From 25e7a55e438cc2707c46a09e2c4c38ffce23b911 Mon Sep 17 00:00:00 2001 From: "Darrick J. Wong" Date: Mon, 27 Dec 2021 19:42:56 +0800 Subject: [PATCH] xfs: reset child dir '..' entry when unlinking child mainline-inclusion from mainline-v5.14-rc1 commit 5838d0356bb3c320867c393f12b169c01a870bda category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I4KIAO CVE: NA Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=5838d0356bb3c320867c393f12b169c01a870bda ------------------------------------------------- While running xfs/168, I noticed a second source of post-shrink corruption errors causing shutdowns. Let's say that directory B has a low inode number and is a child of directory A, which has a high number. If B is empty but open, and unlinked from A, B's dotdot link continues to point to A. If A is then unlinked and the filesystem shrunk so that A is no longer a valid inode, a subsequent AIL push of B will trip the inode verifiers because the dotdot entry points outside of the filesystem. To avoid this problem, reset B's dotdot entry to the root directory when unlinking directories, since the root directory cannot be removed. Signed-off-by: Darrick J. Wong Reviewed-by: Gao Xiang Signed-off-by: Guo Xuenan Reviewed-by: Lihong Kou Reviewed-by: Zhang Yi Signed-off-by: Zheng Zengkai --- fs/xfs/xfs_inode.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/fs/xfs/xfs_inode.c b/fs/xfs/xfs_inode.c index 4db3c0b7d71b..36c5d212bdde 100644 --- a/fs/xfs/xfs_inode.c +++ b/fs/xfs/xfs_inode.c @@ -2884,6 +2884,19 @@ xfs_remove( error = xfs_droplink(tp, ip); if (error) goto out_trans_cancel; + + /* + * Point the unlinked child directory's ".." entry to the root + * directory to eliminate back-references to inodes that may + * get freed before the child directory is closed. If the fs + * gets shrunk, this can lead to dirent inode validation errors. + */ + if (dp->i_ino != tp->t_mountp->m_sb.sb_rootino) { + error = xfs_dir_replace(tp, ip, &xfs_name_dotdot, + tp->t_mountp->m_sb.sb_rootino, 0); + if (error) + return error; + } } else { /* * When removing a non-directory we need to log the parent -- GitLab