From nobody Tue Dec 2 00:25:45 2025 Received: from mail-pf1-f180.google.com (mail-pf1-f180.google.com [209.85.210.180]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 201753148C4 for ; Tue, 25 Nov 2025 11:07:10 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.210.180 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1764068832; cv=none; b=R2Fq1pJf95MJWaboidciPfbK4mGl69eeZ9aNNq+hUyiYz0dUAxziRYbApzfsDtwo3jSi1wttDKcGSmInmM8rWug9AqSkguRP2pVtXRee11kcRBT8Yz7NHMeYJDmEVYAFdVeR0Rkp9gZ3jjX6Pxu3iQvxNAJNsJ7lhLJEkrcMkRk= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1764068832; c=relaxed/simple; bh=ZddRobZkNQIsdKtZOmmyL6mwfTBCgKXxoI3zgPj3KoY=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=mtqZFS7l7Zu40Ag+v2hvTKfL8TnsWlerVsMOFvmwdesWZFSesaOgCcn/Na8nWKwaRhwQhbFB86myf6tFPsSgl8YT65up49Fqi1CLSN8+z/P6sCkhr7fv1OuUzuidRfSgQa0Qp+kfGrmDO84Zey2LI6ZPopOnBSwYzNQtRxAIYhw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=PK5Sl/t6; arc=none smtp.client-ip=209.85.210.180 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="PK5Sl/t6" Received: by mail-pf1-f180.google.com with SMTP id d2e1a72fcca58-7b9a98b751eso4262246b3a.1 for ; Tue, 25 Nov 2025 03:07:10 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1764068830; x=1764673630; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=PAooKkpCVcqdiCb1AlPDNbk/qCMgMtFjwSDBb0VRe34=; b=PK5Sl/t6c1qoBj3e5TcIU6TaktmlLkqJX9DNwHvw+AiL4Pl/LtWcEOd6FJ4DPOnyvw Dy5biCDaAwEWWtsCF/qPy0f4ACLqhUzdBVH0Tyc1DqUyzjpoq+IUg06eUIDxaI8CDH/U q75tg+xcCPBXeQvmFSDGKTrXp9Kx1Z2XpgkBdbugIBgONBMNCnfDyf6yAWSfBa9Gf1mS y4hWUSWqRkyNXzhMCcWbtMcXZRblVNbNPz9wF4GVKjh55q1zkH5zX1g71/7aA7L4cubx QEsKpDKsgw9Jsbg5lpI7roMefEulM7miBvBXqrr0xo19WY0EUnBGvqbmQ26ROMNaYG2I t4GA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1764068830; x=1764673630; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=PAooKkpCVcqdiCb1AlPDNbk/qCMgMtFjwSDBb0VRe34=; b=L2M2CQJlQAvhVZGBV5SJLTeqZZjh1gx1rwi+4b+7yhKfwq9gVVDNNuknprDj4BrzaR AuqIsbRvHt7FfEY3G1pDCoY1cA3YvtCLsm3PGtIy5Aj9gr3AQI6gREY4t6m+V5yGjIuB GeGkJfLYQFwbZ3213SUT3i2pbPdNrJF2AiHmPftVfsWCRb25odvJEx5SbTUnDT/2uBdd FIEGzTrF9b/M0ng1/DEpdze9TWsvFfX5byUQaF2IV5FaQVJFbaHIxs/B2LItXThO3BA5 MEquwO5+nvI4qNX8tM4YfUYU7qJqaJdoHbny0YjROGXhbhRKh3U3E35i1G9bV7OIJaEC bvBw== X-Forwarded-Encrypted: i=1; AJvYcCXKW8GrheCUzkZl2M/6QniYwRwNTdxT7PXcLr+45CqCfBBJfovEQDYZABSPAe+L07CGtFj0NL7lg2tcP7g=@vger.kernel.org X-Gm-Message-State: AOJu0YxOyvzUXJxMG0jdxz1Ox+ls5VoYqdjjU6ESc6inwLSTEl5Idpls DczsZEZLswGpehS0TFCVqmCrKGUJftXqs2xMzVRKwBPymVY2qzJWoT6m X-Gm-Gg: ASbGncvSbtqE171mLm0BG4gmGuu9Nx3LqHLnOTtyqyZRgvDZnGcklM+6FGKVWwzjf0H 842qc6P7zhYKPVdFvcgFq/HAr/AJGiD68tCs6UyodHdOQVcWTEx2ciK2PTdvUmYxR2BpnlIf3rB