From patchwork Tue Dec 30 20:51:45 2025
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Simon Glass <sjg@u-boot.org>
X-Patchwork-Id: 1117
Return-Path: <concept-bounces+u-boot-concept=u-boot.org@u-boot.org>
X-Original-To: u-boot-concept@u-boot.org
Delivered-To: u-boot-concept@u-boot.org
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=u-boot.org;
	s=default; t=1767127965;
	bh=hJgVPFtuitzSqbTW5XT6SvJnenZ+qWoF9kAXVqq7y9k=;
	h=From:To:Date:In-Reply-To:References:CC:Subject:List-Id:
	 List-Archive:List-Help:List-Owner:List-Post:List-Subscribe:
	 List-Unsubscribe:From;
	b=IZbv9iOztYD2m8n1UuTQI1lUaIePJv9eHbtxvoOGUayDusGbIXTE/oAS02MQNThfc
	 vRUmkvxcmVR8GhZj8lYH3eLrujq8eEhiaHFlQkg/cOhziPDMjdYbqzBWIyW9eX7z+j
	 zavVPeL+4zcwPzILZZpDRQziy/wAI91E/cS01FhBmMAQWi0sLpzLY+eknqhi5JinYR
	 GfhxaUyvxBBS6EOaJqcLk63lgVymK8wHthumOu5hy7ZF/3VnPb9AcGgB/5oK5iYUNL
	 yc8e8ShNDrledz/b0XPYUOj8whQKMrQK9fuIosILL2IkYap2sSqhBQLU21UvZVYdZI
	 E65IHsuTRhdww==
Received: from localhost (localhost [127.0.0.1])
	by mail.u-boot.org (Postfix) with ESMTP id 6E5EB68F80
	for <u-boot-concept@u-boot.org>; Tue, 30 Dec 2025 13:52:45 -0700 (MST)
X-Virus-Scanned: Debian amavis at 
Received: from mail.u-boot.org ([127.0.0.1])
 by localhost (mail.u-boot.org [127.0.0.1]) (amavis, port 10024) with ESMTP
 id WZe6GowAA8tQ for <u-boot-concept@u-boot.org>;
 Tue, 30 Dec 2025 13:52:45 -0700 (MST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=u-boot.org;
	s=default; t=1767127965;
	bh=hJgVPFtuitzSqbTW5XT6SvJnenZ+qWoF9kAXVqq7y9k=;
	h=From:To:Date:In-Reply-To:References:CC:Subject:List-Id:
	 List-Archive:List-Help:List-Owner:List-Post:List-Subscribe:
	 List-Unsubscribe:From;
	b=IZbv9iOztYD2m8n1UuTQI1lUaIePJv9eHbtxvoOGUayDusGbIXTE/oAS02MQNThfc
	 vRUmkvxcmVR8GhZj8lYH3eLrujq8eEhiaHFlQkg/cOhziPDMjdYbqzBWIyW9eX7z+j
	 zavVPeL+4zcwPzILZZpDRQziy/wAI91E/cS01FhBmMAQWi0sLpzLY+eknqhi5JinYR
	 GfhxaUyvxBBS6EOaJqcLk63lgVymK8wHthumOu5hy7ZF/3VnPb9AcGgB/5oK5iYUNL
	 yc8e8ShNDrledz/b0XPYUOj8whQKMrQK9fuIosILL2IkYap2sSqhBQLU21UvZVYdZI
	 E65IHsuTRhdww==
Received: from mail.u-boot.org (localhost [127.0.0.1])
	by mail.u-boot.org (Postfix) with ESMTP id 5C8A768C0D
	for <u-boot-concept@u-boot.org>; Tue, 30 Dec 2025 13:52:45 -0700 (MST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=u-boot.org;
	s=default; t=1767127963;
	bh=SuD9xUko0LIASnokLY2KPabe7wF64b3lOBNMuip2t/Q=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
	b=nljO2OlZaU3ebdwJnQoixQwsslIJip6h8VA4XzdYvwyt08EqKHJfI2cJBP36y47Y6
	 o0O8+qekipm4tzgZ1puX3KDn4WcDo/lrcJNoJvvPnq/rwYsJS6dGBLXVqMpSrq/aMr
	 nXmCO1uaVWIhD+iFm5QGkpTg3L++qJ5++KydruRGitxcRNysjV6FTcunclCd4mfBZB
	 Q2RRMwH0kZGaAJoRBUJUVF8QSLR4neBt2gZwTH4uX4W8TLbNRF+ONMduU+4cjd1g0q
	 TO0LWeRS2NsFy5Y2tWYeHWI8v8vsRERWjkErVKyzHiMt6rBNSpc6bN46prtPxacEZV
	 L/juwTl0S/teA==
Received: from localhost (localhost [127.0.0.1])
	by mail.u-boot.org (Postfix) with ESMTP id 5672368C0D;
	Tue, 30 Dec 2025 13:52:43 -0700 (MST)
X-Virus-Scanned: Debian amavis at 
Received: from mail.u-boot.org ([127.0.0.1])
 by localhost (mail.u-boot.org [127.0.0.1]) (amavis, port 10026) with ESMTP
 id HEqwBFT5TEmq; Tue, 30 Dec 2025 13:52:43 -0700 (MST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=u-boot.org;
	s=default; t=1767127958;
	bh=8wNpT0l5sRIQdqAiphXUjaEhRVemP8HKbqy57cc3mnA=;
	h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
	b=F+38klTTx0knCchPs0piclvgYbuVsBAQXcYIA2Yg9EroqKg3Uyc3RrWHaSbLmT+as
	 lgDfZZzHK/WIaVnNmgo2onuVwvayIVuUY++v284RJ/QGMbWpZJyljzcjtAdGsHyzfx
	 bAvRf+fmiaiAwaeBVG3VY4p0cAwUD0Gv3TEP93k1Bwh8MWP3vBtbadO08odY7liN/W
	 Py5AQvV4Fkkvfz6CX4AwliHyA9r6er6FfxePvLhaWRx76N8yKyxj9rz5XuymyPVxOq
	 iomM3tsxUZ+U5B0EbfCAYpIyYHRDt7dSTIvsfzFYYQXvoW4KpJuyMOiheRjYFGS9dD
	 7DPdRLifLXFQg==
Received: from u-boot.org (unknown [73.34.74.121])
	by mail.u-boot.org (Postfix) with ESMTPSA id 92E2864C8A;
	Tue, 30 Dec 2025 13:52:38 -0700 (MST)
From: Simon Glass <sjg@u-boot.org>
To: U-Boot Concept <concept@u-boot.org>
Date: Tue, 30 Dec 2025 13:51:45 -0700
Message-ID: <20251230205157.3383926-9-sjg@u-boot.org>
X-Mailer: git-send-email 2.43.0
In-Reply-To: <20251230205157.3383926-1-sjg@u-boot.org>
References: <20251230205157.3383926-1-sjg@u-boot.org>
MIME-Version: 1.0
Message-ID-Hash: XDAHBZN4OO53YZPK3UHHJLFPDJPV74KU
X-Message-ID-Hash: XDAHBZN4OO53YZPK3UHHJLFPDJPV74KU
X-MailFrom: sjg@u-boot.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop;
 banned-address; emergency; member-moderation; nonmember-moderation;
 administrivia; implicit-dest; max-recipients; max-size; news-moderation;
 no-subject; digests; suspicious-header
CC: Simon Glass <simon.glass@canonical.com>,
 "Claude Opus 4 . 5" <noreply@anthropic.com>
X-Mailman-Version: 3.3.10
Precedence: list
Subject: [Concept] [PATCH 08/14] linux: jbd2: Add validation in
 jbd2_journal_write_metadata_buffer
List-Id: Discussion and patches related to U-Boot Concept <concept.u-boot.org>
Archived-At: 
 <https://lists.u-boot.org/archives/list/concept@u-boot.org/message/XDAHBZN4OO53YZPK3UHHJLFPDJPV74KU/>
List-Archive: <https://lists.u-boot.org/archives/list/concept@u-boot.org/>
List-Help: <mailto:concept-request@u-boot.org?subject=help>
List-Owner: <mailto:concept-owner@u-boot.org>
List-Post: <mailto:concept@u-boot.org>
List-Subscribe: <mailto:concept-join@u-boot.org>
List-Unsubscribe: <mailto:concept-leave@u-boot.org>

