diff options
author | Zhihao Cheng <chengzhihao1@huawei.com> | 2022-10-11 11:47:31 +0800 |
---|---|---|
committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2023-03-11 16:31:56 +0100 |
commit | 6cc10bbc8996d56a4432bd681e9102dac565bbf6 (patch) | |
tree | 19bbca6f0eb95d239f29bc4bd44ce5f531d328fa /fs/ubifs | |
parent | 2d115ac3bb7c44be138ad285c2d227cec2e513ca (diff) | |
download | linux-stable-6cc10bbc8996d56a4432bd681e9102dac565bbf6.tar.gz linux-stable-6cc10bbc8996d56a4432bd681e9102dac565bbf6.tar.bz2 linux-stable-6cc10bbc8996d56a4432bd681e9102dac565bbf6.zip |
ubifs: do_rename: Fix wrong space budget when target inode's nlink > 1
[ Upstream commit 25fce616a61fc2f1821e4a9ce212d0e064707093 ]
If target inode is a special file (eg. block/char device) with nlink
count greater than 1, the inode with ui->data will be re-written on
disk. However, UBIFS losts target inode's data_len while doing space
budget. Bad space budget may let make_reservation() return with -ENOSPC,
which could turn ubifs to read-only mode in do_writepage() process.
Fetch a reproducer in [Link].
Link: https://bugzilla.kernel.org/show_bug.cgi?id=216494
Fixes: 1e51764a3c2ac0 ("UBIFS: add new flash file system")
Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com>
Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Diffstat (limited to 'fs/ubifs')
-rw-r--r-- | fs/ubifs/dir.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/fs/ubifs/dir.c b/fs/ubifs/dir.c index 89c5c2abc0fa..3b93b14e0041 100644 --- a/fs/ubifs/dir.c +++ b/fs/ubifs/dir.c @@ -1309,9 +1309,13 @@ static int do_rename(struct inode *old_dir, struct dentry *old_dentry, old_dentry, old_inode->i_ino, old_dir->i_ino, new_dentry, new_dir->i_ino, flags); - if (unlink) + if (unlink) { ubifs_assert(c, inode_is_locked(new_inode)); + /* Budget for old inode's data when its nlink > 1. */ + req.dirtied_ino_d = ALIGN(ubifs_inode(new_inode)->data_len, 8); + } + if (unlink && is_dir) { err = ubifs_check_dir_empty(new_inode); if (err) |