• Richard Weinberger's avatar
    ubifs: Handle re-linking of inodes correctly while recovery · e58725d5
    Richard Weinberger authored
    UBIFS's recovery code strictly assumes that a deleted inode will never
    come back, therefore it removes all data which belongs to that inode
    as soon it faces an inode with link count 0 in the replay list.
    Before O_TMPFILE this assumption was perfectly fine. With O_TMPFILE
    it can lead to data loss upon a power-cut.
    
    Consider a journal with entries like:
    0: inode X (nlink = 0) /* O_TMPFILE was created */
    1: data for inode X /* Someone writes to the temp file */
    2: inode X (nlink = 0) /* inode was changed, xattr, chmod, … */
    3: inode X (nlink = 1) /* inode was re-linked via linkat() */
    
    Upon replay of entry #2 UBIFS will drop all data that belongs to inode X,
    this will lead to an empty file after mounting.
    
    As solution for this problem, scan the replay list for a re-link entry
    before dropping data.
    
    Fixes: 474b9370 ("ubifs: Implement O_TMPFILE")
    Cc: stable@vger.kernel.org
    Cc: Russell Senior <russell@personaltelco.net>
    Cc: Rafał Miłecki <zajec5@gmail.com>
    Reported-by: default avatarRussell Senior <russell@personaltelco.net>
    Reported-by: default avatarRafał Miłecki <zajec5@gmail.com>
    Tested-by: default avatarRafał Miłecki <rafal@milecki.pl>
    Signed-off-by: default avatarRichard Weinberger <richard@nod.at>
    e58725d5
replay.c 34.5 KB