udf: Verify inode link counts before performing rename

During rename, we are updating link counts of various inodes either when
rename deletes target or when moving directory across directories.
Verify involved link counts are sane so that we don't trip warnings in
VFS.

Reported-by: syzbot+3ff7365dc04a6bcafa66@syzkaller.appspotmail.com
Signed-off-by: Jan Kara <jack@suse.cz>

diff --git a/fs/udf/namei.c b/fs/udf/namei.c
index 2be775d30ac104e7c046237da21faa770f4adc6c..2cb49b6b07168a8195ce10391546c2e8bc110983 100644 (file)
--- a/fs/udf/namei.c
+++ b/fs/udf/namei.c
@@ -791,8 +791,18 @@ static int udf_rename(struct mnt_idmap *idmap, struct inode *old_dir,
                        retval = -ENOTEMPTY;
                        if (!empty_dir(new_inode))
                                goto out_oiter;
+                       retval = -EFSCORRUPTED;
+                       if (new_inode->i_nlink != 2)
+                               goto out_oiter;
                }
+               retval = -EFSCORRUPTED;
+               if (old_dir->i_nlink < 3)
+                       goto out_oiter;
                is_dir = true;
+       } else if (new_inode) {
+               retval = -EFSCORRUPTED;
+               if (new_inode->i_nlink < 1)
+                       goto out_oiter;
        }
        if (is_dir && old_dir != new_dir) {
                retval = udf_fiiter_find_entry(old_inode, &dotdot_name,