hamza.kesraoui/sst-linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
blatt A1
1,161,361 Commits 4 Branches 0 Tags 2.7 GiB
C 97.7%
Assembly 1.1%
Shell 0.5%
Makefile 0.3%
Python 0.1%
Other 0.1%
78f06805cf
Go to file
Roman Smirnov 78f06805cf jfs: add index corruption check to DT_GETPAGE() 
commit a8dfb2168906944ea61acfc87846b816eeab882d upstream.

If the file system is corrupted, the header.stblindex variable
may become greater than 127. Because of this, an array access out
of bounds may occur:

------------[ cut here ]------------
UBSAN: array-index-out-of-bounds in fs/jfs/jfs_dtree.c:3096:10
index 237 is out of range for type 'struct dtslot[128]'
CPU: 0 UID: 0 PID: 5822 Comm: syz-executor740 Not tainted 6.13.0-rc4-syzkaller-00110-g4099a71718b0 #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
Call Trace:
 <TASK>
 __dump_stack lib/dump_stack.c:94 [inline]
 dump_stack_lvl+0x241/0x360 lib/dump_stack.c:120
 ubsan_epilogue lib/ubsan.c:231 [inline]
 __ubsan_handle_out_of_bounds+0x121/0x150 lib/ubsan.c:429
 dtReadFirst+0x622/0xc50 fs/jfs/jfs_dtree.c:3096
 dtReadNext fs/jfs/jfs_dtree.c:3147 [inline]
 jfs_readdir+0x9aa/0x3c50 fs/jfs/jfs_dtree.c:2862
 wrap_directory_iterator+0x91/0xd0 fs/readdir.c:65
 iterate_dir+0x571/0x800 fs/readdir.c:108
 __do_sys_getdents64 fs/readdir.c:403 [inline]
 __se_sys_getdents64+0x1e2/0x4b0 fs/readdir.c:389
 do_syscall_x64 arch/x86/entry/common.c:52 [inline]
 do_syscall_64+0xf3/0x230 arch/x86/entry/common.c:83
 entry_SYSCALL_64_after_hwframe+0x77/0x7f
 </TASK>
---[ end trace ]---

Add a stblindex check for corruption.

Reported-by: syzbot <syzbot+9120834fc227768625ba@syzkaller.appspotmail.com>
Closes: https://syzkaller.appspot.com/bug?extid=9120834fc227768625ba
Fixes: 1da177e4c3 ("Linux-2.6.12-rc2")
Cc: stable@vger.kernel.org
Signed-off-by: Roman Smirnov <r.smirnov@omp.ru>
Signed-off-by: Dave Kleikamp <dave.kleikamp@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2025-04-10 14:33:43 +02:00
arch arm64: Don't call NULL in do_compat_alignment_fixup() 2025-04-10 14:33:43 +02:00
block block, bfq: fix re-introduced UAF in bic_set_bfqq() 2025-03-28 21:59:02 +01:00
certs certs: Fix build error when PKCS#11 URI contains semicolon 2023-02-09 11:28:11 +01:00
crypto crypto: api - Add crypto_clone_tfm 2024-12-14 19:53:51 +01:00
Documentation sched/isolation: Prevent boot crash when the boot CPU is nohz_full 2025-03-28 21:58:48 +01:00
drivers mmc: sdhci-omap: Disable MMC_CAP_AGGRESSIVE_PM for eMMC/SD 2025-04-10 14:33:42 +02:00
fs jfs: add index corruption check to DT_GETPAGE() 2025-04-10 14:33:43 +02:00
include rcu-tasks: Always inline rcu_irq_work_resched() 2025-04-10 14:33:38 +02:00
init rust: Disallow BTF generation with Rust + LTO 2025-03-28 21:58:57 +01:00
io_uring io_uring/filetable: ensure node switch is always done, if needed 2025-04-10 14:33:41 +02:00
ipc ipc: fix memleak if msg_init_ns failed in create_ipc_ns 2024-12-14 19:54:06 +01:00
kernel tracing/osnoise: Fix possible recursive locking for cpus_read_lock() 2025-04-10 14:33:43 +02:00
lib kunit/overflow: Fix UB in overflow_allocation_test 2025-04-10 14:33:42 +02:00
LICENSES LICENSES/LGPL-2.1: Add LGPL-2.1-or-later as valid identifiers 2021-12-16 14:33:10 +01:00
mm lockdep/mm: Fix might_fault() lockdep check of current->mm->mmap_lock 2025-04-10 14:33:30 +02:00
net ipv6: Do not consider link down nexthops in path selection 2025-04-10 14:33:41 +02:00
rust scripts: generate_rust_analyzer: provide cfgs for core and alloc 2025-03-28 21:58:57 +01:00
samples samples/landlock: Fix possible NULL dereference in parse_path() 2025-02-21 13:49:03 +01:00
scripts selinux: Chain up tool resolving errors in install_policy.sh 2025-04-10 14:33:30 +02:00
security smack: dont compile ipv6 code unless ipv6 is configured 2025-04-10 14:33:30 +02:00
sound ASoC: imx-card: Add NULL check in imx_card_probe() 2025-04-10 14:33:40 +02:00
tools perf tools: annotate asm_pure_loop.S 2025-04-10 14:33:37 +02:00
usr usr/gen_init_cpio.c: remove unnecessary -1 values from int file 2022-10-03 14:21:44 -07:00
virt KVM: Fix a data race on last_boosted_vcpu in kvm_vcpu_on_spin() 2024-06-27 13:46:21 +02:00
.clang-format inet: ping: use hlist_nulls rcu iterator during lookup 2022-12-01 12:42:46 +01:00
.cocciconfig scripts: add Linux .cocciconfig for coccinelle 2016-07-22 12:13:39 +02:00
.get_maintainer.ignore get_maintainer: add Alan to .get_maintainer.ignore 2022-08-20 15:17:44 -07:00
.gitattributes .gitattributes: use 'dts' diff driver for dts files 2019-12-04 19:44:11 -08:00
.gitignore Remove *.orig pattern from .gitignore 2024-10-17 15:21:15 +02:00
.mailmap 9 hotfixes. 6 for MM, 3 for other areas. Four of these patches address 2022-12-10 17:10:52 -08:00
.rustfmt.toml rust: add .rustfmt.toml 2022-09-28 09:02:20 +02:00
COPYING COPYING: state that all contributions really are covered by this file 2020-02-10 13:32:20 -08:00
CREDITS MAINTAINERS: Remove Michal Marek from Kbuild maintainers 2022-11-16 14:53:00 +09:00
Kbuild Kbuild updates for v6.1 2022-10-10 12:00:45 -07:00
Kconfig kbuild: ensure full rebuild when the compiler is updated 2020-05-12 13:28:33 +09:00
MAINTAINERS MAINTAINERS: add leah to 6.1 MAINTAINERS file 2024-05-17 11:56:16 +02:00
Makefile Linux 6.1.133 2025-04-07 10:05:46 +02:00
README Drop all 00-INDEX files from Documentation/ 2018-09-09 15:08:58 -06:00

README 

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.