;sandeen@redhat.com&gt;
Link: https://lore.kernel.org/r/20240926171947.682881-1-sandeen@redhat.com
Signed-off-by: Christian Brauner &lt;brauner@kernel.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Convert the jfs filesystem to use the new mount API.
Tested by comparing random mount &amp; remount options before and after
the change.

Signed-off-by: Eric Sandeen &lt;sandeen@redhat.com&gt;
Link: https://lore.kernel.org/r/20240926171947.682881-1-sandeen@redhat.com
Signed-off-by: Christian Brauner &lt;brauner@kernel.org&gt;
</pre>
</div>
</content>
</entry>
</feed>
