From: Joseph Qi <joseph.qi@linux.alibaba.com>
To: ZhengYuan Huang <gality369@gmail.com>
Cc: ocfs2-devel@lists.linux.dev, linux-kernel@vger.kernel.org,
baijiaju1990@gmail.com, r33s3n6@gmail.com, zzzccc427@gmail.com,
Mark Fasheh <mark@fasheh.com>, Joel Becker <jlbec@evilplan.org>,
akpm <akpm@linux-foundation.org>
Subject: Re: [PATCH 0/3] ocfs2: stop BUG_ON crashes in suballoc invalid-dinode paths
Date: Fri, 3 Apr 2026 17:30:11 +0800 [thread overview]
Message-ID: <de8b2fd1-5176-472c-9fe6-e0b464133e7f@linux.alibaba.com> (raw)
In-Reply-To: <20260403063016.438287-1-gality369@gmail.com>
On 4/3/26 2:30 PM, ZhengYuan Huang wrote:
> commit 10995aa2451a ("ocfs2: Morph the haphazard
> OCFS2_IS_VALID_DINODE() checks.") converted several OCFS2 dinode
> corruption checks from graceful error handling to BUG_ON() under the
> assumption that every caller only sees validated inode buffers.
>
> That assumption does not always hold for JBD-managed buffers. The common
> inode read path can still hand suballoc code an invalid dinode, which turns
> crafted filesystem corruption into a kernel panic instead of a normal OCFS2
> filesystem error.
>
When inode first read from disk, it will call ocfs2_validate_inode_block()
to validate if it is valid.
So it seems this is a code bug once the buffer is modified? Or how it
happens?
Thanks,
Joseph
> This series restores graceful corruption handling at the three
> independently reachable BUG_ON() sites in fs/ocfs2/suballoc.c:
>
> 1. reserve_suballoc_bits()
> 2. claim_suballoc_bits()
> 3. _ocfs2_free_suballoc_bits()
>
> The series is split per crash site so each patch fixes one bug. A broader
> follow-up could harden structural validation for JBD-managed inode reads,
> but that change touches a much wider read-side contract and is kept out of
> scope here.
>
> ZhengYuan Huang (3):
> ocfs2: handle invalid dinode in reserve_suballoc_bits
> ocfs2: handle invalid dinode in claim_suballoc_bits
> ocfs2: handle invalid dinode in _ocfs2_free_suballoc_bits
>
> fs/ocfs2/suballoc.c | 33 +++++++++++++++++++++------------
> 1 file changed, 21 insertions(+), 12 deletions(-)
>
next prev parent reply other threads:[~2026-04-03 9:30 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-04-03 6:30 [PATCH 0/3] ocfs2: stop BUG_ON crashes in suballoc invalid-dinode paths ZhengYuan Huang
2026-04-03 6:30 ` [PATCH 1/3] ocfs2: handle invalid dinode in reserve_suballoc_bits ZhengYuan Huang
2026-04-03 6:30 ` [PATCH 2/3] ocfs2: handle invalid dinode in claim_suballoc_bits ZhengYuan Huang
2026-04-03 6:30 ` [PATCH 3/3] ocfs2: handle invalid dinode in _ocfs2_free_suballoc_bits ZhengYuan Huang
2026-04-03 9:30 ` Joseph Qi [this message]
2026-04-09 3:37 ` [PATCH 0/3] ocfs2: stop BUG_ON crashes in suballoc invalid-dinode paths ZhengYuan Huang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=de8b2fd1-5176-472c-9fe6-e0b464133e7f@linux.alibaba.com \
--to=joseph.qi@linux.alibaba.com \
--cc=akpm@linux-foundation.org \
--cc=baijiaju1990@gmail.com \
--cc=gality369@gmail.com \
--cc=jlbec@evilplan.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mark@fasheh.com \
--cc=ocfs2-devel@lists.linux.dev \
--cc=r33s3n6@gmail.com \
--cc=zzzccc427@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox