1. Patchew
  2. linux
  3. View series

[PATCH] fs: minix: Fix handling of corrupted directories

Andrey Kriulin posted 1 patch 9 months, 1 week ago
There is a newer version of this series
fs/minix/namei.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
[PATCH] fs: minix: Fix handling of corrupted directories
Posted by Andrey Kriulin 9 months, 1 week ago 
If the directory is corrupted and the number of nlinks is less than 2 
(valid nlinks have at least 2), then when the directory is deleted, the
minix_rmdir will try to reduce the nlinks(unsigned int) to a negative
value.

Make nlinks validity check for directory in minix_lookup.

Found by Linux Verification Center (linuxtesting.org) with Syzkaller.

Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Cc: stable@vger.kernel.org
Signed-off-by: Andrey Kriulin <kitotavrik.media@gmail.com>
---
 fs/minix/namei.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/fs/minix/namei.c b/fs/minix/namei.c
index 8938536d8..5717a56fa 100644
--- a/fs/minix/namei.c
+++ b/fs/minix/namei.c
@@ -28,8 +28,13 @@ static struct dentry *minix_lookup(struct inode * dir, struct dentry *dentry, un
 		return ERR_PTR(-ENAMETOOLONG);
 
 	ino = minix_inode_by_name(dentry);
-	if (ino)
+	if (ino) {
 		inode = minix_iget(dir->i_sb, ino);
+		if (S_ISDIR(inode->i_mode) && inode->i_nlink < 2) {
+			iput(inode);
+			return ERR_PTR(-EIO);
+		}
+	}
 	return d_splice_alias(inode, dentry);
 }
 
-- 
2.47.2
Re: [PATCH] fs: minix: Fix handling of corrupted directories
Posted by Matthew Wilcox 9 months, 1 week ago 
On Fri, May 02, 2025 at 07:50:57PM +0300, Andrey Kriulin wrote:
> If the directory is corrupted and the number of nlinks is less than 2 

... so should it be EIO or EFSCORRUPTED?
Re: [PATCH] fs: minix: Fix handling of corrupted directories
Posted by Jan Kara 9 months, 1 week ago 
On Fri 02-05-25 18:27:08, Matthew Wilcox wrote:
> On Fri, May 02, 2025 at 07:50:57PM +0300, Andrey Kriulin wrote:
> > If the directory is corrupted and the number of nlinks is less than 2 
> 
> ... so should it be EIO or EFSCORRUPTED?

Well, EFSCORRUPTED is an internal define (to EUCLEAN) local to several
filesystems. So we'd need to lift that define to a generic code first.

								Honza
-- 
Jan Kara <jack@suse.com>
SUSE Labs, CR
Re: [PATCH] fs: minix: Fix handling of corrupted directories
Posted by Al Viro 9 months, 1 week ago 
On Fri, May 02, 2025 at 07:50:57PM +0300, Andrey Kriulin wrote:
> If the directory is corrupted and the number of nlinks is less than 2 
> (valid nlinks have at least 2), then when the directory is deleted, the
> minix_rmdir will try to reduce the nlinks(unsigned int) to a negative
> value.
> 
> Make nlinks validity check for directory in minix_lookup.
 
Not sure it's a good mitigation strategy - if nothing else, doing that
on r/o filesystem is clear loss...

Patchew 2.1-devel-b67e4c2

© 2016 - 2026 Red Hat, Inc.