On Wed, Feb 12, 2014 at 11:38:25AM -0500, Theodore Ts'o wrote: > On Sat, Jan 25, 2014 at 02:58:17PM +0800, Eryu Guan wrote: > > Corrupted ext4_dir_entry_2 struct on disk may have wrong inode number, > > when the inode number is 8 (EXT4_JOURNAL_INO) and the file is deleted, > > the journal inode is gone, and unmounting such a fs could trigger the > > following BUG_ON() in start_this_handle()..... > > This patch is mostly good, but you need to exempt the root inode. > Otherwise, the following program, which would normally give the error > "unlink: Is a directory", will mark the file system as containing an > error, and so it could allow an unprivileged user to remount the file > system read-only, or force the system to panic and reboot. Hi Ted, I dont' see how the following program could mark the file system as containing an error on patched kernel. I tried running it on both patched/unpatched kernel, and it gave "unlink: Is a directory" in both cases. And dumpe2fs -h didn't show that fs contained errors. I traced do_unlinkat(), vfs_unlink() and ext4_unlink() in systemtap and systemtap showed only do_unlinkat() was being called. Am I missing something here? Thanks, Eryu > > #include <unistd.h> > > int main(int argc, char **argv) > { > > if (unlink("/") < 0) > perror("unlink"); > return 0; > } > > Cheers, > > - Ted -- To unsubscribe from this list: send the line "unsubscribe linux-ext4" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html