From: Prithvi Tambewagh <activprithvi@gmail.com>
To: syzbot+af14efe17dfa46173239@syzkaller.appspotmail.com,
jlbec@evilplan.org, joseph.qi@linux.alibaba.com, mark@fasheh.com
Cc: heming.zhao@suse.com, linux-kernel@vger.kernel.org,
ocfs2-devel@lists.linux.dev, syzkaller-bugs@googlegroups.com,
Prithvi Tambewagh <activprithvi@gmail.com>
Subject: Syzbot test for ocfs2: Add check for total number of chains in chain list
Date: Sat, 20 Dec 2025 14:14:57 +0530 [thread overview]
Message-ID: <20251220084457.107038-1-activprithvi@gmail.com> (raw)
In-Reply-To: <67117fd9.050a0220.10f4f4.0004.GAE@google.com>
#syz test git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 36c254515dc6592c44db77b84908358979dd6b50
Signed-off-by: Prithvi Tambewagh <activprithvi@gmail.com>
---
fs/ocfs2/suballoc.c | 15 +++++++++++++++
1 file changed, 15 insertions(+)
diff --git a/fs/ocfs2/suballoc.c b/fs/ocfs2/suballoc.c
index f7b483f0de2a..7ea63e9cc4f8 100644
--- a/fs/ocfs2/suballoc.c
+++ b/fs/ocfs2/suballoc.c
@@ -671,6 +671,21 @@ static int ocfs2_block_group_alloc(struct ocfs2_super *osb,
BUG_ON(ocfs2_is_cluster_bitmap(alloc_inode));
cl = &fe->id2.i_chain;
+ unsigned int block_size = osb->sb->s_blocksize;
+ unsigned int max_cl_count =
+ (block_size - offsetof(struct ocfs2_chain_list, cl_recs)) /
+ sizeof(struct ocfs2_chain_rec);
+
+ if (!le16_to_cpu(cl->cl_count) ||
+ le16_to_cpu(cl->cl_count) > max_cl_count) {
+ ocfs2_error(osb->sb,
+ "Invalid chain list: cl_count %u "
+ "exceeds max %u",
+ le16_to_cpu(cl->cl_count), max_cl_count);
+ status = -EIO;
+ goto bail;
+ }
+
status = ocfs2_reserve_clusters_with_limit(osb,
le16_to_cpu(cl->cl_cpg),
max_block, flags, &ac);
base-commit: 36c254515dc6592c44db77b84908358979dd6b50
--
2.34.1
next prev parent reply other threads:[~2025-12-20 8:45 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-10-17 21:21 [syzbot] [ocfs2?] KASAN: slab-use-after-free Read in ocfs2_reserve_suballoc_bits syzbot
2025-12-20 8:44 ` Prithvi Tambewagh [this message]
2025-12-20 9:17 ` syzbot
2026-01-16 6:01 ` syzbot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20251220084457.107038-1-activprithvi@gmail.com \
--to=activprithvi@gmail.com \
--cc=heming.zhao@suse.com \
--cc=jlbec@evilplan.org \
--cc=joseph.qi@linux.alibaba.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mark@fasheh.com \
--cc=ocfs2-devel@lists.linux.dev \
--cc=syzbot+af14efe17dfa46173239@syzkaller.appspotmail.com \
--cc=syzkaller-bugs@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.