From nobody Tue Feb 10 21:59:25 2026 Received: from mail-qk1-f179.google.com (mail-qk1-f179.google.com [209.85.222.179]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 100082F6181 for ; Sun, 8 Feb 2026 18:51:25 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.222.179 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1770576686; cv=none; b=PH/ANKO9Vp9flH3NcexgUCAdqfBomk66GObvkVlk7NE/Pi1pEu7jp1t0Gj4Y2N4Zy2E2jKoD9gcrXRhC4VTJewVORLSA0glCl/JKVzlO6CzcZPRps48WlQQQnsRUWBOdUK5MnyF7GwTAgOxpVXTzzLFaVo+97eckHOCiRPC+E60= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1770576686; c=relaxed/simple; bh=8SwXQkDlwS/NKDYhEjU7bXOZfJ76z3chy+Bb+T+6y6U=; h=From:To:Cc:Subject:Date:Message-Id:MIME-Version; b=o1v3uELcJly+ojceiYmJAcl6Z15OE2pzhQ97BGZmEZ/vYYnmmjbDHrS+9NLmPO1e057dCA61YUaQkPRw2TxvFhCXvJvvUwzX4xgqySAAOWiXE3X9U+G/dRjiGviHPlljnPT3y6o2jjdIgEcWZ8I0BELAKg5HnwVZzxS72aj5w+Y= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=u.northwestern.edu; spf=pass smtp.mailfrom=u.northwestern.edu; dkim=pass (2048-bit key) header.d=u-northwestern-edu.20230601.gappssmtp.com header.i=@u-northwestern-edu.20230601.gappssmtp.com header.b=iVP0qjqL; arc=none smtp.client-ip=209.85.222.179 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=u.northwestern.edu Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=u.northwestern.edu Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=u-northwestern-edu.20230601.gappssmtp.com header.i=@u-northwestern-edu.20230601.gappssmtp.com header.b="iVP0qjqL" Received: by mail-qk1-f179.google.com with SMTP id af79cd13be357-8c710439535so247387485a.1 for ; Sun, 08 Feb 2026 10:51:25 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=u-northwestern-edu.20230601.gappssmtp.com; s=20230601; t=1770576685; x=1771181485; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=g02+664FJNwl5eiOrC8jTX9yD8WCrR9xeBQTNTRb7gk=; b=iVP0qjqLo4uvfvIQji+QbJgKFELYJbqLuRAcgB+o3tSLiCac7JdGJ6x0Ra7eekvdxk HPrQWuyDAebH+YHDPWhdIhhdqjWdE72cXVqhGm6QwIEKtWng1YmXlylND5FLWYdtwiam Yrnb6KNwA4/etTsCKk4BNjV41T5FHCVUOkvG4UyAndMewS8Ibm4SOlrMR33rOT0SB5gJ noUFu3xpeVRWwx/2yOg3LdZxrWN24t+Bn+yYCQggi/PANZt4J7XqV15cVNDeVxjPQn4M XW28ald6RkHexP6nkRrtNC73awU1JF+RzYlmC0Hs0142utlpC0QZS6jP+ZlBYXG5EapM jB4g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1770576685; x=1771181485; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=g02+664FJNwl5eiOrC8jTX9yD8WCrR9xeBQTNTRb7gk=; b=Ng52vL37nedskbiGuL0puFbdctgB0rmmG2AMlmF8WS6iqZU4vKLTFTtd8NVL6kCB68 JtTY7JEq3LQVwP+Pj2W/kZYsisHt6N1tE+Jpqj3sJM281UEqFYqu8Eq6dia7FvZe43cK 06GzPcPl/Vq39ZlfIEVz+ujY1uGezTmh4w2xOPMbWbCbANayLVn6/p2V1gKS/HvSAyb/ flgk6uMbzInMPRANexzwNe3ygfe6dpjjZmmxHes1wbvF7mGlMEonSuwGecjghQGtYvab jvgzJcTf1cmCThlxwoSjNhjwIDA1ZWW9VRPfootMsEYr1sDsGMOd524p2LS6c7tbEBG5 