diff options
| author | Wenjie Qi <qwjhust@gmail.com> | 2026-05-26 13:35:57 +0800 |
|---|---|---|
| committer | Jaegeuk Kim <jaegeuk@kernel.org> | 2026-06-22 19:52:36 +0000 |
| commit | 846c499a65816d13f1186e3090e825e8bb8bcb8b (patch) | |
| tree | 4c3538fcc23d591aef30428403978ae580df14be /include | |
| parent | 28ebb922b99d415e8bf51bf8b065a14fd7672167 (diff) | |
| download | ath-846c499a65816d13f1186e3090e825e8bb8bcb8b.tar.gz | |
f2fs: validate orphan inode entry count
f2fs_recover_orphan_inodes() trusts the orphan block entry_count when
replaying orphan inodes from the checkpoint pack. A corrupted entry_count
larger than F2FS_ORPHANS_PER_BLOCK makes the recovery loop read past the
ino[] array and interpret footer or following data as inode numbers.
On a crafted image, mounting an unpatched kernel can drive orphan recovery
into f2fs_bug_on() and panic the kernel. Validate entry_count before
consuming entries so corrupted checkpoint data fails the mount with
-EFSCORRUPTED and requests fsck instead.
Set ERROR_INCONSISTENT_ORPHAN as well, so the corruption reason can be
recorded in the superblock s_errors[] field. This gives fsck a persistent
hint even though mount-time orphan recovery failure may leave no chance to
persist SBI_NEED_FSCK through a checkpoint.
Cc: stable@kernel.org
Fixes: 127e670abfa7 ("f2fs: add checkpoint operations")
Signed-off-by: Wenjie Qi <qiwenjie@xiaomi.com>
Reviewed-by: Chao Yu <chao@kernel.org>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Diffstat (limited to 'include')
| -rw-r--r-- | include/linux/f2fs_fs.h | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/include/linux/f2fs_fs.h b/include/linux/f2fs_fs.h index 829a59399dacf..bb2b6cd5d5070 100644 --- a/include/linux/f2fs_fs.h +++ b/include/linux/f2fs_fs.h @@ -107,6 +107,7 @@ enum f2fs_error { ERROR_CORRUPTED_XATTR, ERROR_INVALID_NODE_REFERENCE, ERROR_INCONSISTENT_NAT, + ERROR_INCONSISTENT_ORPHAN, ERROR_MAX, }; |
