[lvc-project] [PATCH] ocfs2: add extra consistency check to ocfs2_dx_dir_lookup()
Heming Zhao
heming.zhao at suse.com
Wed Oct 1 04:12:43 MSK 2025
Hi,
On 9/30/25 01:04, Dmitry Antipov wrote:
> In 'ocfs2_dx_dir_lookup()', check whether an extent list length
> of the directory indexing block matches the one configured via
> the superblock parameters established at mount, thus preventing
> an out-of-bounds accesses in 'ocfs2_dx_dir_lookup_rec()'.
>
> Reported-by: syzbot+30b53487d00b4f7f0922 at syzkaller.appspotmail.com
> Closes: https://syzkaller.appspot.com/bug?extid=30b53487d00b4f7f0922
> Signed-off-by: Dmitry Antipov <dmantipov at yandex.ru>
> ---
> fs/ocfs2/dir.c | 7 +++++++
> 1 file changed, 7 insertions(+)
>
> diff --git a/fs/ocfs2/dir.c b/fs/ocfs2/dir.c
> index 8c9c4825f984..ff632f1337b7 100644
> --- a/fs/ocfs2/dir.c
> +++ b/fs/ocfs2/dir.c
> @@ -865,6 +865,13 @@ static int ocfs2_dx_dir_lookup(struct inode *inode,
> u64 blkno;
> u32 name_hash = hinfo->major_hash;
>
> + if (le16_to_cpu(el->l_count) !=
> + ocfs2_extent_recs_per_dx_root(inode->i_sb)) {
> + ret = -EFSCORRUPTED;
> + mlog_errno(ret);
> + goto out;
> + }
> +
> ret = ocfs2_dx_dir_lookup_rec(inode, el, name_hash, &cpos, &blkno,
> &clen);
> if (ret) {
In my view, relocating the sanity check to ocfs2_dx_dir_lookup_rec() is more
reasonable.
Another minor issue is that EFSCORRUPTED belongs to jbd2; we need to either
define it or simply use EUCLEAN instead.
Thanks,
Heming
More information about the lvc-project
mailing list