From: Andreas Gruenbacher Date: Mon, 27 Mar 2023 22:43:16 +0000 (+0200) Subject: gfs2: Fix inode height consistency check X-Git-Tag: baikal/aarch64/sdk5.10~131 X-Git-Url: https://git.baikalelectronics.ru/?a=commitdiff_plain;h=f97806e1db201b3d41a35cd8d38a08b41e284c53;p=kernel.git gfs2: Fix inode height consistency check [ Upstream commit cfcdb5bad34f600aed7613c3c1a5e618111f77b7 ] The maximum allowed height of an inode's metadata tree depends on the filesystem block size; it is lower for bigger-block filesystems. When reading in an inode, make sure that the height doesn't exceed the maximum allowed height. Arrays like sd_heightsize are sized to be big enough for any filesystem block size; they will often be slightly bigger than what's needed for a specific filesystem. Reported-by: syzbot+45d4691b1ed3c48eba05@syzkaller.appspotmail.com Signed-off-by: Andreas Gruenbacher Signed-off-by: Sasha Levin --- diff --git a/fs/gfs2/glops.c b/fs/gfs2/glops.c index 69106a1545fad..092223a8b1201 100644 --- a/fs/gfs2/glops.c +++ b/fs/gfs2/glops.c @@ -362,6 +362,7 @@ static int inode_go_demote_ok(const struct gfs2_glock *gl) static int gfs2_dinode_in(struct gfs2_inode *ip, const void *buf) { + struct gfs2_sbd *sdp = GFS2_SB(&ip->i_inode); const struct gfs2_dinode *str = buf; struct timespec64 atime; u16 height, depth; @@ -401,7 +402,7 @@ static int gfs2_dinode_in(struct gfs2_inode *ip, const void *buf) /* i_diskflags and i_eattr must be set before gfs2_set_inode_flags() */ gfs2_set_inode_flags(&ip->i_inode); height = be16_to_cpu(str->di_height); - if (unlikely(height > GFS2_MAX_META_HEIGHT)) + if (unlikely(height > sdp->sd_max_height)) goto corrupt; ip->i_height = (u8)height;