From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from mail-pj1-f43.google.com (mail-pj1-f43.google.com [209.85.216.43]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8C4F936D500 for ; Tue, 12 May 2026 02:41:50 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.216.43 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778553711; cv=none; b=BTnBlpC10Ys6MZBfd3jDUiZSwya5v7oEPNPYpAzfbDKxum6jLv/ri0+F3Ro4b6MBVcpDgFbjbbD3Oqi/Z2s8QRthi7ZOGe3yHnQLoxCo3tUSBUiL/btUrCZNONQaWx8MCqbNvgSTQBh0gVB6eEvW1H07xYmORcOJ79C+OqGRULI= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1778553711; c=relaxed/simple; bh=5c989E85hEFk7TdblX10kDlQYvbompQir8PjfNzJeIM=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version; b=iVB5J0+IjEsWFQ5u3712WPnC2dmbzdOiFrSvv1jPLSSOLKmZmRyzJB9LzpIKHKuK0h8EO/quKyzEczkt5gfjhKjyyLSV0SISHMWFCsuaqqPyuRqgUOnLHiDTRvD+09IAFkIqNc1TJ5n96QiOJSj5fm8++3XwzeTHdgfqXyWVnfA= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=gAYD6/Ci; arc=none smtp.client-ip=209.85.216.43 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="gAYD6/Ci" Received: by mail-pj1-f43.google.com with SMTP id 98e67ed59e1d1-366375c4076so2260443a91.3 for ; Mon, 11 May 2026 19:41:50 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1778553710; x=1779158510; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=8eUzOs74h+dHsN8FmzNvVjuwaojaqocv//w7199OsQU=; b=gAYD6/CiyukPXdJj2gYmmtySqqXuOh5aX74l2Jqt/NnO84IzjBVpSQAq/2eOwjqsdK rsbVvdGqYV0N7nTAMXrrAyJ1fkjcgZUR8QVGXiL8F5puTzItDbH3O1wWc1pRDyn82GJA 7I5QcfkB07xusv/GORgsOL0+O5TFQiN6tooWCqnbAhb5T6kXhIJdPPa5avFrimcMGVWz RgI4530BUaIq/noD4S8mSgDB20mBJ3f3fNkm5TidGqU/wj0WrOLNLpD/rylk27sA1ZxG l0lWvXI5H+wynE84t3nhHkHJz15f/b50IcyEbLb1AOUyjDOKH2/3Sb4zjSkFkSY4jbKG kCHw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1778553710; x=1779158510; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=8eUzOs74h+dHsN8FmzNvVjuwaojaqocv//w7199OsQU=; b=EreXkcy3+D9U8DaiTZMvcLYMaMl1W/avR/PKsXv0tJFpHN9Z2bYc6CMwNrjM4eTmek Z+jHrbYk3tLE16M0X+JySawKwaVmJvwqLMaumOlyCIuYun7HtRAbpakTY+CBdQiOgfmH aO6hxO38B+dxh2oAnOtUGkSOuJJTfYZZUKNNnuR+83Sh0fGneZwXTE1wJui5wB6+pIBq bkcmHuUwj+sqBogoZWn5veJGUX9JBxYohQA+etgJtgqm9E8gqAnci152S5DtTjS2dmO5 p6F+ox87OTQnL6taGMgAuH4CMEw8vR6LQnSEhkOFeMm4U8kC0lGGOAXxYEjGBSkcn++E p2GQ== X-Forwarded-Encrypted: i=1; AFNElJ9+JLmlFQQsep3Cz4W8d29MsSJdlSqls2ZnEMOfujG+R9J+9a5gXsYbqe1D9CKSCYfsRvH2M0/q2QUFk8g=@vger.kernel.org X-Gm-Message-State: AOJu0YxfZDcn9C3Dxa7w27TOQs1uTkWJmI5NBnnkUr0Q4S9h72AAhimL WDhvOKumJ2hsZ1ilUkRcsA+4iX42I9M4tfm2pWP5C2aktu6/6RVzrPUj X-Gm-Gg: Acq92OFc9UdW6Q3690i34uYIMJlkKSO3oAkjhEkvTYpfgh5eUOXerltPcu4T9yeB411 3U4+EgwyoC7DQMHzL/C+56aNZ+A43wha7hl/oWmWyNO3KwpfOOiSfFEIbd9S1og8SXymj2Jh18i V2Lfwe2vo5H39es6smlJ6BJ9sqWR6ZFIVZMb/qFYBsA2aOeBbQc6N/QniPJz1rChlP44YRu2BOn 9Ebm4p4eHZRfdTZ9tbtWdaR4IRHfgHF7ocPyq+HtYLZmxS2h2x1niSOSlXe/qRM30L4XaOLnOTc tRL3kz3F9dcZAMVnUsRR0BlE3mLhlwDIA7pjRrJkdQ7GMZrEJ+CjWalFx6tAR+R8QLs8JAIHM1K AAKn3TOeuil2bFtE9zpD7ZNrmaBKMYQ5odamFx4ETib87fqZPc0FnSEpYnA2B4G1cIA/6kobN9X F3DnDcq/uM2NxKZmDWO2FtPPgGeTxjrdV2hNaXDlZd4TChiuXauP6I9vg4vtW1RtJVyQ== X-Received: by 2002:a17:90a:1001:b0:368:78da:803 with SMTP id 98e67ed59e1d1-36878da159fmr3382805a91.12.1778553709617; Mon, 11 May 2026 19:41:49 -0700 (PDT) Received: from gmail.com ([103.172.182.26]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-367d628474dsm9284539a91.8.2026.05.11.19.41.42 