From: Dmitry Antipov Date: Thu, 30 Oct 2025 15:30:02 +0000 (+0300) Subject: ocfs2: add extra consistency checks for chain allocator dinodes X-Git-Tag: v6.19-rc1~70^2~99 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e1c70505ee8158c1108340d9cd67182ade93af4a;p=thirdparty%2Fkernel%2Flinux.git ocfs2: add extra consistency checks for chain allocator dinodes When validating chain allocator dinode in 'ocfs2_validate_inode_block()', add an extra checks whether a) the maximum amount of chain records in 'struct ocfs2_chain_list' matches the value calculated based on the filesystem block size, and b) the next free slot index is within the valid range. Link: https://lkml.kernel.org/r/20251030153003.1934585-1-dmantipov@yandex.ru Signed-off-by: Dmitry Antipov Reported-by: syzbot+77026564530dbc29b854@syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=77026564530dbc29b854 Reported-by: syzbot+5054473a31f78f735416@syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=5054473a31f78f735416 Suggested-by: Joseph Qi Reviewed-by: Joseph Qi Cc: Junxiao Bi Cc: Jun Piao Cc: Deepanshu Kartikey Cc: Heming Zhao Cc: Joel Becker Cc: Mark Fasheh Signed-off-by: Andrew Morton --- diff --git a/fs/ocfs2/inode.c b/fs/ocfs2/inode.c index dbc38a212c8f2..0f39ce0a2d463 100644 --- a/fs/ocfs2/inode.c +++ b/fs/ocfs2/inode.c @@ -1513,6 +1513,23 @@ int ocfs2_validate_inode_block(struct super_block *sb, goto bail; } + if (le32_to_cpu(di->i_flags) & OCFS2_CHAIN_FL) { + struct ocfs2_chain_list *cl = &di->id2.i_chain; + + if (le16_to_cpu(cl->cl_count) != ocfs2_chain_recs_per_inode(sb)) { + rc = ocfs2_error(sb, "Invalid dinode %llu: chain list count %u\n", + (unsigned long long)bh->b_blocknr, + le16_to_cpu(cl->cl_count)); + goto bail; + } + if (le16_to_cpu(cl->cl_next_free_rec) > le16_to_cpu(cl->cl_count)) { + rc = ocfs2_error(sb, "Invalid dinode %llu: chain list index %u\n", + (unsigned long long)bh->b_blocknr, + le16_to_cpu(cl->cl_next_free_rec)); + goto bail; + } + } + rc = 0; bail: