From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Jan Kara <jack@suse.cz>,
syzbot+3ff7365dc04a6bcafa66@syzkaller.appspotmail.com,
Sasha Levin <sashal@kernel.org>,
jack@suse.com
Subject: [PATCH AUTOSEL 6.12 09/36] udf: Verify inode link counts before performing rename
Date: Wed, 11 Dec 2024 13:49:25 -0500 [thread overview]
Message-ID: <20241211185028.3841047-9-sashal@kernel.org> (raw)
In-Reply-To: <20241211185028.3841047-1-sashal@kernel.org>
From: Jan Kara <jack@suse.cz>
[ Upstream commit 6756af923e06aa33ad8894aaecbf9060953ba00f ]
During rename, we are updating link counts of various inodes either when
rename deletes target or when moving directory across directories.
Verify involved link counts are sane so that we don't trip warnings in
VFS.
Reported-by: syzbot+3ff7365dc04a6bcafa66@syzkaller.appspotmail.com
Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/udf/namei.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/fs/udf/namei.c b/fs/udf/namei.c
index 2be775d30ac10..2cb49b6b07168 100644
--- a/fs/udf/namei.c
+++ b/fs/udf/namei.c
@@ -791,8 +791,18 @@ static int udf_rename(struct mnt_idmap *idmap, struct inode *old_dir,
retval = -ENOTEMPTY;
if (!empty_dir(new_inode))
goto out_oiter;
+ retval = -EFSCORRUPTED;
+ if (new_inode->i_nlink != 2)
+ goto out_oiter;
}
+ retval = -EFSCORRUPTED;
+ if (old_dir->i_nlink < 3)
+ goto out_oiter;
is_dir = true;
+ } else if (new_inode) {
+ retval = -EFSCORRUPTED;
+ if (new_inode->i_nlink < 1)
+ goto out_oiter;
}
if (is_dir && old_dir != new_dir) {
retval = udf_fiiter_find_entry(old_inode, &dotdot_name,
--
2.43.0
next prev parent reply other threads:[~2024-12-11 18:50 UTC|newest]
Thread overview: 37+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-12-11 18:49 [PATCH AUTOSEL 6.12 01/36] watchdog: it87_wdt: add PWRGD enable quirk for Qotom QCML04 Sasha Levin
2024-12-11 18:49 ` [PATCH AUTOSEL 6.12 02/36] watchdog: rzg2l_wdt: Power on the watchdog domain in the restart handler Sasha Levin
2024-12-11 18:49 ` [PATCH AUTOSEL 6.12 03/36] Revert "watchdog: s3c2410_wdt: use exynos_get_pmu_regmap_by_phandle() for PMU regs" Sasha Levin
2024-12-11 18:49 ` [PATCH AUTOSEL 6.12 04/36] watchdog: mediatek: Add support for MT6735 TOPRGU/WDT Sasha Levin
2024-12-11 18:49 ` [PATCH AUTOSEL 6.12 05/36] watchdog: s3c2410_wdt: add support for exynosautov920 SoC Sasha Levin
2024-12-11 18:49 ` [PATCH AUTOSEL 6.12 06/36] scsi: qla1280: Fix hw revision numbering for ISP1020/1040 Sasha Levin
2024-12-11 18:49 ` [PATCH AUTOSEL 6.12 07/36] scsi: megaraid_sas: Fix for a potential deadlock Sasha Levin
2024-12-11 18:49 ` [PATCH AUTOSEL 6.12 08/36] udf: Skip parent dir link count update if corrupted Sasha Levin
2024-12-11 18:49 ` Sasha Levin [this message]
2024-12-11 18:49 ` [PATCH AUTOSEL 6.12 10/36] ALSA: ump: Don't open legacy substream for an inactive group Sasha Levin
2024-12-11 18:49 ` [PATCH AUTOSEL 6.12 11/36] ALSA: ump: Indicate the inactive group in legacy substream names Sasha Levin
2024-12-11 18:49 ` [PATCH AUTOSEL 6.12 12/36] ALSA: ump: Update legacy substream names upon FB info update Sasha Levin
