From: Pei Li peili.dev@gmail.com
commit 7063b80268e2593e58bee8a8d709c2f3ff93e2f2 upstream.
When searching for the next smaller log2 block, BLKSTOL2() returned 0, causing shift exponent -1 to be negative.
This patch fixes the issue by exiting the loop directly when negative shift is found.
Reported-by: syzbot+61be3359d2ee3467e7e4@syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=61be3359d2ee3467e7e4 Signed-off-by: Pei Li peili.dev@gmail.com Signed-off-by: Dave Kleikamp dave.kleikamp@oracle.com Signed-off-by: Zhi Yang Zhi.Yang@windriver.com Signed-off-by: He Zhe zhe.he@windriver.com --- Build test passed. --- fs/jfs/jfs_dmap.c | 2 ++ 1 file changed, 2 insertions(+)
diff --git a/fs/jfs/jfs_dmap.c b/fs/jfs/jfs_dmap.c index e6cbe4c982c5..0d314fac32ca 100644 --- a/fs/jfs/jfs_dmap.c +++ b/fs/jfs/jfs_dmap.c @@ -1694,6 +1694,8 @@ s64 dbDiscardAG(struct inode *ip, int agno, s64 minlen) } else if (rc == -ENOSPC) { /* search for next smaller log2 block */ l2nb = BLKSTOL2(nblocks) - 1; + if (unlikely(l2nb < 0)) + break; nblocks = 1LL << l2nb; } else { /* Trim any already allocated blocks */
[ Sasha's backport helper bot ]
Hi,
✅ All tests passed successfully. No issues detected. No action required from the submitter.
The upstream commit SHA1 provided is correct: 7063b80268e2593e58bee8a8d709c2f3ff93e2f2
WARNING: Author mismatch between patch and upstream commit: Backport author: Zhi YangZhi.Yang@eng.windriver.com Commit author: Pei Lipeili.dev@gmail.com
Status in newer kernel trees: 6.14.y | Present (exact SHA1) 6.13.y | Present (exact SHA1) 6.12.y | Present (exact SHA1) 6.6.y | Present (different SHA1: f650148b4394) 6.1.y | Present (different SHA1: bd04a149e3a2)
Note: The patch differs from the upstream commit: --- 1: 7063b80268e25 ! 1: d8916f054bb95 jfs: Fix shift-out-of-bounds in dbDiscardAG @@ Metadata ## Commit message ## jfs: Fix shift-out-of-bounds in dbDiscardAG
+ commit 7063b80268e2593e58bee8a8d709c2f3ff93e2f2 upstream. + When searching for the next smaller log2 block, BLKSTOL2() returned 0, causing shift exponent -1 to be negative.
@@ Commit message Closes: https://syzkaller.appspot.com/bug?extid=61be3359d2ee3467e7e4 Signed-off-by: Pei Li peili.dev@gmail.com Signed-off-by: Dave Kleikamp dave.kleikamp@oracle.com + Signed-off-by: Zhi Yang Zhi.Yang@windriver.com + Signed-off-by: He Zhe zhe.he@windriver.com
## fs/jfs/jfs_dmap.c ## @@ fs/jfs/jfs_dmap.c: s64 dbDiscardAG(struct inode *ip, int agno, s64 minlen) ---
Results of testing on various branches:
| Branch | Patch Apply | Build Test | |---------------------------|-------------|------------| | stable/linux-5.15.y | Success | Success |
linux-stable-mirror@lists.linaro.org
-
Sasha Levin -
Zhi Yang