[PATCH] ubifs: Fix a potential space leak problem while linking tmpfile
Richard Weinberger
richard.weinberger at gmail.com
Tue Jul 7 07:26:58 EDT 2020
On Wed, Jul 1, 2020 at 1:28 PM Zhihao Cheng <chengzhihao1 at huawei.com> wrote:
>
> There is a potential space leak problem while linking tmpfile, in which
> case, inode node (with nlink=0) is valid in tnc (on flash), which leads
> to space leak. Meanwhile, the corresponding data nodes won't be released
> from tnc. For example, (A reproducer can be found in Link):
>
> $ mount UBIFS
> [process A] [process B] [TNC] [orphan area]
>
> ubifs_tmpfile inode_A (nlink=0) inode_A
> do_commit inode_A (nlink=0) inode_A
> ↑
> (comment: It makes sure not replay inode_A in next mount)
> ubifs_link inode_A (nlink=0) inode_A
> ubifs_delete_orphan inode_A (nlink=0)
> do_commit inode_A (nlink=0)
> ---> POWERCUT <---
> (ubifs_jnl_update)
>
> $ mount UBIFS
> inode_A will neither be replayed in ubifs_replay_journal() nor
> ubifs_mount_orphans(). inode_A (nlink=0) with its data nodes will
> always on tnc, it occupy space but is non-visable for users.
>
> Commit ee1438ce5dc4d ("ubifs: Check link count of inodes when killing
> orphans.") handles problem in mistakenly deleting relinked tmpfile
> while replaying orphan area. Since that, tmpfile inode should always
> live in orphan area even it is linked. Fix it by reverting commit
> 32fe905c17f001 ("ubifs: Fix O_TMPFILE corner case in ubifs_link()").
Well, by reverting this commit you re-introduce the issue it fixes. ;-\
--
Thanks,
//richard
More information about the linux-mtd
mailing list