[PATCH 0/3] ocfs2: stop BUG_ON crashes in suballoc invalid-dinode paths

Next message: Andrew Morton: "Re: [PATCH v5 3/3] arm64,ppc64le/kdump: pass dm-crypt keys to kdump kernel"
Previous message: ZhengYuan Huang: "[PATCH 2/3] ocfs2: handle invalid dinode in claim_suballoc_bits"
Next in thread: ZhengYuan Huang: "[PATCH 1/3] ocfs2: handle invalid dinode in reserve_suballoc_bits"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: ZhengYuan Huang

Date: Fri Apr 03 2026 - 02:31:43 EST

commit 10995aa2451a ("ocfs2: Morph the haphazard
OCFS2_IS_VALID_DINODE() checks.") converted several OCFS2 dinode
corruption checks from graceful error handling to BUG_ON() under the
assumption that every caller only sees validated inode buffers.

That assumption does not always hold for JBD-managed buffers. The common
inode read path can still hand suballoc code an invalid dinode, which turns
crafted filesystem corruption into a kernel panic instead of a normal OCFS2
filesystem error.

This series restores graceful corruption handling at the three
independently reachable BUG_ON() sites in fs/ocfs2/suballoc.c:

1. reserve_suballoc_bits()
2. claim_suballoc_bits()
3. _ocfs2_free_suballoc_bits()

The series is split per crash site so each patch fixes one bug. A broader
follow-up could harden structural validation for JBD-managed inode reads,
but that change touches a much wider read-side contract and is kept out of
scope here.

ZhengYuan Huang (3):
ocfs2: handle invalid dinode in reserve_suballoc_bits
ocfs2: handle invalid dinode in claim_suballoc_bits
ocfs2: handle invalid dinode in _ocfs2_free_suballoc_bits

fs/ocfs2/suballoc.c | 33 +++++++++++++++++++++------------
1 file changed, 21 insertions(+), 12 deletions(-)

--
2.43.0