CVE-2025-38710

In the Linux kernel, the following vulnerability has been resolved:

gfs2: Validate i_depth for exhash directories

A fuzzer test introduced corruption that ends up with a depth of 0 in direread(), causing an undefined shift by 32 at:

index = hash >> (32 - dip->i_depth);

As calculated in an open-coded way in dirmakeexhash(), the minimum depth for an exhash directory is ilog2(sdp->sdhashptrs) and 0 is invalid as sdp->sdhashptrs is fixed as sdp->bsize / 16 at mount time.

So we can avoid the undefined behaviour by checking for depth values lower than the minimum in gfs2dinodein(). Values greater than the maximum are already being checked for there.

Also switch the calculation in dirmakeexhash() to use ilog2() to clarify how the depth is calculated.

Tested with the syzkaller repro.c and xfstests '-g quick'.