From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-pf1-f176.google.com (mail-pf1-f176.google.com [209.85.210.176]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 3CD0D364045 for ; Fri, 3 Apr 2026 06:30:36 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.176 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775197838; cv=none; b=ggg2ovnQ+OYMxaG5/rWW0VCNPgPR7JGPQwcJLRQytJp5luVi1QAmju/1PNeZC3AZQjY31Bn8wYcdwb0jTV40E/TuedTvhBHxcxiXliu5zPH++U1NJZP43lmzqRKgdnj5Lsh2FKwQ4i0MBAu8Y/M9jlEjjeag18DIOoXsHYoorAk= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1775197838; c=relaxed/simple; bh=AyTQF/cGPP0NGCOED8q8zmLVfRLlR83ojMuRP0TmCeg=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=uRZK4Dvf2N6U2vKjZ43vSVUAI6YcYzlOkzPtJQusgvS7/pNHUlshQTw4VxLoFXE7H7bEKfknbXJ82s4FLrC0SvJpJ+VTaoqXIgXI4fnagBw4SoE8zhfplxE9GRxNK0gTZ/x+KYSRNViGimlg6cq3M5m17rU7PhMS2dtAKGJWTlg= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=kQhplqm7; arc=none smtp.client-ip=209.85.210.176 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="kQhplqm7" Received: by mail-pf1-f176.google.com with SMTP id d2e1a72fcca58-827270d50d4so1457709b3a.3 for ; Thu, 02 Apr 2026 23:30:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1775197835; x=1775802635; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=J+f0oKHtSJA7PrZhO35i+p8/nUL8EucM4r8b8pY9Pn8=; b=kQhplqm7KqRE7Au93NRHj7XndOn5YdEAJUdPaZbw+yRCzD4QV+oZ8DrOgApFcUOxYq R+NRA4mOAUa2NGtSFsKFN0mSkat1eZvOVmlcMIRbeCDvHj+tN7sBRwSS+cPdRrYAQluO Z0hjfre/TFYs6THSLPJqyNszX9xlzv5c/KM9zsG5lsedTXB1fHsvOxboxoJqOdGkxqmx M2XLFL9fjV8OfZqJDaS1n3zV5NZzpu+SOdUuN/XUR8F5yqWcXCB7d5i6sr2YMcBgJOnb 0wFvr7Ggzv2TEq9k261K4VLpfyeXvaME/yfjUUXI/9mHG8FCNaKtvrsvvRFjltlqZeRV z6dw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1775197835; x=1775802635; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=J+f0oKHtSJA7PrZhO35i+p8/nUL8EucM4r8b8pY9Pn8=; b=BKVN0g9qhibSIZVkUjsKFEC6X1Yr4iUbzVGLlMJGhWpD9wjo6R0AFfIEbj/grnJ1Ux OCpfS8jpDNokqB9C6S0t4fBfqM1LRisf22QeYySOIo4gFajJPWoQOnqqinO5g4oHa46F KC4QMUOGLKMo1f11AzzVN6xU2HHs6WRnYazFOUEXtQLMtldGi6sZ/6CQSwq7A+EIGZb6 J+ojuubOwBUA5qN6f9oj5waVTv8tiAA/ntnLqPHS1ReixrBmNsAmm760fYzSefK3jx5j eZQA/cklLdn938Ib1nFHIrYKCIArkrFsl4BVAU8WRqIZRjH9/LyCBMY8kmh0Y7wmB0Eb R1mQ== X-Forwarded-Encrypted: i=1; AJvYcCU4a18Je24Vwp42+9p1GCgE2fyu+ZfDa5gH2FqSwyWVnA26u+Li0MddjrWRfwuLqKBUXSezllBqYtp/JqM=@vger.kernel.org X-Gm-Message-State: AOJu0YwzEW6pVktJUjKWE4cvFiWK8JfQaI72v3al7b9iJhFSZ2rAnz/v TbKLGYVj4ykqzVU5DonyF6NlR1jkhzhe/D8b66WQoUWRnGZtPiy++Mvz X-Gm-Gg: AeBDies/C2wAx8LsMQBk3AfaAqVO7LRhxNb9OzUPx6AGpZA+qMH5wawqRmjqcKetLYx t87xYi59YJvxnXba84gwhmemqiXTimhoCHQYYIGYJiIHixfekhXvrOAn39wVg0c0VsYdFl2J+Q+ NAZS0udtPTj0ose+rzM4WgWSRi8fxaOYebOEIKcWZONCZRd9Wy/BwNkLsIrUUciKwt+iBWiOYtx YJK9zwB9DK3n0PRC9j6BMLVQsTI7s4cmaBR09T+AnhvIS9QIHY71JloAPVObGfAx1AQhVXfuo9b