[lvc-project] [PATCH v2] ocfs2: add extra consistency check to ocfs2_dx_dir_lookup_rec()
Heming Zhao
heming.zhao at suse.com
Fri Oct 10 13:57:43 MSK 2025
On 10/10/25 14:54, Joseph Qi wrote:
>
>
> On 2025/10/7 17:46, Dmitry Antipov wrote:
>> In 'ocfs2_dx_dir_lookup_rec()', check whether an extent list length
>> of the directory indexing block matches the one configured via the
>> superblock parameters established at mount, thus preventing an
>> out-of-bounds accesses while iterating over the extent records below.
>>
>> Reported-by: syzbot+30b53487d00b4f7f0922 at syzkaller.appspotmail.com
>> Closes: https://syzkaller.appspot.com/bug?extid=30b53487d00b4f7f0922
>> Signed-off-by: Dmitry Antipov <dmantipov at yandex.ru>
>
> Looks fine.
> Reviewed-by: Joseph Qi <joseph.qi at linux.alibaba.com>
Looks good to me.
Reviewed-by: Heming Zhao <heming.zhao at suse.com>>
>> ---
>> v2: move sanity check to ocfs2_dx_dir_lookup_rec() (Heming Zhao)
>> and rely on the convenient ocfs2_error() to handle error
>> ---
>> fs/ocfs2/dir.c | 8 ++++++++
>> 1 file changed, 8 insertions(+)
>>
>> diff --git a/fs/ocfs2/dir.c b/fs/ocfs2/dir.c
>> index 8c9c4825f984..ece0462a5d26 100644
>> --- a/fs/ocfs2/dir.c
>> +++ b/fs/ocfs2/dir.c
>> @@ -778,6 +778,14 @@ static int ocfs2_dx_dir_lookup_rec(struct inode *inode,
>> struct ocfs2_extent_block *eb;
>> struct ocfs2_extent_rec *rec = NULL;
>>
>> + if (le16_to_cpu(el->l_count) !=
>> + ocfs2_extent_recs_per_dx_root(inode->i_sb)) {
>> + ret = ocfs2_error(inode->i_sb,
>> + "Inode %lu has invalid extent list length %u\n",
>> + inode->i_ino, le16_to_cpu(el->l_count));
>> + goto out;
>> + }
>> +
>> if (el->l_tree_depth) {
>> ret = ocfs2_find_leaf(INODE_CACHE(inode), el, major_hash,
>> &eb_bh);
>
More information about the lvc-project
mailing list