Re: [PATCH 0/3] ocfs2: stop BUG_ON crashes in suballoc invalid-dinode paths

Next message: Xu Kuohai: "[PATCH bpf-next v11 3/5] bpf: Add helper to detect indirect jump targets"
Previous message: buingoc67: "[PATCH 0/2] HID: multitouch: Add support for Dell Pro Rugged 12 Tablet RA02260"
In reply to: ZhengYuan Huang: "[PATCH 3/3] ocfs2: handle invalid dinode in _ocfs2_free_suballoc_bits"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Joseph Qi

Date: Fri Apr 03 2026 - 05:30:56 EST

On 4/3/26 2:30 PM, ZhengYuan Huang wrote:
> commit 10995aa2451a ("ocfs2: Morph the haphazard
> OCFS2_IS_VALID_DINODE() checks.") converted several OCFS2 dinode
> corruption checks from graceful error handling to BUG_ON() under the
> assumption that every caller only sees validated inode buffers.
>
> That assumption does not always hold for JBD-managed buffers. The common
> inode read path can still hand suballoc code an invalid dinode, which turns
> crafted filesystem corruption into a kernel panic instead of a normal OCFS2
> filesystem error.
>

When inode first read from disk, it will call ocfs2_validate_inode_block()
to validate if it is valid.
So it seems this is a code bug once the buffer is modified? Or how it
happens?

Thanks,
Joseph

> This series restores graceful corruption handling at the three
> independently reachable BUG_ON() sites in fs/ocfs2/suballoc.c:
>
> 1. reserve_suballoc_bits()
> 2. claim_suballoc_bits()
> 3. _ocfs2_free_suballoc_bits()
>
> The series is split per crash site so each patch fixes one bug. A broader
> follow-up could harden structural validation for JBD-managed inode reads,
> but that change touches a much wider read-side contract and is kept out of
> scope here.
>
> ZhengYuan Huang (3):
> ocfs2: handle invalid dinode in reserve_suballoc_bits
> ocfs2: handle invalid dinode in claim_suballoc_bits
> ocfs2: handle invalid dinode in _ocfs2_free_suballoc_bits
>
> fs/ocfs2/suballoc.c | 33 +++++++++++++++++++++------------
> 1 file changed, 21 insertions(+), 12 deletions(-)
>