The quilt patch titled Subject: ocfs2: add chain list sanity check to ocfs2_block_group_alloc() has been removed from the -mm tree. Its filename was ocfs2-add-chain-list-sanity-check-to-ocfs2_block_group_alloc.patch
This patch was dropped because an updated version will be issued
------------------------------------------------------ From: Dmitry Antipov dmantipov@yandex.ru Subject: ocfs2: add chain list sanity check to ocfs2_block_group_alloc() Date: Thu, 16 Oct 2025 11:46:53 +0300
Fix a UBSAN error:
UBSAN: array-index-out-of-bounds in fs/ocfs2/suballoc.c:380:22 index 0 is out of range for type 'struct ocfs2_chain_rec[] __counted_by(cl_count)' (aka 'struct ocfs2_chain_rec[]')
In 'ocfs2_block_group_alloc()', add an extra check whether the maximum amount of chain records in 'struct ocfs2_chain_list' matches the value calculated based on the filesystem block size.
Link: https://lkml.kernel.org/r/20251016084653.59686-1-dmantipov@yandex.ru Reported-by: syzbot+77026564530dbc29b854@syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=77026564530dbc29b854 Signed-off-by: Dmitry Antipov dmantipov@yandex.ru Reviewed-by: Heming Zhao heming.zhao@suse.com Cc: Joseph Qi jiangqi903@gmail.com Cc: Mark Fasheh mark@fasheh.com Cc: Joel Becker jlbec@evilplan.org Cc: Junxiao Bi junxiao.bi@oracle.com Cc: Changwei Ge gechangwei@live.cn Cc: Jun Piao piaojun@huawei.com Cc: stable@vger.kernel.org Signed-off-by: Andrew Morton akpm@linux-foundation.org ---
fs/ocfs2/suballoc.c | 5 +++++ 1 file changed, 5 insertions(+)
--- a/fs/ocfs2/suballoc.c~ocfs2-add-chain-list-sanity-check-to-ocfs2_block_group_alloc +++ a/fs/ocfs2/suballoc.c @@ -671,6 +671,11 @@ static int ocfs2_block_group_alloc(struc BUG_ON(ocfs2_is_cluster_bitmap(alloc_inode));
cl = &fe->id2.i_chain; + if (le16_to_cpu(cl->cl_count) != ocfs2_chain_recs_per_inode(osb->sb)) { + status = -EINVAL; + goto bail; + } + status = ocfs2_reserve_clusters_with_limit(osb, le16_to_cpu(cl->cl_cpg), max_block, flags, &ac); _
Patches currently in -mm which might be from dmantipov@yandex.ru are
ocfs2-add-extra-flags-check-in-ocfs2_ioctl_move_extents.patch ocfs2-relax-bug-to-ocfs2_error-in-__ocfs2_move_extent.patch ocfs2-annotate-flexible-array-members-with-__counted_by_le.patch ocfs2-annotate-flexible-array-members-with-__counted_by_le-fix.patch ocfs2-add-extra-consistency-check-to-ocfs2_dx_dir_lookup_rec.patch ocfs2-add-directory-size-check-to-ocfs2_find_dir_space_id.patch