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 11 May 2026 19:41:49 -0700 (PDT) From: ZhengYuan Huang To: mark@fasheh.com, jlbec@evilplan.org, joseph.qi@linux.alibaba.com Cc: ocfs2-devel@lists.linux.dev, linux-kernel@vger.kernel.org, baijiaju1990@gmail.com, r33s3n6@gmail.com, zzzccc427@gmail.com, ZhengYuan Huang Subject: [PATCH v2] ocfs2: don't BUG_ON an invalid journal dinode Date: Tue, 12 May 2026 10:41:15 +0800 Message-ID: <20260512024115.4036371-1-gality369@gmail.com> X-Mailer: git-send-email 2.43.0 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit [BUG] A fuzzed OCFS2 image can corrupt the current slot journal dinode while mount is still in progress. The mount path first reports the invalid journal block and then crashes in shutdown: kernel BUG at fs/ocfs2/journal.c:1034! Oops: invalid opcode: 0000 [#1] SMP KASAN NOPTI RIP: 0010:ocfs2_journal_toggle_dirty+0x2d6/0x340 fs/ocfs2/journal.c:1034 Call Trace: ocfs2_journal_shutdown+0x414/0xc30 fs/ocfs2/journal.c:1116 ocfs2_mount_volume fs/ocfs2/super.c:1785 [inline] ocfs2_fill_super+0x30a9/0x3cd0 fs/ocfs2/super.c:1083 get_tree_bdev_flags+0x38b/0x640 fs/super.c:1698 get_tree_bdev+0x24/0x40 fs/super.c:1721 ocfs2_get_tree+0x21/0x30 fs/ocfs2/super.c:1184 vfs_get_tree+0x9a/0x370 fs/super.c:1758 fc_mount fs/namespace.c:1199 [inline] do_new_mount_fc fs/namespace.c:3642 [inline] do_new_mount fs/namespace.c:3718 [inline] path_mount+0x5b8/0x1ea0 fs/namespace.c:4028 do_mount fs/namespace.c:4041 [inline] __do_sys_mount fs/namespace.c:4229 [inline] __se_sys_mount fs/namespace.c:4206 [inline] __x64_sys_mount+0x282/0x320 fs/namespace.c:4206 ... [CAUSE] ocfs2_journal_toggle_dirty() used to return -EIO when journal->j_bh no longer contained a valid dinode, because the startup and shutdown paths already handled that failure. Commit 10995aa2451a ("ocfs2: Morph the haphazard OCFS2_IS_VALID_DINODE() checks.") changed the check to a BUG_ON() under the assumption that the journal dinode had already been validated. That turns an unexpected invalid journal dinode during mount teardown into a kernel crash instead of a normal mount failure. [FIX] Replace the BUG_ON() with WARN_ON() and return -EIO. This keeps the invariant warning for debugging, but restores the original behavior of failing startup or shutdown cleanly instead of panicking the kernel. Fixes: 10995aa2451a ("ocfs2: Morph the haphazard OCFS2_IS_VALID_DINODE() checks.") Signed-off-by: ZhengYuan Huang --- v2: - Drop the full dinode revalidation and use WARN_ON plus -EIO instead - Rework the rationale around the historical BUG_ON conversion - Add a Fixes tag for the commit that replaced the old error return --- fs/ocfs2/journal.c | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/fs/ocfs2/journal.c b/fs/ocfs2/journal.c index f9bf3bac085d..fc54cc798ce3 100644 --- a/fs/ocfs2/journal.c +++ b/fs/ocfs2/journal.c @@ -1022,11 +1022,8 @@ static int ocfs2_journal_toggle_dirty(struct ocfs2_super *osb, struct ocfs2_dinode *fe; fe = (struct ocfs2_dinode *)bh->b_data; - - /* The journal bh on the osb always comes from ocfs2_journal_init() - * and was validated there inside ocfs2_inode_lock_full(). It's a - * code bug if we mess it up. */ - BUG_ON(!OCFS2_IS_VALID_DINODE(fe)); + if (WARN_ON(!OCFS2_IS_VALID_DINODE(fe))) + return -EIO; flags = le32_to_cpu(fe->id1.journal1.ij_flags); if (dirty) -- 2.49.0