RUR0PhT5XaqKPqunpG0BbCY2piOsjCvGvYbtooQ1NDneKqyxLqEquELP9ywGRo2yvh8FlBnJuuK 917u8tPCbtGMCQAO45RqCAtc2webWkgK8+C2uPxyOchJvNxpZ/DxomsyvrjTthcsaYOCEdY3Wgl /TV5lpR0UESj29lJ6RKhKQYj/OX0P5q20+/JFhigxJo/6ajCs+TyHdI1ZDFUegFDP65Fjq70r/a vP2kJTNNlerqrIcMr8oYYYrKke2g/nWM8kb/v7U3Uza87j+GtMlvLv6ipoEbgVcSL8vHYIwEJyN 9I99zPpB0= X-Google-Smtp-Source: AGHT+IEa2r/ERgQWSKMF1DXTmdYOu1hn/4T3+MrVqq8fQ6rso/F4lJCtoyu26Q7d/n603A1/v1MC5w== X-Received: by 2002:a05:6a00:3e0b:b0:7ac:1444:6779 with SMTP id d2e1a72fcca58-7ca8946d2c7mr2106251b3a.11.1764068830336; Tue, 25 Nov 2025 03:07:10 -0800 (PST) Received: from hsukr3.. ([2405:201:d019:4042:c1a3:cd97:974e:2371]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-7c3f145845csm17743758b3a.61.2025.11.25.03.07.06 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 25 Nov 2025 03:07:09 -0800 (PST) From: Sukrut Heroorkar To: Jan Kara , linux-kernel@vger.kernel.org (open list) Cc: shuah@kernel.org, david.hunter.linux@gmail.com, Jan Kara , syzbot+3ff7365dc04a6bcafa66@syzkaller.appspotmail.com, syzbot+99bb36d7a3ea562b950e@syzkaller.appspotmail.com, Sukrut Heroorkar Subject: [PATCH 5.15.y 2/2] udf: Verify inode link counts before performing rename Date: Tue, 25 Nov 2025 16:36:37 +0530 Message-ID: <20251125110638.15758-3-hsukrut3@gmail.com> X-Mailer: git-send-email 2.43.0 In-Reply-To: <20251125110638.15758-1-hsukrut3@gmail.com> References: <20251125110638.15758-1-hsukrut3@gmail.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Jan Kara [ Upstream commit 6756af923e06aa33ad8894aaecbf9060953ba00f ] During rename, we are updating link counts of various inodes either when rename deletes target or when moving directory across directories. Verify involved link counts are sane so that we don't trip warnings in VFS. Reported-by: syzbot+3ff7365dc04a6bcafa66@syzkaller.appspotmail.com Signed-off-by: Jan Kara Tested-by: syzbot+99bb36d7a3ea562b950e@syzkaller.appspotmail.com Signed-off-by: Sukrut Heroorkar --- fs/udf/namei.c | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/fs/udf/namei.c b/fs/udf/namei.c index f4aded54a994..cb98f2d88f40 100644 --- a/fs/udf/namei.c +++ b/fs/udf/namei.c @@ -773,8 +773,18 @@ static int udf_rename(struct user_namespace *mnt_usern= s, struct inode *old_dir, retval =3D -ENOTEMPTY; if (!empty_dir(new_inode)) goto out_oiter; + retval =3D -EFSCORRUPTED; + if (new_inode->i_nlink !=3D 2) + goto out_oiter; } + retval =3D -EFSCORRUPTED; + if (old_dir->i_nlink < 3) + goto out_oiter; is_dir =3D true; + } else if (new_inode) { + retval =3D -EFSCORRUPTED; + if (new_inode->i_nlink < 1) + goto out_oiter; } if (is_dir && old_dir !=3D new_dir) { retval =3D udf_fiiter_find_entry(old_inode, &dotdot_name, --=20 2.43.0