[lvc-project] [PATCH] ocfs2: reject orphaned dinodes with non-zero link count
Dmitry Antipov
dmantipov at yandex.ru
Thu Jun 4 14:59:19 MSK 2026
Since non-zero link count for an orphaned inode most likely
means that on-disk inode data is corrupted, reject such an
inodes in 'ocfs2_validate_inode_block()'.
Reported-by: syzbot+5bdd4953bc58c8fbd6eb at syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=5bdd4953bc58c8fbd6eb
Signed-off-by: Dmitry Antipov <dmantipov at yandex.ru>
---
I'm quite sure about Closes: but was unable to test this using syzbot due to
"FATAL: kernel too old" issues (most likely caused by the kernel vs. glibc
mismatch) like https://syzkaller.appspot.com/x/log.txt?x=13f51bec580000.
---
fs/ocfs2/inode.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/fs/ocfs2/inode.c b/fs/ocfs2/inode.c
index a510a0eb1adc..d483e0c61d12 100644
--- a/fs/ocfs2/inode.c
+++ b/fs/ocfs2/inode.c
@@ -1477,6 +1477,15 @@ int ocfs2_validate_inode_block(struct super_block *sb,
goto bail;
}
+ if ((le32_to_cpu(di->i_flags) & OCFS2_ORPHANED_FL) &&
+ ocfs2_read_links_count(di)) {
+ rc = ocfs2_error(sb,
+ "Invalid dinode #%llu: orphaned with %u links\n",
+ (unsigned long long)bh->b_blocknr,
+ ocfs2_read_links_count(di));
+ goto bail;
+ }
+
if (le32_to_cpu(di->i_fs_generation) !=
OCFS2_SB(sb)->fs_generation) {
rc = ocfs2_error(sb,
--
2.54.0
More information about the lvc-project
mailing list