tree:   https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git master
head:   b9f85101cad3397ef1e509909602a90e257ab9d8
commit: 4d42ecda239cc13738d6fd84d098a32e67b368b9 [10974/12991] fs/ntfs3: Validate buffer length while parsing index
config: i386-randconfig-s052-20221010
compiler: gcc-11 (Debian 11.3.0-5) 11.3.0
reproduce:
        # apt-get install sparse
        # sparse version: v0.6.4-39-gce1a6720-dirty
        # https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git/commit/?id=4d42ecda239cc13738d6fd84d098a32e67b368b9
        git remote add linux-next https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git
        git fetch --no-tags linux-next master
        git checkout 4d42ecda239cc13738d6fd84d098a32e67b368b9
        # save the config file
        mkdir build_dir && cp config build_dir/.config
        make W=1 C=1 CF='-fdiagnostic-prefix -D__CHECK_ENDIAN__' O=build_dir ARCH=i386 SHELL=/bin/bash fs/cifs/ fs/ntfs3/

If you fix the issue, kindly add following tag where applicable
| Reported-by: kernel test robot <lkp@intel.com>

sparse warnings: (new ones prefixed by >>)
>> fs/ntfs3/index.c:1021:59: sparse: sparse: restricted __le32 degrades to integer

vim +1021 fs/ntfs3/index.c

   948	
   949	/*
   950	 * indx_read
   951	 *
   952	 * If ntfs_readdir calls this function
   953	 * inode is shared locked and no ni_lock.
   954	 * Use rw_semaphore for read/write access to alloc_run.
   955	 */
   956	int indx_read(struct ntfs_index *indx, struct ntfs_inode *ni, CLST vbn,
   957		      struct indx_node **node)
   958	{
   959		int err;
   960		struct INDEX_BUFFER *ib;
   961		struct runs_tree *run = &indx->alloc_run;
   962		struct rw_semaphore *lock = &indx->run_lock;
   963		u64 vbo = (u64)vbn << indx->vbn2vbo_bits;
   964		u32 bytes = 1u << indx->index_bits;
   965		struct indx_node *in = *node;
   966		const struct INDEX_NAMES *name;
   967	
   968		if (!in) {
   969			in = kzalloc(sizeof(struct indx_node), GFP_NOFS);
   970			if (!in)
   971				return -ENOMEM;
   972		} else {
   973			nb_put(&in->nb);
   974		}
   975	
   976		ib = in->index;
   977		if (!ib) {
   978			ib = kmalloc(bytes, GFP_NOFS);
   979			if (!ib) {
   980				err = -ENOMEM;
   981				goto out;
   982			}
   983		}
   984	
   985		down_read(lock);
   986		err = ntfs_read_bh(ni->mi.sbi, run, vbo, &ib->rhdr, bytes, &in->nb);
   987		up_read(lock);
   988		if (!err)
   989			goto ok;
   990	
   991		if (err == -E_NTFS_FIXUP)
   992			goto ok;
   993	
   994		if (err != -ENOENT)
   995			goto out;
   996	
   997		name = &s_index_names[indx->type];
   998		down_write(lock);
   999		err = attr_load_runs_range(ni, ATTR_ALLOC, name->name, name->name_len,
  1000					   run, vbo, vbo + bytes);
  1001		up_write(lock);
  1002		if (err)
  1003			goto out;
  1004	
  1005		down_read(lock);
  1006		err = ntfs_read_bh(ni->mi.sbi, run, vbo, &ib->rhdr, bytes, &in->nb);
  1007		up_read(lock);
  1008		if (err == -E_NTFS_FIXUP)
  1009			goto ok;
  1010	
  1011		if (err)
  1012			goto out;
  1013	
  1014	ok:
  1015		if (err == -E_NTFS_FIXUP) {
  1016			ntfs_write_bh(ni->mi.sbi, &ib->rhdr, &in->nb, 0);
  1017			err = 0;
  1018		}
  1019	
  1020		/* check for index header length */
> 1021		if (offsetof(struct INDEX_BUFFER, ihdr) + ib->ihdr.used > bytes) {
  1022			err = -EINVAL;
  1023			goto out;
  1024		}
  1025	
  1026		in->index = ib;
  1027		*node = in;
  1028	
  1029	out:
  1030		if (ib != in->index)
  1031			kfree(ib);
  1032	
  1033		if (*node != in) {
  1034			nb_put(&in->nb);
  1035			kfree(in);
  1036		}
  1037	
  1038		return err;
  1039	}
  1040	

-- 
0-DAY CI Kernel Test Service
https://01.org/lkp