* Patch "ubifs: Fix O_TMPFILE corner case in ubifs_link()" has been added to the 4.10-stable tree
@ 2017-04-24 8:02 gregkh
0 siblings, 0 replies; only message in thread
From: gregkh @ 2017-04-24 8:02 UTC (permalink / raw)
To: richard, amir73il, gregkh, ralph.sennhauser; +Cc: stable, stable-commits
This is a note to let you know that I've just added the patch titled
ubifs: Fix O_TMPFILE corner case in ubifs_link()
to the 4.10-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
ubifs-fix-o_tmpfile-corner-case-in-ubifs_link.patch
and it can be found in the queue-4.10 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@vger.kernel.org> know about it.
>From 32fe905c17f001c0eee13c59afddd0bf2eed509c Mon Sep 17 00:00:00 2001
From: Richard Weinberger <richard@nod.at>
Date: Thu, 30 Mar 2017 10:50:49 +0200
Subject: ubifs: Fix O_TMPFILE corner case in ubifs_link()
From: Richard Weinberger <richard@nod.at>
commit 32fe905c17f001c0eee13c59afddd0bf2eed509c upstream.
It is perfectly fine to link a tmpfile back using linkat().
Since tmpfiles are created with a link count of 0 they appear
on the orphan list, upon re-linking the inode has to be removed
from the orphan list again.
Ralph faced a filesystem corruption in combination with overlayfs
due to this bug.
Cc: Ralph Sennhauser <ralph.sennhauser@gmail.com>
Cc: Amir Goldstein <amir73il@gmail.com>
Reported-by: Ralph Sennhauser <ralph.sennhauser@gmail.com>
Tested-by: Ralph Sennhauser <ralph.sennhauser@gmail.com>
Reported-by: Amir Goldstein <amir73il@gmail.com>
Fixes: 474b93704f321 ("ubifs: Implement O_TMPFILE")
Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/ubifs/dir.c | 7 +++++++
1 file changed, 7 insertions(+)
--- a/fs/ubifs/dir.c
+++ b/fs/ubifs/dir.c
@@ -748,6 +748,11 @@ static int ubifs_link(struct dentry *old
goto out_fname;
lock_2_inodes(dir, inode);
+
+ /* Handle O_TMPFILE corner case, it is allowed to link a O_TMPFILE. */
+ if (inode->i_nlink == 0)
+ ubifs_delete_orphan(c, inode->i_ino);
+
inc_nlink(inode);
ihold(inode);
inode->i_ctime = ubifs_current_time(inode);
@@ -768,6 +773,8 @@ out_cancel:
dir->i_size -= sz_change;
dir_ui->ui_size = dir->i_size;
drop_nlink(inode);
+ if (inode->i_nlink == 0)
+ ubifs_add_orphan(c, inode->i_ino);
unlock_2_inodes(dir, inode);
ubifs_release_budget(c, &req);
iput(inode);
Patches currently in stable-queue which might be from richard@nod.at are
queue-4.10/ubifs-fix-rename_whiteout-support.patch
queue-4.10/ubi-upd-always-flush-after-prepared-for-an-update.patch
queue-4.10/ubifs-fix-o_tmpfile-corner-case-in-ubifs_link.patch
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2017-04-24 8:02 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-04-24 8:02 Patch "ubifs: Fix O_TMPFILE corner case in ubifs_link()" has been added to the 4.10-stable tree gregkh
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).