[PATCH 0/3] UBIFS: xattr deletion rework
richard at nod.at
Thu Apr 4 15:34:35 PDT 2019
UBIFS handles xattrs in most cases just like files.
An inode can have child entries, which are inodes for xattrs.
If an inode with xattrs is unlinked, only the hosting inode is
referenced in the journal and the orphan list. Upon recovery
all xattrs will be looked up from the TNC and also deleted.
This works in theory, but not in practice. The problem is that
in many places UBIFS internally assumes that a directory inode
can only be deleted if the directory is empty. Since xattr
hosting inodes are treated like directories but you can unlink
such an inode before all xattrs are gone, this assumption is violated.
Therefore it can happen that the garbage collector consumes a LEB
which hosts the information about xattr inodes because the host inode
itself got unlinked. Upon recovery UBIFS is no longer able to
locate these inodes and the free space accounting can get confused.
This can lead to all kind of filesystem corruptions.
The solution is to log every inode in the journal upon unlink.
This approach has one downside, we need to lower the amount of allowed
xattrs per inode.
With this changes applied UBIFS still supports dozens of xattrs per
Hunting down this issue down was anything but easy.
I'd like to thank Toradex AG for supporing this bug hunt.
Special thanks to Stefan Agner for his constant support and testing my
debug patches over and over.
Richard Weinberger (3):
ubifs: journal: Handle xattrs like files
ubifs: orphan: Handle xattrs like files
ubifs: Limit number of xattrs per inode
fs/ubifs/dir.c | 15 +++-
fs/ubifs/journal.c | 72 ++++++++++++++++---
fs/ubifs/misc.h | 8 +++
fs/ubifs/orphan.c | 208 ++++++++++++++++++++++++++++++++++++-----------------
fs/ubifs/super.c | 2 +
fs/ubifs/ubifs.h | 4 ++
fs/ubifs/xattr.c | 71 ++++++++++++++++--
7 files changed, 294 insertions(+), 86 deletions(-)
More information about the linux-mtd