Re: [PATCH v2] ocfs2: validate bg_bits during freefrag scan

[ZhengYuan Huang]

On Fri, Apr 10, 2026 at 10:46 AM Joseph Qi <joseph.qi@xxxxxxxxxxxxxxxxx> wrote:
> Missing fixes tag:
> Fixes: d24a10b9f8ed ("Ocfs2: Add a new code 'OCFS2_INFO_FREEFRAG' for o2info ioctl.")
>
> > ---
> > v2:
> > - Use ocfs2_group_bitmap_size() instead of the on-disk bg_size field
> > - Clamp bg_bits to the computed bitmap capacity and continue scanning
> > ---
> >  fs/ocfs2/ioctl.c | 21 +++++++++++++++++++--
> >  1 file changed, 19 insertions(+), 2 deletions(-)
> >
> > diff --git a/fs/ocfs2/ioctl.c b/fs/ocfs2/ioctl.c
> > index b6864602814c..fa0ca014c6d5 100644
> > --- a/fs/ocfs2/ioctl.c
> > +++ b/fs/ocfs2/ioctl.c
> > @@ -441,7 +441,7 @@ static int ocfs2_info_freefrag_scan_chain(struct ocfs2_super *osb,
> >       struct buffer_head *bh = NULL;
> >       struct ocfs2_group_desc *bg = NULL;
> >
> > -     unsigned int max_bits, num_clusters;
> > +     unsigned int max_bits, max_bitmap_bits, num_clusters;
> >       unsigned int offset = 0, cluster, chunk;
> >       unsigned int chunk_free, last_chunksize = 0;
> >
> > @@ -474,11 +474,28 @@ static int ocfs2_info_freefrag_scan_chain(struct ocfs2_super *osb,
> >               }
> >
> >               bg = (struct ocfs2_group_desc *)bh->b_data;
> > +             max_bits = le16_to_cpu(bg->bg_bits);
> > +             max_bitmap_bits = 8U *
> > +                     ocfs2_group_bitmap_size(osb->sb, 1,
> > +                                             osb->s_feature_incompat);
>
> This is not right. It scans cluster allocator, not suballocator, so the
> second parameter for ocfs2_group_bitmap_size() should be 0 instead of 1.
>
> BTW, it seems we don't have to explictly mark it as unsigned int.
>
>
> > +
> > +             /*
> > +              * Non-coherent scans read raw blocks and do not get the
> > +              * bg_bits validation from
> > +              * ocfs2_read_group_descriptor().
> > +              */
> > +             if (max_bits > max_bitmap_bits) {
> > +                     mlog(ML_ERROR,
> > +                          "Group desc #%llu has %u bits, max bitmap bits %u\n",
> > +                          (unsigned long long)blkno,
> > +                          max_bits,
> > +                          max_bitmap_bits);
>
> Better to fold them into same line.
>
> Thanks,
> Joseph

Thanks for the review.

Fixed in the next version.

Best regards,
ZhengYuan Huang