On Tue, Jun 25, 2024 at 11:41:29AM -0700, Pei Li wrote: > This series fix the shift-out-of-bounds issue in > bch2_blacklist_entries_gc(). > > Instead of passing 0 to eytzinger0_first() when iterating the entries, > we explicitly check 0 and initialize i to be 0. > > syzbot has tested the proposed patch and the reproducer did not trigger > any issue: > > Reported-and-tested-by: [email protected] > Closes: https://syzkaller.appspot.com/bug?extid=835d255ad6bc7f29ee12 > Signed-off-by: Pei Li <[email protected]> > --- > Syzbot reported the following issue: > UBSAN: shift-out-of-bounds in ./include/linux/log2.h:67:13 > shift exponent 4294967295 is too large for 64-bit type 'long unsigned int' > > This is because 0 is passed to __rounddown_pow_of_two(), and -1 is > returned as an unsigned integer. In 32 bit system, it will become > 4294967295. > > This patch fixes the issue by adding check in > bch2_blacklist_entries_gc() to avoid passing 0 into eytzinger0_first(). > If we found out t->nr equals to 0, we directly use 0 to access the root > of the list.
Thanks! Applied
