From: Dave Kleikamp <dave.kleikamp@oracle.com> mainline inclusion from mainline-v6.12-rc5 commit 67373ca8404fe57eb1bb4b57f314cff77ce54932 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IAYQS5 CVE: CVE-2024-47723 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?i... -------------------------------- MAXAG is a legitimate value for bmp->db_numag Fixes: e63866a47556 ("jfs: fix out-of-bounds in dbNextAG() and diAlloc()") Signed-off-by: Dave Kleikamp <dave.kleikamp@oracle.com> Signed-off-by: Jinjiang Tu <tujinjiang@huawei.com> --- fs/jfs/jfs_dmap.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/jfs/jfs_dmap.c b/fs/jfs/jfs_dmap.c index c80eee229a49..bf1f3d4d23f2 100644 --- a/fs/jfs/jfs_dmap.c +++ b/fs/jfs/jfs_dmap.c @@ -187,7 +187,7 @@ int dbMount(struct inode *ipbmap) } bmp->db_numag = le32_to_cpu(dbmp_le->dn_numag); - if (!bmp->db_numag || bmp->db_numag >= MAXAG) { + if (!bmp->db_numag || bmp->db_numag > MAXAG) { err = -EINVAL; goto err_release_metapage; } -- 2.34.1