[PATCH v2] hfs: return -EFSCORRUPTED instead of BUG() in hfs_write_inode()

[David Maximiliano Hermitte]

hfs: return -EFSCORRUPTED instead of BUG() in hfs_write_inode()

A corrupted or otherwise malformed HFS filesystem image can reach the
default case in hfs_write_inode(). The current code calls BUG() there,
which turns an on-disk filesystem condition into a kernel crash.

Return -EFSCORRUPTED instead. This reports filesystem metadata
corruption consistently with other major filesystems while avoiding a
reachable kernel BUG.

The issue is reproducible with the public syzbot C reproducer linked
below. Before this change, the reproducer triggers a kernel BUG at
fs/hfs/inode.c with RIP in hfs_write_inode(). After this change, the
same reproducer no longer triggers kernel BUG, hfs_write_inode, KASAN,
Oops, Call Trace, or RIP evidence in the validation window.

Reported-by: syzbot+97e301b4b82ae803d21b@xxxxxxxxxxxxxxxxxxxxxxxxx
Closes: https://syzkaller.appspot.com/bug?extid=97e301b4b82ae803d21b
Tested-by: David Maximiliano Hermitte <davemadmaxxx@xxxxxxxxx>
Signed-off-by: David Maximiliano Hermitte <davemadmaxxx@xxxxxxxxx>
---
Changes in v2:
- Return -EFSCORRUPTED for metadata corruption, as suggested by Darrick.

 fs/hfs/inode.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/fs/hfs/inode.c b/fs/hfs/inode.c
index 89b33a9d46d5..4192f660b64f 100644
--- a/fs/hfs/inode.c
+++ b/fs/hfs/inode.c
@@ -471,7 +471,6 @@ int hfs_write_inode(struct inode *inode, struct writeback_control *wbc)
 			hfs_btree_write(HFS_SB(inode->i_sb)->cat_tree);
 			return 0;
 		default:
-			BUG();
-			return -EIO;
+			return -EFSCORRUPTED;
 		}
 	}