sLJMk/vV8fronpanbQuP2rI7eHOSy3MvjQ/wydQdporF14cdb+kTFGPx52/bqD9G23gcXT4AjJm EU9E0sSSXwiERVs71PK/n0aLnfLfWNHacB8d7m99i+76dN/ZOynLv0ihkVOvTYIv4NIGLKjgufl BHjVo8jAe+uZw/PaAt/1yAd1bbFcmwW9rTJqDOpQ8bFKy53/L8OtQjT9sYroMnqXipyGEcl4w= X-Received: by 2002:a05:6a00:4b53:b0:827:3222:c4c with SMTP id d2e1a72fcca58-82d0dba3201mr1827582b3a.39.1775197835318; Thu, 02 Apr 2026 23:30:35 -0700 (PDT) Received: from kernel-fuzz.. ([103.172.182.26]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-82cf9c41b8dsm4572258b3a.34.2026.04.02.23.30.31 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 02 Apr 2026 23:30:34 -0700 (PDT) From: ZhengYuan Huang To: mark@fasheh.com, jlbec@evilplan.org, joseph.qi@linux.alibaba.com Cc: ocfs2-devel@lists.linux.dev, linux-kernel@vger.kernel.org, baijiaju1990@gmail.com, r33s3n6@gmail.com, zzzccc427@gmail.com, ZhengYuan Huang Subject: [PATCH 2/3] ocfs2: handle invalid dinode in claim_suballoc_bits Date: Fri, 3 Apr 2026 14:30:15 +0800 Message-ID: <20260403063016.438287-3-gality369@gmail.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20260403063016.438287-1-gality369@gmail.com> References: <20260403063016.438287-1-gality369@gmail.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit [BUG] A crafted filesystem can feed an invalid dinode into ocfs2_claim_suballoc_bits() and trip: kernel BUG at fs/ocfs2/suballoc.c:1966 [CAUSE] ocfs2_claim_suballoc_bits() trusts ac->ac_bh, but that buffer is not limited to the reserve_suballoc_bits() path: local allocation can also hand in osb->local_alloc_bh directly. JBD-managed buffers can bypass inode validation, so invalid dinode data can still reach this function. [FIX] Report an invalid dinode as filesystem corruption and unwind through the existing bail path instead of BUG()ing. This keeps the allocation logic unchanged while removing the fatal failure mode. Fixes: 10995aa2451a ("ocfs2: Morph the haphazard OCFS2_IS_VALID_DINODE() checks.") Signed-off-by: ZhengYuan Huang --- fs/ocfs2/suballoc.c | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/fs/ocfs2/suballoc.c b/fs/ocfs2/suballoc.c index 12ac2bb3f10b..b99870aeaf88 100644 --- a/fs/ocfs2/suballoc.c +++ b/fs/ocfs2/suballoc.c @@ -1965,9 +1965,13 @@ static int ocfs2_claim_suballoc_bits(struct ocfs2_alloc_context *ac, fe = (struct ocfs2_dinode *) ac->ac_bh->b_data; - /* The bh was validated by the inode read during - * ocfs2_reserve_suballoc_bits(). Any corruption is a code bug. */ - BUG_ON(!OCFS2_IS_VALID_DINODE(fe)); + /* JBD-managed buffers can bypass inode validation. */ + if (!OCFS2_IS_VALID_DINODE(fe)) { + status = ocfs2_error(ac->ac_inode->i_sb, + "Invalid dinode #%llu\n", + (unsigned long long)OCFS2_I(ac->ac_inode)->ip_blkno); + goto bail; + } if (le32_to_cpu(fe->id1.bitmap1.i_used) >= le32_to_cpu(fe->id1.bitmap1.i_total)) { -- 2.43.0