• Darrick J. Wong's avatar
    xfs: pin inodes that would otherwise overflow link count · 5f204051
    Darrick J. Wong authored
    The VFS inc_nlink function does not explicitly check for integer
    overflows in the i_nlink field.  Instead, it checks the link count
    against s_max_links in the vfs_{link,create,rename} functions.  XFS
    sets the maximum link count to 2.1 billion, so integer overflows should
    not be a problem.
    
    However.  It's possible that online repair could find that a file has
    more than four billion links, particularly if the link count got
    corrupted while creating hardlinks to the file.  The di_nlinkv2 field is
    not large enough to store a value larger than 2^32, so we ought to
    define a magic pin value of ~0U which means that the inode never gets
    deleted.  This will prevent a UAF error if the repair finds this
    situation and users begin deleting links to the file.
    Signed-off-by: default avatarDarrick J. Wong <djwong@kernel.org>
    Reviewed-by: default avatarChristoph Hellwig <hch@lst.de>
    5f204051
dir_repair.c 37.8 KB