[PATCH] ubifs: Check link count of inodes when killing orphans.

From: Richard Weinberger
Date: Wed May 15 2019 - 16:33:18 EST

Next message: Andy Lutomirski: "Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support)"
Previous message: Dan Williams: "Re: [GIT PULL] device-dax for 5.1: PMEM as RAM"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

O_TMPFILE files can change their link count back to non-zero.
This corner case needs to get addressed in the orphans subsystem
too.

Fixes: 474b93704f32 ("ubifs: Implement O_TMPFILE")
Reported-by: Lars Persson <lists@xxxxxxx>
Signed-off-by: Richard Weinberger <richard@xxxxxx>
---
fs/ubifs/orphan.c | 39 ++++++++++++++++++++++++++++++---------
1 file changed, 30 insertions(+), 9 deletions(-)

diff --git a/fs/ubifs/orphan.c b/fs/ubifs/orphan.c
index 2f1618f300fb..575c36dfd751 100644
--- a/fs/ubifs/orphan.c
+++ b/fs/ubifs/orphan.c
@@ -642,6 +642,7 @@ static int do_kill_orphans(struct ubifs_info *c, struct ubifs_scan_leb *sleb,
{
struct ubifs_scan_node *snod;
struct ubifs_orph_node *orph;
+ struct ubifs_ino_node *ino = NULL;
unsigned long long cmt_no;
ino_t inum;
int i, n, err, first = 1;
@@ -688,23 +689,40 @@ static int do_kill_orphans(struct ubifs_info *c, struct ubifs_scan_leb *sleb,
if (first)
first = 0;

+ ino = kmalloc(UBIFS_MAX_INO_NODE_SZ, GFP_NOFS);
+ if (!ino)
+ return -ENOMEM;
+
n = (le32_to_cpu(orph->ch.len) - UBIFS_ORPH_NODE_SZ) >> 3;
for (i = 0; i < n; i++) {
union ubifs_key key1, key2;

inum = le64_to_cpu(orph->inos[i]);
- dbg_rcvry("deleting orphaned inode %lu",
- (unsigned long)inum);

- lowest_ino_key(c, &key1, inum);
- highest_ino_key(c, &key2, inum);
-
- err = ubifs_tnc_remove_range(c, &key1, &key2);
+ ino_key_init(c, &key1, inum);
+ err = ubifs_tnc_lookup(c, &key1, ino);
if (err)
- return err;
+ goto out_free;
+
+ /*
+ * Check whether an inode can really get deleted.
+ * linkat() with O_TMPFILE allows rebirth of an inode.
+ */
+ if (ino->nlink == 0) {
+ dbg_rcvry("deleting orphaned inode %lu",
+ (unsigned long)inum);
+
+ lowest_ino_key(c, &key1, inum);
+ highest_ino_key(c, &key2, inum);
+
+ err = ubifs_tnc_remove_range(c, &key1, &key2);
+ if (err)
+ goto out_err;
+ }
+
err = insert_dead_orphan(c, inum);
if (err)
- return err;
+ goto out_err;
}

*last_cmt_no = cmt_no;
@@ -716,7 +734,10 @@ static int do_kill_orphans(struct ubifs_info *c, struct ubifs_scan_leb *sleb,
*last_flagged = 0;
}

- return 0;
+ err = 0;
+out_free:
+ kfree(ino);
+ return err;
}

/**
--
2.16.4

Next message: Andy Lutomirski: "Re: SGX vs LSM (Re: [PATCH v20 00/28] Intel SGX1 support)"
Previous message: Dan Williams: "Re: [GIT PULL] device-dax for 5.1: PMEM as RAM"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]