1. Patchew
  2. linux
  3. View series

[PATCH] Fix a drop_nlink warning in minix_rmdir

Jori Koolstra posted 1 patch 3 months, 1 week ago 
fs/minix/minix.h |  2 ++
fs/minix/namei.c | 26 ++++++++++++++++++--------
2 files changed, 20 insertions(+), 8 deletions(-)
[PATCH] Fix a drop_nlink warning in minix_rmdir
Posted by Jori Koolstra 3 months, 1 week ago 
Syzbot found a drop_nlink warning that is triggered by an easy to
detect nlink corruption of a directory. This patch adds a sanity check
to minix_rmdir to prevent the warning and instead return EFSCORRUPTED to
the caller.

The changes were tested using the syzbot reproducer as well as local
testing.

Signed-off-by: Jori Koolstra <jkoolstra@xs4all.nl>
Reported-by: syzbot+4e49728ec1cbaf3b91d2@syzkaller.appspotmail.com
Closes: https://syzbot.org/bug?extid=4e49728ec1cbaf3b91d2
---
 fs/minix/minix.h |  2 ++
 fs/minix/namei.c | 26 ++++++++++++++++++--------
 2 files changed, 20 insertions(+), 8 deletions(-)

diff --git a/fs/minix/minix.h b/fs/minix/minix.h
index d54273c3c9ff..ce62cb61186d 100644
--- a/fs/minix/minix.h
+++ b/fs/minix/minix.h
@@ -168,4 +168,6 @@ static inline int minix_test_bit(int nr, const void *vaddr)
 
 #endif
 
+#define EFSCORRUPTED	EUCLEAN		/* Filesystem is corrupted */
+
 #endif /* FS_MINIX_H */
diff --git a/fs/minix/namei.c b/fs/minix/namei.c
index 8938536d8d3c..a8d5a7e22b7b 100644
--- a/fs/minix/namei.c
+++ b/fs/minix/namei.c
@@ -161,15 +161,25 @@ static int minix_unlink(struct inode * dir, struct dentry *dentry)
 static int minix_rmdir(struct inode * dir, struct dentry *dentry)
 {
 	struct inode * inode = d_inode(dentry);
-	int err = -ENOTEMPTY;
-
-	if (minix_empty_dir(inode)) {
-		err = minix_unlink(dir, dentry);
-		if (!err) {
-			inode_dec_link_count(dir);
-			inode_dec_link_count(inode);
-		}
+	int err = -EFSCORRUPTED;
+
+	if (dir->i_nlink <= 2) {
+		printk(KERN_CRIT "minix-fs error: directory inode has "
+		       "corrupted nlink");
+		goto out;
 	}
+
+	err = -ENOTEMPTY;
+	if (!minix_empty_dir(inode))
+		goto out;
+
+	err = minix_unlink(dir, dentry);
+	if (!err) {
+		inode_dec_link_count(dir);
+		inode_dec_link_count(inode);
+ 	}
+
+out:
 	return err;
 }
 
-- 
2.51.1.dirty
Re: [PATCH] Fix a drop_nlink warning in minix_rmdir
Posted by Jan Kara 3 months ago 
On Sun 02-11-25 14:52:39, Jori Koolstra wrote:
> Syzbot found a drop_nlink warning that is triggered by an easy to
> detect nlink corruption of a directory. This patch adds a sanity check
> to minix_rmdir to prevent the warning and instead return EFSCORRUPTED to
> the caller.
> 
> The changes were tested using the syzbot reproducer as well as local
> testing.
> 
> Signed-off-by: Jori Koolstra <jkoolstra@xs4all.nl>
> Reported-by: syzbot+4e49728ec1cbaf3b91d2@syzkaller.appspotmail.com
> Closes: https://syzbot.org/bug?extid=4e49728ec1cbaf3b91d2

Looks good, just one nit below. With that fixed feel free to add:

Reviewed-by: Jan Kara <jack@suse.cz>

> diff --git a/fs/minix/namei.c b/fs/minix/namei.c
> index 8938536d8d3c..a8d5a7e22b7b 100644
> --- a/fs/minix/namei.c
> +++ b/fs/minix/namei.c
> @@ -161,15 +161,25 @@ static int minix_unlink(struct inode * dir, struct dentry *dentry)
>  static int minix_rmdir(struct inode * dir, struct dentry *dentry)
>  {
>  	struct inode * inode = d_inode(dentry);
> -	int err = -ENOTEMPTY;
> -
> -	if (minix_empty_dir(inode)) {
> -		err = minix_unlink(dir, dentry);
> -		if (!err) {
> -			inode_dec_link_count(dir);
> -			inode_dec_link_count(inode);
> -		}
> +	int err = -EFSCORRUPTED;
> +
> +	if (dir->i_nlink <= 2) {
> +		printk(KERN_CRIT "minix-fs error: directory inode has "
> +		       "corrupted nlink");

We usually print inode number (dir->i_ino) with such errors in minix.

								Honza
-- 
Jan Kara <jack@suse.com>
SUSE Labs, CR
Re: [PATCH] Fix a drop_nlink warning in minix_rmdir
Posted by Jori Koolstra 3 months ago 
Hello Jan,

> 
> Looks good, just one nit below. With that fixed feel free to add:
> 
> Reviewed-by: Jan Kara <jack@suse.cz>
> 

Will do. Question: I have fixed another syzbot bug report in minix_rename/unlink
and posted the patch. I figured that because they target different syzbot
reports, they should be separate patches. However, I forgot to add the
EFSCORRUPTED define in that patch (but did include it in the #syz test). What is
the best way to rectify that and add your suggestion to this patch? Or should it
be a single patch, or a series? I want to cause as little work as possible for
you and other maintainers.

Thanks,
Jori.
Re: [PATCH] Fix a drop_nlink warning in minix_rmdir
Posted by Jan Kara 3 months ago 
Hello Jori!

On Mon 03-11-25 14:21:48, Jori Koolstra wrote:
> > Looks good, just one nit below. With that fixed feel free to add:
> > 
> > Reviewed-by: Jan Kara <jack@suse.cz>
> 
> Will do. Question: I have fixed another syzbot bug report in minix_rename/unlink
> and posted the patch. I figured that because they target different syzbot
> reports, they should be separate patches. However, I forgot to add the
> EFSCORRUPTED define in that patch (but did include it in the #syz test). What is
> the best way to rectify that and add your suggestion to this patch? Or should it
> be a single patch, or a series? I want to cause as little work as possible for
> you and other maintainers.

The most natural would be to submit these two patches in a single series
since they are actually related.

								Honza
-- 
Jan Kara <jack@suse.com>
SUSE Labs, CR

Patchew 2.1-devel-b67e4c2

© 2016 - 2026 Red Hat, Inc.