linux/fs/ubifs
Zhihao Cheng 1d9d997850 ubifs: Set/Clear I_LINKABLE under i_lock for whiteout inode
[ Upstream commit a801fcfeef96702fa3f9b22ad56c5eb1989d9221 ]

xfstests-generic/476 reports a warning message as below:

WARNING: CPU: 2 PID: 30347 at fs/inode.c:361 inc_nlink+0x52/0x70
Call Trace:
  do_rename+0x502/0xd40 [ubifs]
  ubifs_rename+0x8b/0x180 [ubifs]
  vfs_rename+0x476/0x1080
  do_renameat2+0x67c/0x7b0
  __x64_sys_renameat2+0x6e/0x90
  do_syscall_64+0x66/0xe0
  entry_SYSCALL_64_after_hwframe+0x44/0xae

Following race case can cause this:
         rename_whiteout(Thread 1)             wb_workfn(Thread 2)
ubifs_rename
  do_rename
                                          __writeback_single_inode
					    spin_lock(&inode->i_lock)
    whiteout->i_state |= I_LINKABLE
                                            inode->i_state &= ~dirty;
---- How race happens on i_state:
    (tmp = whiteout->i_state | I_LINKABLE)
		                           (tmp = inode->i_state & ~dirty)
    (whiteout->i_state = tmp)
		                           (inode->i_state = tmp)
----
					    spin_unlock(&inode->i_lock)
    inc_nlink(whiteout)
    WARN_ON(!(inode->i_state & I_LINKABLE)) !!!

Fix to add i_lock to avoid i_state update race condition.

Fixes: 9e0a1fff8d ("ubifs: Implement RENAME_WHITEOUT")
Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com>
Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2021-07-20 16:10:50 +02:00
..
auth.c ubifs: Fix memleak in ubifs_init_authentication 2021-03-04 10:26:25 +01:00
budget.c
commit.c
compress.c
crypto.c
debug.c ubifs: dent: Fix some potential memory leaks while iterating entries 2020-11-05 11:43:32 +01:00
debug.h
dir.c ubifs: Set/Clear I_LINKABLE under i_lock for whiteout inode 2021-07-20 16:10:50 +02:00
file.c
find.c
gc.c
io.c ubifs: wbuf: Don't leak kernel memory to flash 2020-12-30 11:51:40 +01:00
ioctl.c
journal.c ubifs: journal: Make sure to not dirty twice for auth nodes 2020-11-05 11:43:32 +01:00
Kconfig
key.h
log.c
lprops.c
lpt_commit.c
lpt.c
Makefile
master.c
misc.c
misc.h
orphan.c ubifs: xattr: Fix some potential memory leaks while iterating entries 2020-11-05 11:43:32 +01:00
recovery.c
replay.c ubifs: Only check replay with inode type to judge if inode linked 2021-05-11 14:04:14 +02:00
sb.c
scan.c
shrinker.c
super.c ubifs: Fix races between xattr_{set|get} and listxattr operations 2021-07-19 08:53:16 +02:00
tnc_commit.c
tnc_misc.c
tnc.c ubifs: xattr: Fix some potential memory leaks while iterating entries 2020-11-05 11:43:32 +01:00
ubifs-media.h
ubifs.h ubifs: Fix races between xattr_{set|get} and listxattr operations 2021-07-19 08:53:16 +02:00
xattr.c ubifs: Fix races between xattr_{set|get} and listxattr operations 2021-07-19 08:53:16 +02:00