Re: [PATCH v2] jbd2: fix integer underflow in jbd2_journal_initialize_fast_commit()

Next message: Dmitry Vyukov: "Re: [syzbot] [kvmarm?] [kvm?] BUG: unable to handle kernel paging request in kvm_vgic_destroy"
Previous message: Theodore Ts'o: "Re: [PATCH] jbd2: check for aborted handle in jbd2_journal_dirty_metadata()"
In reply to: Baokun Li: "Re: [PATCH v2] jbd2: fix integer underflow in jbd2_journal_initialize_fast_commit()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Theodore Ts'o

Date: Thu Jun 04 2026 - 11:00:10 EST

On Wed, 13 May 2026 17:28:40 +0800, Junrui Luo wrote:
> jbd2_journal_initialize_fast_commit() validates journal capacity by
> checking (journal->j_last - num_fc_blks < JBD2_MIN_JOURNAL_BLOCKS).
> Both j_last and num_fc_blks are unsigned, so when num_fc_blks exceeds
> j_last the subtraction wraps to a large value, bypassing the bounds
> check.
>
> The resulting underflow corrupts j_last, j_fc_first, and j_free,
> leading to journal abort.
>
> [...]

Applied, thanks!

[1/1] jbd2: fix integer underflow in jbd2_journal_initialize_fast_commit()
commit: 289a2ca0c9b7eae74f93fc213b0b971669b8683d

Best regards,
--
Theodore Ts'o <tytso@xxxxxxx>