Re: [PATCH] fat: avoid parent link count underflow in rmdir

From: OGAWA Hirofumi
Date: Thu Jan 01 2026 - 06:24:47 EST

Next message: Nanzhe Zhao: "Re: [f2fs-dev] [PATCH 1/2 v4] f2fs: support large folio for immutable non-compressed case"
Previous message: Ilpo Järvinen: "Re: [PATCH v3 3/3] platform/x86: asus-armoury: add keyboard control firmware attributes"
In reply to: Zhiyu Zhang: "[PATCH] fat: avoid parent link count underflow in rmdir"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Zhiyu Zhang <zhiyuzhang999@xxxxxxxxx> writes:

> Corrupted FAT images can leave a directory inode with an incorrect
> i_nlink (e.g. 2 even though subdirectories exist). rmdir then
> unconditionally calls drop_nlink(dir) and can drive i_nlink to 0,
> triggering the WARN_ON in drop_nlink().
>
> Add a sanity check in vfat_rmdir() and msdos_rmdir(): only drop the
> parent link count when it is at least 3, otherwise report a filesystem
> error.
>
> Fixes: 9a53c3a783c2 ("[PATCH] r/o bind mounts: unlink: monitor i_nlink")
> Reported-by: Zhiyu Zhang <zhiyuzhang999@xxxxxxxxx>
> Closes: https://lore.kernel.org/linux-fsdevel/aVN06OKsKxZe6-Kv@xxxxxxxxxxxxxxxxxxxx/T/#t
> Tested-by: Zhiyu Zhang <zhiyuzhang999@xxxxxxxxx>
> Signed-off-by: Zhiyu Zhang <zhiyuzhang999@xxxxxxxxx>

Looks good. Thanks.

Acked-by: OGAWA Hirofumi <hirofumi@xxxxxxxxxxxxxxxxxx>

> ---
> fs/fat/namei_msdos.c | 7 ++++++-
> fs/fat/namei_vfat.c | 7 ++++++-
> 2 files changed, 12 insertions(+), 2 deletions(-)
>
> diff --git a/fs/fat/namei_msdos.c b/fs/fat/namei_msdos.c
> index 0b920ee40a7f..262ec1b790b5 100644
> --- a/fs/fat/namei_msdos.c
> +++ b/fs/fat/namei_msdos.c
> @@ -325,7 +325,12 @@ static int msdos_rmdir(struct inode *dir, struct dentry *dentry)
> err = fat_remove_entries(dir, &sinfo); /* and releases bh */
> if (err)
> goto out;
> - drop_nlink(dir);
> + if (dir->i_nlink >= 3)
> + drop_nlink(dir);
> + else {
> + fat_fs_error(sb, "parent dir link count too low (%u)",
> + dir->i_nlink);
> + }
>
> clear_nlink(inode);
> fat_truncate_time(inode, NULL, S_CTIME);
> diff --git a/fs/fat/namei_vfat.c b/fs/fat/namei_vfat.c
> index 5dbc4cbb8fce..47ff083cfc7e 100644
> --- a/fs/fat/namei_vfat.c
> +++ b/fs/fat/namei_vfat.c
> @@ -803,7 +803,12 @@ static int vfat_rmdir(struct inode *dir, struct dentry *dentry)
> err = fat_remove_entries(dir, &sinfo); /* and releases bh */
> if (err)
> goto out;
> - drop_nlink(dir);
> + if (dir->i_nlink >= 3)
> + drop_nlink(dir);
> + else {
> + fat_fs_error(sb, "parent dir link count too low (%u)",
> + dir->i_nlink);
> + }
>
> clear_nlink(inode);
> fat_truncate_time(inode, NULL, S_ATIME|S_MTIME);

--
OGAWA Hirofumi <hirofumi@xxxxxxxxxxxxxxxxxx>

Next message: Nanzhe Zhao: "Re: [f2fs-dev] [PATCH 1/2 v4] f2fs: support large folio for immutable non-compressed case"
Previous message: Ilpo Järvinen: "Re: [PATCH v3 3/3] platform/x86: asus-armoury: add keyboard control firmware attributes"
In reply to: Zhiyu Zhang: "[PATCH] fat: avoid parent link count underflow in rmdir"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]