[RFC PATCH] ext4: increase the protection of drop nlink and ext4 inode destroy

linux-fsdevel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: yi zhang <yi.zhang@huawei.com>
To: <linux-ext4@vger.kernel.org>
Cc: <linux-kernel@vger.kernel.org>, <linux-fsdevel@vger.kernel.org>,
	<tytso@mit.edu>, <adilger.kernel@dilger.ca>,
	<yi.zhang@huawei.com>
Subject: [RFC PATCH] ext4: increase the protection of drop nlink and ext4  inode destroy
Date: Mon, 26 Dec 2016 20:34:17 +0800	[thread overview]
Message-ID: <1482755657-28791-1-git-send-email-yi.zhang@huawei.com> (raw)

Because of the disk and hardware issue, the ext4 filesystem have 
many errors, the inode->i_nlink of ext4 becomes zero abnormally 
but the dentry is still positive, it will cause memory corruption 
after the following process:

 1) Due to the inode->i_nlink is 0, this inode will be added into
the orhpan list,
 2) ext4_rename() cover this inode, and drop_nlink() will reverse
the inode->i_nlink to 0xFFFFFFFF,
 3) iput() add this inode to LRU,
 4) evict() will call destroy_inode() to destroy this inode but
skip removing it from the orphan list,
 5) after this, the inode's memory address space will be used by
other module, when the ext4 filesystem change the orphan list, it will
trample other module's data and then may cause oops.

Although we cannot avoid hardware and disk errors, we can control the
softwore error in the ext4 module, do not affect other modules and
increase the difficulty of locating problems.

This patch avoid inode->i_nlink reverse and remove the inode form the
orphan list when destroy it if the list is not empty.
Signed-off-by: yi zhang <yi.zhang@huawei.com>
---
 fs/ext4/super.c | 1 +
 fs/inode.c      | 5 ++++-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/fs/ext4/super.c b/fs/ext4/super.c
index 52b0530..617327e 100644
--- a/fs/ext4/super.c
+++ b/fs/ext4/super.c
@@ -975,6 +975,7 @@ static void ext4_destroy_inode(struct inode *inode)
 				EXT4_I(inode), sizeof(struct ext4_inode_info),
 				true);
 		dump_stack();
+		ext4_orphan_del(NULL, inode);
 	}
 	call_rcu(&inode->i_rcu, ext4_i_callback);
 }
diff --git a/fs/inode.c b/fs/inode.c
index 88110fd..079d383 100644
--- a/fs/inode.c
+++ b/fs/inode.c
@@ -279,7 +279,10 @@ static void destroy_inode(struct inode *inode)
  */
 void drop_nlink(struct inode *inode)
 {
-	WARN_ON(inode->i_nlink == 0);
+	if (WARN(inode->i_nlink == 0, "inode %lu nlink"
+		" is already 0", inode->i_ino))
+		return;
+
 	inode->__i_nlink--;
 	if (!inode->i_nlink)
 		atomic_long_inc(&inode->i_sb->s_remove_count);
-- 
2.5.0

next             reply	other threads:[~2016-12-26 12:34 UTC|newest]

Thread overview: 16+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-12-26 12:34 yi zhang [this message]
2016-12-26 18:32 ` [RFC PATCH] ext4: increase the protection of drop nlink and ext4 inode destroy Andreas Dilger
2016-12-31 22:59 ` Valdis.Kletnieks
2017-01-04  8:29   ` zhangyi (F)
2017-01-04 21:54     ` Darrick J. Wong
2017-01-04 22:00       ` Andreas Dilger
2017-01-04 23:35       ` Theodore Ts'o
2017-01-05  7:24         ` zhangyi (F)
2017-01-05 17:38           ` Darrick J. Wong
2017-01-11  9:07         ` zhangyi (F)
2017-01-11 15:34           ` Theodore Ts'o
2017-01-12  8:00             ` zhangyi (F)
2017-01-12 17:03               ` Theodore Ts'o
2017-01-13  3:42                 ` Al Viro
2017-01-13 14:26                   ` Theodore Ts'o
2017-01-16  3:24             ` zhangyi (F)

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:52b0530 dfblob:617327e dfblob:88110fd dfblob:079d383 )
 OR (
bs:"[RFC PATCH] ext4: increase the protection of drop nlink and ext4  inode destroy" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1482755657-28791-1-git-send-email-yi.zhang@huawei.com \
    --to=yi.zhang@huawei.com \
    --cc=adilger.kernel@dilger.ca \
    --cc=linux-ext4@vger.kernel.org \
    --cc=linux-fsdevel@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=tytso@mit.edu \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).