aboutsummaryrefslogtreecommitdiffstats
path: root/include
diff options
authorWenjie Qi <qwjhust@gmail.com>2026-05-26 13:35:57 +0800
committerJaegeuk Kim <jaegeuk@kernel.org>2026-06-22 19:52:36 +0000
commit846c499a65816d13f1186e3090e825e8bb8bcb8b (patch)
tree4c3538fcc23d591aef30428403978ae580df14be /include
parent28ebb922b99d415e8bf51bf8b065a14fd7672167 (diff)
downloadath-846c499a65816d13f1186e3090e825e8bb8bcb8b.tar.gz
f2fs: validate orphan inode entry count
f2fs_recover_orphan_inodes() trusts the orphan block entry_count when replaying orphan inodes from the checkpoint pack. A corrupted entry_count larger than F2FS_ORPHANS_PER_BLOCK makes the recovery loop read past the ino[] array and interpret footer or following data as inode numbers. On a crafted image, mounting an unpatched kernel can drive orphan recovery into f2fs_bug_on() and panic the kernel. Validate entry_count before consuming entries so corrupted checkpoint data fails the mount with -EFSCORRUPTED and requests fsck instead. Set ERROR_INCONSISTENT_ORPHAN as well, so the corruption reason can be recorded in the superblock s_errors[] field. This gives fsck a persistent hint even though mount-time orphan recovery failure may leave no chance to persist SBI_NEED_FSCK through a checkpoint. Cc: stable@kernel.org Fixes: 127e670abfa7 ("f2fs: add checkpoint operations") Signed-off-by: Wenjie Qi <qiwenjie@xiaomi.com> Reviewed-by: Chao Yu <chao@kernel.org> Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Diffstat (limited to 'include')
-rw-r--r--include/linux/f2fs_fs.h1
1 files changed, 1 insertions, 0 deletions
diff --git a/include/linux/f2fs_fs.h b/include/linux/f2fs_fs.h
index 829a59399dacf..bb2b6cd5d5070 100644
--- a/include/linux/f2fs_fs.h
+++ b/include/linux/f2fs_fs.h
@@ -107,6 +107,7 @@ enum f2fs_error {
ERROR_CORRUPTED_XATTR,
ERROR_INVALID_NODE_REFERENCE,
ERROR_INCONSISTENT_NAT,
+ ERROR_INCONSISTENT_ORPHAN,
ERROR_MAX,
};