Re: [PATCH] jfs: Fix array-index-out-of-bounds in diFree

From: Matthew Wilcox
Date: Thu Apr 25 2024 - 08:54:50 EST

Next message: liulongfang: "Re: [PATCH v5 4/5] hisi_acc_vfio_pci: register debugfs for hisilicon migration driver"
Previous message: Wei Wang: "[PATCH v3 2/3] KVM: x86: Introduce KVM_X86_CALL() to simplify static calls of kvm_x86_ops"
In reply to: Jeongjun Park: "Re: [PATCH] jfs: Fix array-index-out-of-bounds in diFree"
Next in thread: Jeongjun Park: "Re: [PATCH] jfs: Fix array-index-out-of-bounds in diFree"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Apr 25, 2024 at 09:44:33PM +0900, Jeongjun Park wrote:
> Through direct testing and debugging, I've determined that this
> vulnerability occurs when mounting an incorrect image, leading to
> the potential passing of an excessively large value to
> 'sbi->bmap->db_agl2size'. Importantly, there have been no instances
> of memory corruption observed within 'sbi->bmap->db_agl2size'.
>
> Therefore, I think implementing a patch that terminates the
> function in cases where an invalid value is detected.

If that's the problem then the correct place to detect & reject this is
during mount, not at inode free time.

Next message: liulongfang: "Re: [PATCH v5 4/5] hisi_acc_vfio_pci: register debugfs for hisilicon migration driver"
Previous message: Wei Wang: "[PATCH v3 2/3] KVM: x86: Introduce KVM_X86_CALL() to simplify static calls of kvm_x86_ops"
In reply to: Jeongjun Park: "Re: [PATCH] jfs: Fix array-index-out-of-bounds in diFree"
Next in thread: Jeongjun Park: "Re: [PATCH] jfs: Fix array-index-out-of-bounds in diFree"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]