minix: Add required sanity checking to minix_check_superblock()

The fs/minix implementation of the minix filesystem does not currently
support any other value for s_log_zone_size than 0. This is also the
only value supported in util-linux; see mkfs.minix.c line 511. In
addition, this patch adds some sanity checking for the other minix
superblock fields, and moves the minix_blocks_needed() checks for the
zmap and imap also to minix_check_super_block().

This also closes a related syzbot bug report.

Signed-off-by: Jori Koolstra <jkoolstra@xs4all.nl>
Link: https://patch.msgid.link/20251208153947.108343-1-jkoolstra@xs4all.nl
Reviewed-by: Jan Kara <jack@suse.cz>
Reported-by: syzbot+5ad0824204c7bf9b67f2@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=5ad0824204c7bf9b67f2
Signed-off-by: Christian Brauner <brauner@kernel.org>

diff --git a/fs/minix/inode.c b/fs/minix/inode.c
index 51ea9bdc813f776a09d1d265180c76f1d813cc5a..c8c6b2135abe79282f46af3b30c1ae5373356890 100644 (file)
--- a/fs/minix/inode.c
+++ b/fs/minix/inode.c
@@ -170,10 +170,38 @@ static int minix_reconfigure(struct fs_context *fc)
 static bool minix_check_superblock(struct super_block *sb)
 {
        struct minix_sb_info *sbi = minix_sb(sb);
+       unsigned long block;
 
-       if (sbi->s_imap_blocks == 0 || sbi->s_zmap_blocks == 0)
+       if (sbi->s_log_zone_size != 0) {
+               printk("minix-fs error: zone size must equal block size. "
+                      "s_log_zone_size > 0 is not supported.\n");
+               return false;
+       }
+
+       if (sbi->s_ninodes < 1 || sbi->s_firstdatazone <= 4 ||
+           sbi->s_firstdatazone >= sbi->s_nzones)
                return false;
 
+       /* Apparently minix can create filesystems that allocate more blocks for
+        * the bitmaps than needed.  We simply ignore that, but verify it didn't
+        * create one with not enough blocks and bail out if so.
+        */
+       block = minix_blocks_needed(sbi->s_ninodes, sb->s_blocksize);
+       if (sbi->s_imap_blocks < block) {
+               printk("MINIX-fs: file system does not have enough "
+                      "imap blocks allocated. Refusing to mount.\n");
+               return false;
+       }
+
+       block = minix_blocks_needed(
+                       (sbi->s_nzones - sbi->s_firstdatazone + 1),
+                       sb->s_blocksize);
+       if (sbi->s_zmap_blocks < block) {
+               printk("MINIX-fs: file system does not have enough "
+                      "zmap blocks allocated. Refusing to mount.\n");
+               return false;
+       }
+
        /*
         * s_max_size must not exceed the block mapping limitation.  This check
         * is only needed for V1 filesystems, since V2/V3 support an extra level
@@ -293,26 +321,6 @@ static int minix_fill_super(struct super_block *s, struct fs_context *fc)
        minix_set_bit(0,sbi->s_imap[0]->b_data);
        minix_set_bit(0,sbi->s_zmap[0]->b_data);
 
-       /* Apparently minix can create filesystems that allocate more blocks for
-        * the bitmaps than needed.  We simply ignore that, but verify it didn't
-        * create one with not enough blocks and bail out if so.
-        */
-       block = minix_blocks_needed(sbi->s_ninodes, s->s_blocksize);
-       if (sbi->s_imap_blocks < block) {
-               printk("MINIX-fs: file system does not have enough "
-                               "imap blocks allocated.  Refusing to mount.\n");
-               goto out_no_bitmap;
-       }
-
-       block = minix_blocks_needed(
-                       (sbi->s_nzones - sbi->s_firstdatazone + 1),
-                       s->s_blocksize);
-       if (sbi->s_zmap_blocks < block) {
-               printk("MINIX-fs: file system does not have enough "
-                               "zmap blocks allocated.  Refusing to mount.\n");
-               goto out_no_bitmap;
-       }
-
        /* set up enough so that it can read an inode */
        s->s_op = &minix_sops;
        s->s_time_min = 0;