aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorVasily Averin <vvs@sw.ru>2007-07-16 02:40:46 -0400
committerLinus Torvalds <torvalds@woody.linux-foundation.org>2007-07-16 12:05:46 -0400
commita6c15c2b0fbfd5c0a84f5f0e1e3f20f85d2b8692 (patch)
tree87af8336e669c8e63fda7d57b0650b5a806f77ff
parent9f7dd93de07420b423336d5d0028959e94778ddb (diff)
ext3/ext4: orphan list corruption due bad inode
After ext3 orphan list check has been added into ext3_destroy_inode() (please see my previous patch) the following situation has been detected: EXT3-fs warning (device sda6): ext3_unlink: Deleting nonexistent file (37901290), 0 Inode 00000101a15b7840: orphan list check failed! 00000773 6f665f00 74616d72 00000573 65725f00 06737270 66000000 616d726f ... Call Trace: [<ffffffff80211ea9>] ext3_destroy_inode+0x79/0x90 [<ffffffff801a2b16>] sys_unlink+0x126/0x1a0 [<ffffffff80111479>] error_exit+0x0/0x81 [<ffffffff80110aba>] system_call+0x7e/0x83 First messages said that unlinked inode has i_nlink=0, then ext3_unlink() adds this inode into orphan list. Second message means that this inode has not been removed from orphan list. Inode dump has showed that i_fop = &bad_file_ops and it can be set in make_bad_inode() only. Then I've found that ext3_read_inode() can call make_bad_inode() without any error/warning messages, for example in the following case: ... if (inode->i_nlink == 0) { if (inode->i_mode == 0 || !(EXT3_SB(inode->i_sb)->s_mount_state & EXT3_ORPHAN_FS)) { /* this inode is deleted */ brelse (bh); goto bad_inode; ... Bad inode can live some time, ext3_unlink can add it to orphan list, but ext3_delete_inode() do not deleted this inode from orphan list. As result we can have orphan list corruption detected in ext3_destroy_inode(). However it is not clear for me how to fix this issue correctly. As far as i see is_bad_inode() is called after iget() in all places excluding ext3_lookup() and ext3_get_parent(). I believe it makes sense to add bad inode check to these functions too and call iput if bad inode detected. Signed-off-by: Vasily Averin <vvs@sw.ru> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-rw-r--r--fs/ext3/namei.c10
-rw-r--r--fs/ext4/namei.c10
2 files changed, 20 insertions, 0 deletions
diff --git a/fs/ext3/namei.c b/fs/ext3/namei.c
index 9bb046df827a..1586807b8177 100644
--- a/fs/ext3/namei.c
+++ b/fs/ext3/namei.c
@@ -1019,6 +1019,11 @@ static struct dentry *ext3_lookup(struct inode * dir, struct dentry *dentry, str
1019 1019
1020 if (!inode) 1020 if (!inode)
1021 return ERR_PTR(-EACCES); 1021 return ERR_PTR(-EACCES);
1022
1023 if (is_bad_inode(inode)) {
1024 iput(inode);
1025 return ERR_PTR(-ENOENT);
1026 }
1022 } 1027 }
1023 return d_splice_alias(inode, dentry); 1028 return d_splice_alias(inode, dentry);
1024} 1029}
@@ -1054,6 +1059,11 @@ struct dentry *ext3_get_parent(struct dentry *child)
1054 if (!inode) 1059 if (!inode)
1055 return ERR_PTR(-EACCES); 1060 return ERR_PTR(-EACCES);
1056 1061
1062 if (is_bad_inode(inode)) {
1063 iput(inode);
1064 return ERR_PTR(-ENOENT);
1065 }
1066
1057 parent = d_alloc_anon(inode); 1067 parent = d_alloc_anon(inode);
1058 if (!parent) { 1068 if (!parent) {
1059 iput(inode); 1069 iput(inode);
diff --git a/fs/ext4/namei.c b/fs/ext4/namei.c
index 2811e5720ad0..2de339dd7554 100644
--- a/fs/ext4/namei.c
+++ b/fs/ext4/namei.c
@@ -1017,6 +1017,11 @@ static struct dentry *ext4_lookup(struct inode * dir, struct dentry *dentry, str
1017 1017
1018 if (!inode) 1018 if (!inode)
1019 return ERR_PTR(-EACCES); 1019 return ERR_PTR(-EACCES);
1020
1021 if (is_bad_inode(inode)) {
1022 iput(inode);
1023 return ERR_PTR(-ENOENT);
1024 }
1020 } 1025 }
1021 return d_splice_alias(inode, dentry); 1026 return d_splice_alias(inode, dentry);
1022} 1027}
@@ -1052,6 +1057,11 @@ struct dentry *ext4_get_parent(struct dentry *child)
1052 if (!inode) 1057 if (!inode)
1053 return ERR_PTR(-EACCES); 1058 return ERR_PTR(-EACCES);
1054 1059
1060 if (is_bad_inode(inode)) {
1061 iput(inode);
1062 return ERR_PTR(-ENOENT);
1063 }
1064
1055 parent = d_alloc_anon(inode); 1065 parent = d_alloc_anon(inode);
1056 if (!parent) { 1066 if (!parent) {
1057 iput(inode); 1067 iput(inode);