diff options
| author | Jori Koolstra <jkoolstra@xs4all.nl> | 2025-10-28 13:22:12 +0100 |
|---|---|---|
| committer | Sasha Levin <sashal@kernel.org> | 2026-03-04 07:20:43 -0500 |
| commit | f70fcbc2ac7c24f087a2c895c5753aa730b1e479 (patch) | |
| tree | 30c0186a6cc8ea7f099854cde1095207b03ec0ec /fs | |
| parent | 68f7fc76924354986bb3afa5c99ab7f07f286d76 (diff) | |
jfs: nlink overflow in jfs_rename
[ Upstream commit 9218dc26fd922b09858ecd3666ed57dfd8098da8 ]
If nlink is maximal for a directory (-1) and inside that directory you
perform a rename for some child directory (not moving from the parent),
then the nlink of the first directory is first incremented and later
decremented. Normally this is fine, but when nlink = -1 this causes a
wrap around to 0, and then drop_nlink issues a warning.
After applying the patch syzbot no longer issues any warnings. I also
ran some basic fs tests to look for any regressions.
Signed-off-by: Jori Koolstra <jkoolstra@xs4all.nl>
Reported-by: syzbot+9131ddfd7870623b719f@syzkaller.appspotmail.com
Closes: https://syzbot.org/bug?extid=9131ddfd7870623b719f
Signed-off-by: Dave Kleikamp <dave.kleikamp@oracle.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Diffstat (limited to 'fs')
| -rw-r--r-- | fs/jfs/namei.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/fs/jfs/namei.c b/fs/jfs/namei.c index 57d7a4300210..649184d712ad 100644 --- a/fs/jfs/namei.c +++ b/fs/jfs/namei.c @@ -1227,7 +1227,7 @@ static int jfs_rename(struct mnt_idmap *idmap, struct inode *old_dir, jfs_err("jfs_rename: dtInsert returned -EIO"); goto out_tx; } - if (S_ISDIR(old_ip->i_mode)) + if (S_ISDIR(old_ip->i_mode) && old_dir != new_dir) inc_nlink(new_dir); } /* @@ -1243,7 +1243,9 @@ static int jfs_rename(struct mnt_idmap *idmap, struct inode *old_dir, goto out_tx; } if (S_ISDIR(old_ip->i_mode)) { - drop_nlink(old_dir); + if (new_ip || old_dir != new_dir) + drop_nlink(old_dir); + if (old_dir != new_dir) { /* * Change inode number of parent for moved directory |