From: Edward Adam Davis Date: Sat, 12 Apr 2025 05:07:18 +0000 (+0800) Subject: gfs2: check sb_min_blocksize return value X-Git-Tag: v6.16-rc1~212^2~19 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=27d2f101e7890b1f0d8d91f1bf041921f81d5a31;p=thirdparty%2Fkernel%2Flinux.git gfs2: check sb_min_blocksize return value Check the return value of sb_min_blocksize(): it will be 0 when the requested block size is invalid. In addition, check the return value of sb_set_blocksize() as well. Reported-by: syzbot+b0018b7468b2af33b4d5@syzkaller.appspotmail.com Signed-off-by: Edward Adam Davis Signed-off-by: Andreas Gruenbacher --- diff --git a/fs/gfs2/ops_fstype.c b/fs/gfs2/ops_fstype.c index 6ce475e1c6d64..ea5b3c5c6e1c0 100644 --- a/fs/gfs2/ops_fstype.c +++ b/fs/gfs2/ops_fstype.c @@ -489,7 +489,9 @@ static int init_sb(struct gfs2_sbd *sdp, int silent) sdp->sd_sb.sb_bsize, (unsigned int)PAGE_SIZE); goto out; } - sb_set_blocksize(sb, sdp->sd_sb.sb_bsize); + ret = -EINVAL; + if (!sb_set_blocksize(sb, sdp->sd_sb.sb_bsize)) + goto out; /* Get the root inode */ no_addr = sdp->sd_sb.sb_root_dir.no_addr; @@ -1158,6 +1160,9 @@ static int gfs2_fill_super(struct super_block *sb, struct fs_context *fc) /* Set up the buffer cache and fill in some fake block size values to allow us to read-in the on-disk superblock. */ sdp->sd_sb.sb_bsize = sb_min_blocksize(sb, 512); + error = -EINVAL; + if (!sdp->sd_sb.sb_bsize) + goto fail_free; sdp->sd_sb.sb_bsize_shift = sb->s_blocksize_bits; sdp->sd_fsb2bb_shift = sdp->sd_sb.sb_bsize_shift - 9; sdp->sd_fsb2bb = BIT(sdp->sd_fsb2bb_shift);