2024-12-11 18:49 ` [PATCH AUTOSEL 6.12 13/36] ALSA: hda/conexant: fix Z60MR100 startup pop issue Sasha Levin
2024-12-11 18:49 ` [PATCH AUTOSEL 6.12 14/36] ALSA: sh: Use standard helper for buffer accesses Sasha Levin
2024-12-11 18:49 ` [PATCH AUTOSEL 6.12 15/36] smb: server: Fix building with GCC 15 Sasha Levin
2024-12-11 18:49 ` [PATCH AUTOSEL 6.12 16/36] regmap: Use correct format specifier for logging range errors Sasha Levin
2024-12-11 18:49 ` [PATCH AUTOSEL 6.12 17/36] LoongArch: Fix reserving screen info memory for above-4G firmware Sasha Levin
2024-12-11 18:49 ` [PATCH AUTOSEL 6.12 18/36] LoongArch/irq: Use seq_put_decimal_ull_width() for decimal values Sasha Levin
2024-12-11 19:14 ` Thomas Gleixner
2024-12-11 18:49 ` [PATCH AUTOSEL 6.12 19/36] LoongArch: BPF: Adjust the parameter of emit_jirl() Sasha Levin
2024-12-11 18:49 ` [PATCH AUTOSEL 6.12 20/36] platform/x86: asus-nb-wmi: Ignore unknown event 0xCF Sasha Levin
2024-12-11 18:49 ` [PATCH AUTOSEL 6.12 21/36] bpf: Zero index arg error string for dynptr and iter Sasha Levin
2024-12-11 18:49 ` [PATCH AUTOSEL 6.12 22/36] net: sched: fix ordering of qlen adjustment Sasha Levin
2024-12-11 18:49 ` [PATCH AUTOSEL 6.12 23/36] spi: intel: Add Panther Lake SPI controller support Sasha Levin
2024-12-11 18:49 ` [PATCH AUTOSEL 6.12 24/36] scsi: mpt3sas: Diag-Reset when Doorbell-In-Use bit is set during driver load time Sasha Levin
2024-12-11 18:49 ` [PATCH AUTOSEL 6.12 25/36] scsi: mpi3mr: Synchronize access to ioctl data buffer Sasha Levin
2024-12-11 18:49 ` [PATCH AUTOSEL 6.12 26/36] scsi: mpi3mr: Fix corrupt config pages PHY state is switched in sysfs Sasha Levin
2024-12-11 18:49 ` [PATCH AUTOSEL 6.12 27/36] scsi: mpi3mr: Start controller indexing from 0 Sasha Levin
2024-12-11 18:49 ` [PATCH AUTOSEL 6.12 28/36] scsi: mpi3mr: Handling of fault code for insufficient power Sasha Levin
2024-12-11 18:49 ` [PATCH AUTOSEL 6.12 29/36] scsi: storvsc: Do not flag MAINTENANCE_IN return of SRB_STATUS_DATA_OVERRUN as an error Sasha Levin
2024-12-11 18:49 ` [PATCH AUTOSEL 6.12 30/36] ACPI/IORT: Add PMCG platform information for HiSilicon HIP09A Sasha Levin
2024-12-11 18:49 ` [PATCH AUTOSEL 6.12 31/36] spi: omap2-mcspi: Fix the IS_ERR() bug for devm_clk_get_optional_enabled() Sasha Levin
2024-12-11 18:49 ` [PATCH AUTOSEL 6.12 32/36] drm/dp_mst: Ensure mst_primary pointer is valid in drm_dp_mst_handle_up_req() Sasha Levin
2024-12-11 18:49 ` [PATCH AUTOSEL 6.12 33/36] drm/dp_mst: Reset message rx state after OOM " Sasha Levin
2024-12-11 18:49 ` [PATCH AUTOSEL 6.12 34/36] virtio-blk: don't keep queue frozen during system suspend Sasha Levin
2024-12-11 18:49 ` [PATCH AUTOSEL 6.12 35/36] blk-mq: register cpuhp callback after hctx is added to xarray table Sasha Levin
2024-12-11 18:49 ` [PATCH AUTOSEL 6.12 36/36] blk-mq: move cpuhp callback registering out of q->sysfs_lock Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20241211185028.3841047-9-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=jack@suse.com \
--cc=jack@suse.cz \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
--cc=syzbot+3ff7365dc04a6bcafa66@syzkaller.appspotmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox