* [PATCH] PATCH] This is a backport for 6.6.y.
@ 2026-03-29 7:44 Changjian Liu
2026-03-29 7:56 ` Greg KH
0 siblings, 1 reply; 2+ messages in thread
From: Changjian Liu @ 2026-03-29 7:44 UTC (permalink / raw)
To: stable
Cc: syzbot+1dd53396e7124586dca9, Changjian Liu, Dmitry Antipov,
syzbot+77026564530dbc29b854, syzbot+5054473a31f78f735416,
Joseph Qi, Junxiao Bi, Jun Piao, Deepanshu Kartikey, Heming Zhao,
Joel Becker, Mark Fasheh, Andrew Morton
[ Upstream commit e1c70505ee8158c1108340d9cd67182ade93af4a ]
ocfs2: add extra consistency checks for chain allocator dinodes
When validating chain allocator dinode in 'ocfs2_validate_inode_block()',
add an extra checks whether a) the maximum amount of chain records in
'struct ocfs2_chain_list' matches the value calculated based on the
filesystem block size, and b) the next free slot index is within the valid
range.
Link: https://lkml.kernel.org/r/20251030153003.1934585-1-dmantipov@yandex.ru
Signed-off-by: Dmitry Antipov <dmantipov@yandex.ru>
Reported-by: syzbot+77026564530dbc29b854@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=77026564530dbc29b854
Reported-by: syzbot+5054473a31f78f735416@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=5054473a31f78f735416
Suggested-by: Joseph Qi <joseph.qi@linux.alibaba.com>
Reviewed-by: Joseph Qi <joseph.qi@linux.alibaba.com>
Cc: Junxiao Bi <junxiao.bi@oracle.com>
Cc: Jun Piao <piaojun@huawei.com>
Cc: Deepanshu Kartikey <kartikey406@gmail.com>
Cc: Heming Zhao <heming.zhao@suse.com>
Cc: Joel Becker <jlbec@evilplan.org>
Cc: Mark Fasheh <mark@fasheh.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Changjian Liu <driz2t@qq.com>
---
fs/ocfs2/inode.c | 17 +++++++++++++++++
1 file changed, 17 insertions(+)
diff --git a/fs/ocfs2/inode.c b/fs/ocfs2/inode.c
index c561a8a6493e..7c99f436037b 100644
--- a/fs/ocfs2/inode.c
+++ b/fs/ocfs2/inode.c
@@ -1419,6 +1419,23 @@ int ocfs2_validate_inode_block(struct super_block *sb,
goto bail;
}
+ if (le32_to_cpu(di->i_flags) & OCFS2_CHAIN_FL) {
+ struct ocfs2_chain_list *cl = &di->id2.i_chain;
+
+ if (le16_to_cpu(cl->cl_count) != ocfs2_chain_recs_per_inode(sb)) {
+ rc = ocfs2_error(sb, "Invalid dinode %llu: chain list count %u\n",
+ (unsigned long long)bh->b_blocknr,
+ le16_to_cpu(cl->cl_count));
+ goto bail;
+ }
+ if (le16_to_cpu(cl->cl_next_free_rec) > le16_to_cpu(cl->cl_count)) {
+ rc = ocfs2_error(sb, "Invalid dinode %llu: chain list index %u\n",
+ (unsigned long long)bh->b_blocknr,
+ le16_to_cpu(cl->cl_next_free_rec));
+ goto bail;
+ }
+ }
+
rc = 0;
bail:
--
2.43.0
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH] PATCH] This is a backport for 6.6.y.
2026-03-29 7:44 [PATCH] PATCH] This is a backport for 6.6.y Changjian Liu
@ 2026-03-29 7:56 ` Greg KH
0 siblings, 0 replies; 2+ messages in thread
From: Greg KH @ 2026-03-29 7:56 UTC (permalink / raw)
To: Changjian Liu
Cc: stable, syzbot+1dd53396e7124586dca9, Dmitry Antipov,
syzbot+77026564530dbc29b854, syzbot+5054473a31f78f735416,
Joseph Qi, Junxiao Bi, Jun Piao, Deepanshu Kartikey, Heming Zhao,
Joel Becker, Mark Fasheh, Andrew Morton
On Sun, Mar 29, 2026 at 03:44:22PM +0800, Changjian Liu wrote:
> [ Upstream commit e1c70505ee8158c1108340d9cd67182ade93af4a ]
>
> ocfs2: add extra consistency checks for chain allocator dinodes
Your subject line is very odd.
And why just this one branch? What is the reason to do this here?
We obviously can not take a fix for only an older branch but not a newer
one, otherwise you would have a regression when you update to a newer
kernel release, right?
thanks,
greg k-h
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2026-03-29 7:56 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-03-29 7:44 [PATCH] PATCH] This is a backport for 6.6.y Changjian Liu
2026-03-29 7:56 ` Greg KH
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox