[lvc-project] [PATCH] ocfs2: add chain list sanity check to ocfs2_block_group_alloc()
Heming Zhao
heming.zhao at suse.com
Thu Oct 16 05:22:36 MSK 2025
Hi
the code logic LGTM, but there are a few minor issues. see comments below.
On 10/15/25 14:48, Dmitry Antipov wrote:
> In 'ocfs2_block_group_alloc()', add an extra check whether the maximum
> amount of chain records in 'struct ocfs2_chain_list' matches the value
> calculated based on the filesystem block size.
>
> Reported-by: syzbot+77026564530dbc29b854 at syzkaller.appspotmail.com
> Closes: https://syzkaller.appspot.com/bug?extid=77026564530dbc29b854
> Signed-off-by: Dmitry Antipov <dmantipov at yandex.ru>
> ---
> fs/ocfs2/suballoc.c | 7 +++++++
> 1 file changed, 7 insertions(+)
>
> diff --git a/fs/ocfs2/suballoc.c b/fs/ocfs2/suballoc.c
> index 6ac4dcd54588..99eb651d5593 100644
> --- a/fs/ocfs2/suballoc.c
> +++ b/fs/ocfs2/suballoc.c
> @@ -671,6 +671,13 @@ static int ocfs2_block_group_alloc(struct ocfs2_super *osb,
> BUG_ON(ocfs2_is_cluster_bitmap(alloc_inode));
>
> cl = &fe->id2.i_chain;
> + /* If these two doesn't match, the filesystem is most likely corrupted. */
Since the sanity check explains itself, the comment above is unnecessary.> + if (le16_to_cpu(cl->cl_count) != ocfs2_chain_recs_per_inode(osb->sb)) {
> + status = -EINVAL;
> + mlog_errno(status);
As mlog_errno() is handled in the 'bail' section, we don't need to repeat the same task here.
Thanks
Heming> + goto bail;
> + }
> +
> status = ocfs2_reserve_clusters_with_limit(osb,
> le16_to_cpu(cl->cl_cpg),
> max_block, flags, &ac);
More information about the lvc-project
mailing list