git.ipfire.org Git - thirdparty/kernel/linux.git/commit

author	Yun Zhou <yun.zhou@windriver.com>
	Thu, 20 Nov 2025 15:44:00 +0000 (23:44 +0800)
committer	Dave Kleikamp <dave.kleikamp@oracle.com>
	Wed, 11 Mar 2026 15:57:52 +0000 (10:57 -0500)
commit	119e448bb50a5b2626e248c01f439095766e248b
tree	349d72d2408706ac125de3f971272e72bcbfa360	tree \| snapshot
parent	c83abc766aeb153e69cb46363bf7c9de0c9f3268	commit \| diff

jfs: add dtpage integrity check to prevent index/pointer overflows

Add check_dtpage() to validate dtpage_t integrity, focusing on
preventing index/pointer overflows from on-disk corruption.

Key checks:
- maxslot must be exactly DTPAGEMAXSLOT (128) as defined for dtpage
  slot array.
- freecnt bounded by [0, DTPAGEMAXSLOT-1] (slot[0] reserved for header).
- freelist validity: -1 when freecnt=0; 1~DTPAGEMAXSLOT-1 when non-zero,
  with linked list checks (no duplicates, proper termination via next=-1).
- stblindex bounds: must be within range that avoids overlapping with
  stbl itself (stblindex < DTPAGEMAXSLOT - stblsize).
- nextindex bounded by stbl size (stblsize << L2DTSLOTSIZE). stbl entries
  validity: within 1~DTPAGEMAXSLOT-1, no duplicates(excluding invalid
  entries marked as -1).

Invoked when loading dtpage (in BT_GETPAGE macro context) to catch
corruption early before directory operations trigger out-of-bounds access.

Signed-off-by: Yun Zhou <yun.zhou@windriver.com>
Signed-off-by: Dave Kleikamp <dave.kleikamp@oracle.com>

fs/jfs/jfs_dtree.c		diff \| blob \| blame \| history
fs/jfs/jfs_dtree.h		diff \| blob \| blame \| history