Re: [PATCH 0/3] ocfs2: harden inode validators against forged metadata

Next message: Roman Gushchin: "Re: sashiko-bot@xxxxxxxxxx's Cc list on reviews"
Previous message: John Groves: "[PATCH 1/6] dax: fix misleading comment about share/index union in dax_folio_reset_order()"
In reply to: Joseph Qi: "Re: [PATCH 2/3] ocfs2: reject dinodes whose i_rdev disagrees with the file type"
Next in thread: Michael Bommarito: "Re: [PATCH 0/3] ocfs2: harden inode validators against forged metadata"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Andrew Morton

Date: Mon May 18 2026 - 17:40:26 EST

On Sun, 17 May 2026 07:10:11 -0400 Michael Bommarito <michael.bommarito@xxxxxxxxx> wrote:

>
> This series adds three structural checks to
> ocfs2_validate_inode_block() that catch attacker-controlled bytes
> in a freshly read dinode before ocfs2_populate_inode() copies them
> verbatim into the in-core inode. All three checks fire on the
> mount, lookup, and read-after-cache-invalidation paths and reject
> the block with ocfs2_error(), the same error-propagation
> mechanism the existing suballoc-slot, inline-data, chain-list,
> and refcount checks use.

Thanks. Sashiko review might have found a few issues:
https://sashiko.dev/#/patchset/20260517111015.3187935-1-michael.bommarito@xxxxxxxxx