On Sun, 28 Oct 2018 at 22:44, Richard Weinberger <richard@xxxxxx> wrote: > UBIFS's recovery code strictly assumes that a deleted inode will never > come back, therefore it removes all data which belongs to that inode > as soon it faces an inode with link count 0 in the replay list. > Before O_TMPFILE this assumption was perfectly fine. With O_TMPFILE > it can lead to data loss upon a power-cut. > > Consider a journal with entries like: > 0: inode X (nlink = 0) /* O_TMPFILE was created */ > 1: data for inode X /* Someone writes to the temp file */ > 2: inode X (nlink = 0) /* inode was changed, xattr, chmod, … */ > 3: inode X (nlink = 1) /* inode was re-linked via linkat() */ > > Upon replay of entry #2 UBIFS will drop all data that belongs to inode X, > this will lead to an empty file after mounting. > > As solution for this problem, scan the replay list for a re-link entry > before dropping data. > > Fixes: 474b93704f32 ("ubifs: Implement O_TMPFILE") > Cc: stable@xxxxxxxxxxxxxxx > Reported-by: Russell Senior <russell@xxxxxxxxxxxxxxxxx> > Reported-by: Rafał Miłecki <zajec5@xxxxxxxxx> > Signed-off-by: Richard Weinberger <richard@xxxxxx> Thank you Richard!!! Tested-by: Rafał Miłecki <rafal@xxxxxxxxxx>