On Wed, Dec 26, 2018 at 01:32:11PM +0100, Rafał Miłecki wrote:
From: Richard Weinberger <richard@xxxxxx>
commit e58725d51fa8da9133f3f1c54170aa2e43056b91 upstream.
UBIFS's recovery code strictly assumes that a deleted inode will never
come back, therefore it removes all data which belongs to that inode
as soon it faces an inode with link count 0 in the replay list.
Before O_TMPFILE this assumption was perfectly fine. With O_TMPFILE
it can lead to data loss upon a power-cut.
Consider a journal with entries like:
0: inode X (nlink = 0) /* O_TMPFILE was created */
1: data for inode X /* Someone writes to the temp file */
2: inode X (nlink = 0) /* inode was changed, xattr, chmod, … */
3: inode X (nlink = 1) /* inode was re-linked via linkat() */
Upon replay of entry #2 UBIFS will drop all data that belongs to inode X,
this will lead to an empty file after mounting.
As solution for this problem, scan the replay list for a re-link entry
before dropping data.
Fixes: 474b93704f32 ("ubifs: Implement O_TMPFILE")
Cc: stable@xxxxxxxxxxxxxxx # 4.9-4.18
Cc: Russell Senior <russell@xxxxxxxxxxxxxxxxx>
Cc: Rafał Miłecki <zajec5@xxxxxxxxx>
Reported-by: Russell Senior <russell@xxxxxxxxxxxxxxxxx>
Reported-by: Rafał Miłecki <zajec5@xxxxxxxxx>
Tested-by: Rafał Miłecki <rafal@xxxxxxxxxx>
Signed-off-by: Richard Weinberger <richard@xxxxxx>
[rmilecki: update ubifs_assert() calls to compile with 4.18 and older]
Signed-off-by: Rafał Miłecki <rafal@xxxxxxxxxx>
(cherry picked from commit e58725d51fa8da9133f3f1c54170aa2e43056b91)
Queued for 4.14 and 4.9, thank you.
--
Thanks,
Sasha
