Re: [PATCH] ubifs: Handle re-linking of inodes correctly while recovery

From: RafaÅ MiÅecki
Date: Thu Nov 01 2018 - 04:56:21 EST


On Sun, 28 Oct 2018 at 22:44, Richard Weinberger <richard@xxxxxx> wrote:
> UBIFS's recovery code strictly assumes that a deleted inode will never
> come back, therefore it removes all data which belongs to that inode
> as soon it faces an inode with link count 0 in the replay list.
> Before O_TMPFILE this assumption was perfectly fine. With O_TMPFILE
> it can lead to data loss upon a power-cut.
>
> Consider a journal with entries like:
> 0: inode X (nlink = 0) /* O_TMPFILE was created */
> 1: data for inode X /* Someone writes to the temp file */
> 2: inode X (nlink = 0) /* inode was changed, xattr, chmod, â */
> 3: inode X (nlink = 1) /* inode was re-linked via linkat() */
>
> Upon replay of entry #2 UBIFS will drop all data that belongs to inode X,
> this will lead to an empty file after mounting.
>
> As solution for this problem, scan the replay list for a re-link entry
> before dropping data.
>
> Fixes: 474b93704f32 ("ubifs: Implement O_TMPFILE")
> Cc: stable@xxxxxxxxxxxxxxx
> Reported-by: Russell Senior <russell@xxxxxxxxxxxxxxxxx>
> Reported-by: RafaÅ MiÅecki <zajec5@xxxxxxxxx>
> Signed-off-by: Richard Weinberger <richard@xxxxxx>

Thank you Richard!!!

Tested-by: RafaÅ MiÅecki <rafal@xxxxxxxxxx>