| Message ID | alpine.LSU.2.11.1902182134370.7035@eggly.anvils (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | tmpfs: fix link accounting when a tmpfile is linked in | expand |
On Mon, Feb 18, 2019 at 09:37:52PM -0800, Hugh Dickins wrote: > From: "Darrick J. Wong" <darrick.wong@oracle.com> > > tmpfs has a peculiarity of accounting hard links as if they were separate > inodes: so that when the number of inodes is limited, as it is by default, > a user cannot soak up an unlimited amount of unreclaimable dcache memory > just by repeatedly linking a file. > > But when v3.11 added O_TMPFILE, and the ability to use linkat() on the fd, > we missed accommodating this new case in tmpfs: "df -i" shows that an > extra "inode" remains accounted after the file is unlinked and the fd > closed and the actual inode evicted. If a user repeatedly links tmpfiles > into a tmpfs, the limit will be hit (ENOSPC) even after they are deleted. > > Just skip the extra reservation from shmem_link() in this case: there's > a sense in which this first link of a tmpfile is then cheaper than a > hard link of another file, but the accounting works out, and there's > still good limiting, so no need to do anything more complicated. > > Fixes: f4e0c30c191 ("allow the temp files created by open() to be linked to") > Reported-by: Matej Kupljen <matej.kupljen@gmail.com> > Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com> > Signed-off-by: Hugh Dickins <hughd@google.com> FWIW, Acked-by: Al Viro <viro@zeniv.linux.org.uk> Or I can drop it into vfs.git - up to you.
On Tue, 19 Feb 2019, Al Viro wrote: > On Mon, Feb 18, 2019 at 09:37:52PM -0800, Hugh Dickins wrote: > > From: "Darrick J. Wong" <darrick.wong@oracle.com> > > > > tmpfs has a peculiarity of accounting hard links as if they were separate > > inodes: so that when the number of inodes is limited, as it is by default, > > a user cannot soak up an unlimited amount of unreclaimable dcache memory > > just by repeatedly linking a file. > > > > But when v3.11 added O_TMPFILE, and the ability to use linkat() on the fd, > > we missed accommodating this new case in tmpfs: "df -i" shows that an > > extra "inode" remains accounted after the file is unlinked and the fd > > closed and the actual inode evicted. If a user repeatedly links tmpfiles > > into a tmpfs, the limit will be hit (ENOSPC) even after they are deleted. > > > > Just skip the extra reservation from shmem_link() in this case: there's > > a sense in which this first link of a tmpfile is then cheaper than a > > hard link of another file, but the accounting works out, and there's > > still good limiting, so no need to do anything more complicated. > > > > Fixes: f4e0c30c191 ("allow the temp files created by open() to be linked to") > > Reported-by: Matej Kupljen <matej.kupljen@gmail.com> > > Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com> > > Signed-off-by: Hugh Dickins <hughd@google.com> > > FWIW, Acked-by: Al Viro <viro@zeniv.linux.org.uk> It's Worth A Lot, thanks Al. And I apologize for the cheeky "Fixes" line, when a fair view would blame me for earlier adding the weirdness fixed. > > Or I can drop it into vfs.git - up to you. Andrew usually gathers the mm/shmem.c mods (unless it's you doing an fs-wide sweep), so I was pointing it towards him; and I don't think it's in dire need of a last minute rush to 5.0, though no harm in there either. I'll say leave it to Andrew - and leave it to him to say the reverse :) Thanks, Hugh
--- 5.0-rc7/mm/shmem.c 2019-01-06 19:15:45.764805103 -0800 +++ linux/mm/shmem.c 2019-02-18 13:56:48.388032606 -0800 @@ -2854,10 +2854,14 @@ static int shmem_link(struct dentry *old * No ordinary (disk based) filesystem counts links as inodes; * but each new link needs a new dentry, pinning lowmem, and * tmpfs dentries cannot be pruned until they are unlinked. + * But if an O_TMPFILE file is linked into the tmpfs, the + * first link must skip that, to get the accounting right. */ - ret = shmem_reserve_inode(inode->i_sb); - if (ret) - goto out; + if (inode->i_nlink) { + ret = shmem_reserve_inode(inode->i_sb); + if (ret) + goto out; + } dir->i_size += BOGO_DIRENT_SIZE; inode->i_ctime = dir->i_ctime = dir->i_mtime = current_time(inode);