diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2022-03-29 18:17:30 -0700 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2022-03-29 18:17:30 -0700 |
| commit | 1ec48f95519bd3e920536118e8ddd30e28cde4ab (patch) | |
| tree | 481a7d8b78b981e1ae3c4a0b88bd09a6a8fcc928 | |
| parent | 1c24a186398f59c80adb9a967486b65c1423a59d (diff) | |
| parent | a53046291020ec41e09181396c1e829287b48d47 (diff) | |
| download | linux-1ec48f95519bd3e920536118e8ddd30e28cde4ab.tar.gz | |
Merge tag 'jfs-5.18' of https://github.com/kleikamp/linux-shaggy
Pull jfs updates from Dave Kleikamp:
"A couple bug fixes"
* tag 'jfs-5.18' of https://github.com/kleikamp/linux-shaggy:
jfs: prevent NULL deref in diFree
jfs: fix divide error in dbNextAG
| -rw-r--r-- | fs/jfs/inode.c | 3 | ||||
| -rw-r--r-- | fs/jfs/jfs_dmap.c | 7 |
2 files changed, 9 insertions, 1 deletions
diff --git a/fs/jfs/inode.c b/fs/jfs/inode.c index 27be2e8ba237ec..d1943a7b4b0407 100644 --- a/fs/jfs/inode.c +++ b/fs/jfs/inode.c @@ -146,12 +146,13 @@ void jfs_evict_inode(struct inode *inode) dquot_initialize(inode); if (JFS_IP(inode)->fileset == FILESYSTEM_I) { + struct inode *ipimap = JFS_SBI(inode->i_sb)->ipimap; truncate_inode_pages_final(&inode->i_data); if (test_cflag(COMMIT_Freewmap, inode)) jfs_free_zero_link(inode); - if (JFS_SBI(inode->i_sb)->ipimap) + if (ipimap && JFS_IP(ipimap)->i_imap) diFree(inode); /* diff --git a/fs/jfs/jfs_dmap.c b/fs/jfs/jfs_dmap.c index 91f4ec93dab1ff..d8502f4989d9d4 100644 --- a/fs/jfs/jfs_dmap.c +++ b/fs/jfs/jfs_dmap.c @@ -148,6 +148,7 @@ static const s8 budtab[256] = { * 0 - success * -ENOMEM - insufficient memory * -EIO - i/o error + * -EINVAL - wrong bmap data */ int dbMount(struct inode *ipbmap) { @@ -179,6 +180,12 @@ int dbMount(struct inode *ipbmap) bmp->db_nfree = le64_to_cpu(dbmp_le->dn_nfree); bmp->db_l2nbperpage = le32_to_cpu(dbmp_le->dn_l2nbperpage); bmp->db_numag = le32_to_cpu(dbmp_le->dn_numag); + if (!bmp->db_numag) { + release_metapage(mp); + kfree(bmp); + return -EINVAL; + } + bmp->db_maxlevel = le32_to_cpu(dbmp_le->dn_maxlevel); bmp->db_maxag = le32_to_cpu(dbmp_le->dn_maxag); bmp->db_agpref = le32_to_cpu(dbmp_le->dn_agpref); |