[f2fs-dev,v5] f2fs: add check for deleted inode

Message ID	20250227155420.48885-1-chao@kernel.org (mailing list archive)
State	Accepted
Commit	81edb983b3f5d6900d3e337b9af7b1bec4bef0f2
Headers	show Return-Path: <linux-f2fs-devel-bounces@lists.sourceforge.net> To: jaegeuk@kernel.org Date: Thu, 27 Feb 2025 23:54:20 +0800 Message-Id: <20250227155420.48885-1-chao@kernel.org> MIME-Version: 1.0 Subject: [f2fs-dev] [PATCH v5] f2fs: add check for deleted inode Precedence: list From: Chao Yu via Linux-f2fs-devel <linux-f2fs-devel@lists.sourceforge.net> Reply-To: Chao Yu <chao@kernel.org> Cc: syzbot+b01a36acd7007e273a83@syzkaller.appspotmail.com, linux-kernel@vger.kernel.org, Leo Stone <leocstone@gmail.com>, linux-f2fs-devel@lists.sourceforge.net Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: linux-f2fs-devel-bounces@lists.sourceforge.net
Series	[f2fs-dev,v5] f2fs: add check for deleted inode \| expand [f2fs-dev,v5] f2fs: add check for deleted inode

Message ID

20250227155420.48885-1-chao@kernel.org (mailing list archive)

State

Accepted

Commit

81edb983b3f5d6900d3e337b9af7b1bec4bef0f2

Headers

To: jaegeuk@kernel.org
Date: Thu, 27 Feb 2025 23:54:20 +0800
Message-Id: <20250227155420.48885-1-chao@kernel.org>
MIME-Version: 1.0
Subject: [f2fs-dev] [PATCH v5] f2fs: add check for deleted inode
Precedence: list
From: Chao Yu via Linux-f2fs-devel <linux-f2fs-devel@lists.sourceforge.net>
Reply-To: Chao Yu <chao@kernel.org>
Cc: syzbot+b01a36acd7007e273a83@syzkaller.appspotmail.com,
 linux-kernel@vger.kernel.org, Leo Stone <leocstone@gmail.com>,
 linux-f2fs-devel@lists.sourceforge.net
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: linux-f2fs-devel-bounces@lists.sourceforge.net

Series

[f2fs-dev,v5] f2fs: add check for deleted inode | expand

Commit Message

Chao Yu Feb. 27, 2025, 3:54 p.m. UTC

From: Leo Stone <leocstone@gmail.com>

The syzbot reproducer mounts a f2fs image, then tries to unlink an
existing file. However, the unlinked file already has a link count of 0
when it is read for the first time in do_read_inode().

Add a check to sanity_check_inode() for i_nlink == 0.

[Chao Yu: rebase the code and fix orphan inode recovery issue]
Reported-by: syzbot+b01a36acd7007e273a83@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=b01a36acd7007e273a83
Fixes: 39a53e0ce0df ("f2fs: add superblock and major in-memory structure")
Signed-off-by: Leo Stone <leocstone@gmail.com>
Signed-off-by: Chao Yu <chao@kernel.org>
---
v5:
- only check i_nlink in lookup()
 fs/f2fs/namei.c | 8 ++++++++
 1 file changed, 8 insertions(+)

Comments

patchwork-bot+f2fs--- via Linux-f2fs-devel March 1, 2025, 1:50 a.m. UTC | #1

Hello:

This patch was applied to jaegeuk/f2fs.git (dev)
by Jaegeuk Kim <jaegeuk@kernel.org>:

On Thu, 27 Feb 2025 23:54:20 +0800 you wrote:
> From: Leo Stone <leocstone@gmail.com>
> 
> The syzbot reproducer mounts a f2fs image, then tries to unlink an
> existing file. However, the unlinked file already has a link count of 0
> when it is read for the first time in do_read_inode().
> 
> Add a check to sanity_check_inode() for i_nlink == 0.
> 
> [...]

Here is the summary with links:
  - [f2fs-dev,v5] f2fs: add check for deleted inode
    https://git.kernel.org/jaegeuk/f2fs/c/81edb983b3f5

You are awesome, thank you!

diff --git a/fs/f2fs/namei.c b/fs/f2fs/namei.c
index 949621bc0d07..e39533482b45 100644
--- a/fs/f2fs/namei.c
+++ b/fs/f2fs/namei.c
@@ -502,6 +502,14 @@  static struct dentry *f2fs_lookup(struct inode *dir, struct dentry *dentry,
 		goto out;
 	}
 
+	if (inode->i_nlink == 0) {
+		f2fs_warn(F2FS_I_SB(inode), "%s: inode (ino=%lx) has zero i_nlink",
+			  __func__, inode->i_ino);
+		err = -EFSCORRUPTED;
+		set_sbi_flag(F2FS_I_SB(inode), SBI_NEED_FSCK);
+		goto out_iput;
+	}
+
 	if (IS_ENCRYPTED(dir) &&
 	    (S_ISDIR(inode->i_mode) || S_ISLNK(inode->i_mode)) &&
 	    !fscrypt_has_permitted_context(dir, inode)) {

[f2fs-dev,v5] f2fs: add check for deleted inode

Commit Message

Comments

Patch