E9Ug== X-Gm-Message-State: AOJu0YxOXrnvP1qMiswxc3B7Mt2Nz4b8bBHSdNtXX5RFs22dhPNamk5N lUAcEUhE9C5csJCxgFW/XdXrSw+Y7EK+xrbPyF4Vjja/Gw8xVf4wxsXdt/gjQ7ppdXU= X-Gm-Gg: AZuq6aJVtoVS0SMofBBKLzpQQLauZmULX6HFHzzFRBK4PMnZRGwSlL3Gx63AzPXLglf O/MEDCqst5teM9b8qfFieruRXKbZMeHZxw/4bo7YzZzvg3NesqVSODQD34ZK6p6SxGp8we87Zl5 QbaBavpF2/cN+PLIhilmtdC31T445F0BsXszdxZX5BUMs6MsCVV/XE7Gcwn8Ab7vqHr88xX5zzY XTDiIHpwIR94s5IkAkSy/e7wW3kiCunYwj0P5aILKtLf3uPaJwSEXc3a6stZAJpeY4WxVVL06v8 wzV2IgX5p5VDkE4mFX8CTm4Cpn9tT+IIHzOHZooUVAuxFuehNIVOHQJohv/Jp9mgWh+UJgdU4I3 +Xj0w6JaEkCbr+512yzU8dVCUyO/aXQZZO4gMAbyd8gvXlAvR15Y5czxmCG5uUUlj92si7lAitd PZHwPe+kpQSH47JNkMDlBkqvLfpYFDvMIYWEi0FkeMH5FLh1XsfsxTmBlJgi/qOwjT+s4bXBDw1 G9Zf5Ip9teeMDqXp84rLbLtU+/zb5Np8mEMYcgUkw== X-Received: by 2002:a05:620a:25c9:b0:8c7:a84:d0e4 with SMTP id af79cd13be357-8caef408ademr1279450285a.24.1770576684908; Sun, 08 Feb 2026 10:51:24 -0800 (PST) Received: from security.cs.northwestern.edu (security.cs.northwestern.edu. [165.124.184.136]) by smtp.gmail.com with ESMTPSA id af79cd13be357-8cafa4b6b8dsm632977285a.50.2026.02.08.10.51.24 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 08 Feb 2026 10:51:24 -0800 (PST) From: Ziyi Guo To: "Tigran A . Aivazian" Cc: linux-kernel@vger.kernel.org, Ziyi Guo Subject: [PATCH] bfs: reject inodes with zero link count in bfs_iget() Date: Sun, 8 Feb 2026 18:51:22 +0000 Message-Id: <20260208185122.1115949-1-n7l8m4@u.northwestern.edu> X-Mailer: git-send-email 2.34.1 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" bfs_iget() reads i_nlink directly from disk without validating that it is non-zero. A corrupted BFS image with an inode that has i_nlink =3D=3D 0 but is still referenced by a directory entry allows that inode to be loaded. While bfs_unlink() has a recovery guard for this case, other functions like bfs_rename() calls inode_dec_link_count() without checking, triggering WARN_ON(inode->i_nlink =3D=3D 0) in drop_nlink= (). Reject inodes with zero link count at load time, consistent with the approach used by ext4, minix, nilfs2, and other filesystems. Signed-off-by: Ziyi Guo Reviewed-by: Tigran Aivazian --- fs/bfs/inode.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/fs/bfs/inode.c b/fs/bfs/inode.c index ce6f83234b67..85d664e169f0 100644 --- a/fs/bfs/inode.c +++ b/fs/bfs/inode.c @@ -96,6 +96,10 @@ struct inode *bfs_iget(struct super_block *sb, unsigned = long ino) i_uid_write(inode, le32_to_cpu(di->i_uid)); i_gid_write(inode, le32_to_cpu(di->i_gid)); set_nlink(inode, le32_to_cpu(di->i_nlink)); + if (!inode->i_nlink) { + brelse(bh); + goto error; + } inode->i_size =3D BFS_FILESIZE(di); inode->i_blocks =3D BFS_FILEBLOCKS(di); inode_set_atime(inode, le32_to_cpu(di->i_atime), 0); --=20 2.34.1