[lvc-project] [PATCH] ocfs2: reject orphaned dinodes with non-zero link count
Heming Zhao
heming.zhao at suse.com
Fri Jun 5 04:49:40 MSK 2026
On Thu, Jun 04, 2026 at 02:59:19PM +0300, Dmitry Antipov wrote:
> Since non-zero link count for an orphaned inode most likely
> means that on-disk inode data is corrupted, reject such an
> inodes in 'ocfs2_validate_inode_block()'.
IIUC, If a file has hard links, its link count will be greater than 1. If the
file size is extended, this inode will be marked as orphaned, while the link
count remains the same as before.
Thanks,
Heming
>
> Reported-by: syzbot+5bdd4953bc58c8fbd6eb at syzkaller.appspotmail.com
> Closes: https://syzkaller.appspot.com/bug?extid=5bdd4953bc58c8fbd6eb
> Signed-off-by: Dmitry Antipov <dmantipov at yandex.ru>
> ---
> I'm quite sure about Closes: but was unable to test this using syzbot due to
> "FATAL: kernel too old" issues (most likely caused by the kernel vs. glibc
> mismatch) like https://syzkaller.appspot.com/x/log.txt?x=13f51bec580000.
> ---
> fs/ocfs2/inode.c | 9 +++++++++
> 1 file changed, 9 insertions(+)
>
> diff --git a/fs/ocfs2/inode.c b/fs/ocfs2/inode.c
> index a510a0eb1adc..d483e0c61d12 100644
> --- a/fs/ocfs2/inode.c
> +++ b/fs/ocfs2/inode.c
> @@ -1477,6 +1477,15 @@ int ocfs2_validate_inode_block(struct super_block *sb,
> goto bail;
> }
>
> + if ((le32_to_cpu(di->i_flags) & OCFS2_ORPHANED_FL) &&
> + ocfs2_read_links_count(di)) {
> + rc = ocfs2_error(sb,
> + "Invalid dinode #%llu: orphaned with %u links\n",
> + (unsigned long long)bh->b_blocknr,
> + ocfs2_read_links_count(di));
> + goto bail;
> + }
> +
> if (le32_to_cpu(di->i_fs_generation) !=
> OCFS2_SB(sb)->fs_generation) {
> rc = ocfs2_error(sb,
> --
> 2.54.0
>
>
More information about the lvc-project
mailing list