• Theodore Ts'o's avatar
    ext4: don't orphan or truncate the boot loader inode · e1956e85
    Theodore Ts'o authored
    commit e2bfb088 upstream.
    
    The boot loader inode (inode #5) should never be visible in the
    directory hierarchy, but it's possible if the file system is corrupted
    that there will be a directory entry that points at inode #5.  In
    order to avoid accidentally trashing it, when such a directory inode
    is opened, the inode will be marked as a bad inode, so that it's not
    possible to modify (or read) the inode from userspace.
    
    Unfortunately, when we unlink this (invalid/illegal) directory entry,
    we will put the bad inode on the ophan list, and then when try to
    unlink the directory, we don't actually remove the bad inode from the
    orphan list before freeing in-memory inode structure.  This means the
    in-memory orphan list is corrupted, leading to a kernel oops.
    
    In addition, avoid truncating a bad inode in ext4_destroy_inode(),
    since truncating the boot loader inode is not a smart thing to do.
    Reported-by: default avatarSami Liedes <sami.liedes@iki.fi>
    Reviewed-by: default avatarJan Kara <jack@suse.cz>
    Signed-off-by: default avatarTheodore Ts'o <tytso@mit.edu>
    Signed-off-by: default avatarLuis Henriques <luis.henriques@canonical.com>
    e1956e85
namei.c 92.9 KB