On 5/26/26 13:35, Wenjie Qi wrote:
> f2fs_recover_orphan_inodes() trusts the orphan block entry_count when
> replaying orphan inodes from the checkpoint pack. A corrupted entry_count
> larger than F2FS_ORPHANS_PER_BLOCK makes the recovery loop read past the
> ino[] array and interpret footer or following data as inode numbers.
>
> On a crafted image, mounting an unpatched kernel can drive orphan recovery
> into f2fs_bug_on() and panic the kernel. Validate entry_count before
> consuming entries so corrupted checkpoint data fails the mount with
> -EFSCORRUPTED and requests fsck instead.
>
> Set ERROR_INCONSISTENT_ORPHAN as well, so the corruption reason can be
> recorded in the superblock s_errors[] field. This gives fsck a persistent
> hint even though mount-time orphan recovery failure may leave no chance to
> persist SBI_NEED_FSCK through a checkpoint.
>
> Fixes: 127e670abfa7 ("f2fs: add checkpoint operations")
> Cc: [email protected]
> Signed-off-by: Wenjie Qi <[email protected]>
Reviewed-by: Chao Yu <[email protected]>
Thanks,
_______________________________________________
Linux-f2fs-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