From: Simon Glass <simon.glass@canonical.com>

When debugging journal corruption issues, invalid journal_head or
buffer_head pointers can cause crashes that are difficult to diagnose.

Add explicit validation of jh_in and its associated buffer_head at the
start of jbd2_journal_write_metadata_buffer() to catch corruption early
and provide useful debug output rather than crashing with a SIGSEGV.

Co-developed-by: Claude Opus 4.5 <noreply@anthropic.com>
Signed-off-by: Simon Glass <simon.glass@canonical.com>
---

 fs/jbd2/journal.c | 24 +++++++++++++++++++++++-
 1 file changed, 23 insertions(+), 1 deletion(-)

diff --git a/fs/jbd2/journal.c b/fs/jbd2/journal.c
index 0cd95df8192..138b650fae9 100644
--- a/fs/jbd2/journal.c
+++ b/fs/jbd2/journal.c
@@ -305,9 +305,31 @@ int jbd2_journal_write_metadata_buffer(transaction_t *transaction,
 	struct buffer_head *new_bh;
 	struct folio *new_folio;
 	unsigned int new_offset;
-	struct buffer_head *bh_in = jh2bh(jh_in);
+	struct buffer_head *bh_in;
 	journal_t *journal = transaction->t_journal;
 
+#ifdef __UBOOT__
+	/* Validate jh_in before dereferencing */
+	if (!jh_in || !jh_in->b_bh) {
+		printf("jbd2: ERROR: invalid jh_in=%p b_bh=%p\n",
+		       jh_in, jh_in ? jh_in->b_bh : NULL);
+		return -EIO;
+	}
+#endif
+	bh_in = jh2bh(jh_in);
+#ifdef __UBOOT__
+	/* Additional validation for buffer head */
+	if (!bh_in->b_folio || !bh_in->b_blocknr) {
+		printf("jbd2: ERROR: bh=%p folio=%p blocknr=%llu b_data=%p b_count=%d\n",
+		       bh_in, bh_in->b_folio, (unsigned long long)bh_in->b_blocknr,
+		       bh_in->b_data, atomic_read(&bh_in->b_count));
+		printf("jbd2: ERROR: jh=%p b_jlist=%d b_jcount=%d b_next=%p\n",
+		       jh_in, jh_in->b_jlist, jh_in->b_jcount,
+		       jh_in->b_tnext);
+		return -EIO;
+	}
+#endif
+
 	/*
 	 * The buffer really shouldn't be locked: only the current committing
 	 * transaction is allowed to write it, so nobody else is allowed