Re: [PATCH v2] f2fs: validate orphan inode entry count

Next message: Tetsuo Handa: "Re: [PATCH] wifi: ath6kl: fix invalid workqueue flags in ath6kl_usb_create()"
Previous message: Denis Efremov (Oracle): "Re: [PATCH v1] floppy: Drop unused pnp driver data"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Chao Yu

Date: Wed Jun 10 2026 - 07:09:04 EST

On 5/26/26 13:35, Wenjie Qi wrote:
> f2fs_recover_orphan_inodes() trusts the orphan block entry_count when
> replaying orphan inodes from the checkpoint pack. A corrupted entry_count
> larger than F2FS_ORPHANS_PER_BLOCK makes the recovery loop read past the
> ino[] array and interpret footer or following data as inode numbers.
>
> On a crafted image, mounting an unpatched kernel can drive orphan recovery
> into f2fs_bug_on() and panic the kernel. Validate entry_count before
> consuming entries so corrupted checkpoint data fails the mount with
> -EFSCORRUPTED and requests fsck instead.
>
> Set ERROR_INCONSISTENT_ORPHAN as well, so the corruption reason can be
> recorded in the superblock s_errors[] field. This gives fsck a persistent
> hint even though mount-time orphan recovery failure may leave no chance to
> persist SBI_NEED_FSCK through a checkpoint.
>
> Fixes: 127e670abfa7 ("f2fs: add checkpoint operations")
> Cc: stable@xxxxxxxxxx
> Signed-off-by: Wenjie Qi <qiwenjie@xxxxxxxxxx>

Reviewed-by: Chao Yu <chao@xxxxxxxxxx>

Thanks,