Hello Ivan,
On Wed, Mar 15, 2023 at 10:06 AM Ivan Orlov wrote:
> Syzkaller reported the following issue:
>
> UBSAN: array-index-out-of-bounds in fs/gfs2/bmap.c:901:46
> index 11 is out of range for type 'u64 [11]'
> CPU: 0 PID: 5067 Comm: syz-executor164 Not tainted
>
The maximum allowed height of an inode's metadata tree depends on the
filesystem block size; it is lower for bigger-block filesystems. When
reading in an inode, make sure that the height doesn't exceed the
maximum allowed height.
Arrays like sd_heightsize are sized to be big enough for any
On Tue, Mar 14, 2023 at 2:18 PM Andrew Price wrote:
> Some trivial cleanups from my O_TMPFILE branch. That work isn't ready
> yet but there was no reason not to send these patches.
Applied, thanks.
Andreas
Kernel bug in iomap_read_inline_data() fixed by the following patch is hit
on older stables 4.19/5.4/5.10.
The patch failed to be initially backported into stable branches older
than 5.15 due to the upstream commit 7db35ad8 ("gfs2: Cosmetic
gfs2_dinode_{in,out} cleanup").
Now it can be
commit 70376c7ff31221f1d21db5611d8209e677781d3a upstream.
Check if the inode size of stuffed (inline) inodes is within the allowed
range when reading inodes from disk (gfs2_dinode_in()). This prevents
us from on-disk corruption.
The two checks in stuffed_readpage() and gfs2_unstuffer_page()
From: Andreas Gruenbacher
commit 70376c7ff31221f1d21db5611d8209e677781d3a upstream.
Check if the inode size of stuffed (inline) inodes is within the allowed
range when reading inodes from disk (gfs2_dinode_in()). This prevents
us from on-disk corruption.
The two checks in stuffed_readpage()
syzbot suspects this issue was fixed by commit:
commit b66f723bb552ad59c2acb5d45ea45c890f84498b
Author: Andreas Gruenbacher
Date: Tue Jan 31 14:06:53 2023 +
gfs2: Improve gfs2_make_fs_rw error handling
bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=117e2e29c8
start