--- /dev/null
+From 4aead50caf67e01020c8be1945c3201e8a972a27 Mon Sep 17 00:00:00 2001
+From: Ryusuke Konishi <konishi.ryusuke@gmail.com>
+Date: Thu, 10 Jul 2025 22:49:08 +0900
+Subject: nilfs2: reject invalid file types when reading inodes
+
+From: Ryusuke Konishi <konishi.ryusuke@gmail.com>
+
+commit 4aead50caf67e01020c8be1945c3201e8a972a27 upstream.
+
+To prevent inodes with invalid file types from tripping through the vfs
+and causing malfunctions or assertion failures, add a missing sanity check
+when reading an inode from a block device. If the file type is not valid,
+treat it as a filesystem error.
+
+Link: https://lkml.kernel.org/r/20250710134952.29862-1-konishi.ryusuke@gmail.com
+Fixes: 05fe58fdc10d ("nilfs2: inode operations")
+Signed-off-by: Ryusuke Konishi <konishi.ryusuke@gmail.com>
+Reported-by: syzbot+895c23f6917da440ed0d@syzkaller.appspotmail.com
+Link: https://syzkaller.appspot.com/bug?extid=895c23f6917da440ed0d
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/nilfs2/inode.c | 9 ++++++++-
+ 1 file changed, 8 insertions(+), 1 deletion(-)
+
+--- a/fs/nilfs2/inode.c
++++ b/fs/nilfs2/inode.c
+@@ -525,11 +525,18 @@ static int __nilfs_read_inode(struct sup
+ inode->i_op = &nilfs_symlink_inode_operations;
+ inode_nohighmem(inode);
+ inode->i_mapping->a_ops = &nilfs_aops;
+- } else {
++ } else if (S_ISCHR(inode->i_mode) || S_ISBLK(inode->i_mode) ||
++ S_ISFIFO(inode->i_mode) || S_ISSOCK(inode->i_mode)) {
+ inode->i_op = &nilfs_special_inode_operations;
+ init_special_inode(
+ inode, inode->i_mode,
+ huge_decode_dev(le64_to_cpu(raw_inode->i_device_code)));
++ } else {
++ nilfs_error(sb,
++ "invalid file type bits in mode 0%o for inode %lu",
++ inode->i_mode, ino);
++ err = -EIO;
++ goto failed_unmap;
+ }
+ nilfs_ifile_unmap_inode(root->ifile, ino, bh);
+ brelse(bh);
projects / thirdparty / kernel / stable-queue.git / commitdiff
