From patchwork Thu Dec 29 06:55:39 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Zhang Yi X-Patchwork-Id: 9491033 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id E859260488 for ; Thu, 29 Dec 2016 06:56:28 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id D87B91FF65 for ; Thu, 29 Dec 2016 06:56:28 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id CD54E209CD; Thu, 29 Dec 2016 06:56:28 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,RCVD_IN_DNSWL_HI autolearn=unavailable version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 6B5251FF65 for ; Thu, 29 Dec 2016 06:56:28 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752318AbcL2G4K (ORCPT ); Thu, 29 Dec 2016 01:56:10 -0500 Received: from szxga02-in.huawei.com ([119.145.14.65]:25040 "EHLO szxga02-in.huawei.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751158AbcL2G4J (ORCPT ); Thu, 29 Dec 2016 01:56:09 -0500 Received: from 172.24.1.136 (EHLO SZXEML423-HUB.china.huawei.com) ([172.24.1.136]) by szxrg02-dlp.huawei.com (MOS 4.3.7-GA FastPath queued) with ESMTP id DSS45371; Thu, 29 Dec 2016 14:55:56 +0800 (CST) Received: from 138.huawei.com (10.175.124.28) by SZXEML423-HUB.china.huawei.com (10.82.67.154) with Microsoft SMTP Server (TLS) id 14.3.235.1; Thu, 29 Dec 2016 14:55:48 +0800 From: yi zhang To: CC: , , , , Subject: [RFC PATCH V2] ext4: increase the protection of drop nlink and ext4 inode destroy Date: Thu, 29 Dec 2016 14:55:39 +0800 Message-ID: <1482994539-48559-1-git-send-email-yi.zhang@huawei.com> X-Mailer: git-send-email 2.5.0 MIME-Version: 1.0 X-Originating-IP: [10.175.124.28] X-CFilter-Loop: Reflected Sender: linux-fsdevel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-fsdevel@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Because of the disk and hardware issue, the ext4 filesystem have many errors, the inode->i_nlink of ext4 becomes zero abnormally but the dentry is still positive, it will cause memory corruption after the following process: 1) Due to the inode->i_nlink is 0, this inode will be added into the orhpan list, 2) ext4_rename() cover this inode, and drop_nlink() will reverse the inode->i_nlink to 0xFFFFFFFF, 3) iput() add this inode to LRU, 4) evict() will call destroy_inode() to destroy this inode but skip removing it from the orphan list, 5) after this, the inode's memory address space will be used by other module, when the ext4 filesystem change the orphan list, it will trample other module's data and then may cause oops. Although we cannot avoid hardware and disk errors, we can control the softwore error in the ext4 module, do not affect other modules and increase the difficulty of locating problems. This patch avoid inode->i_nlink reverse and remove the inode from the orphan list when destroy it if the list is not empty. changes since: v1 - correct a spelling mistake. - change the style of the WARN string. Signed-off-by: yi zhang Reviewed-by: Jan Kara --- fs/ext4/super.c | 1 + fs/inode.c | 5 ++++- 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/fs/ext4/super.c b/fs/ext4/super.c index 52b0530..617327e 100644 --- a/fs/ext4/super.c +++ b/fs/ext4/super.c @@ -975,6 +975,7 @@ static void ext4_destroy_inode(struct inode *inode) EXT4_I(inode), sizeof(struct ext4_inode_info), true); dump_stack(); + ext4_orphan_del(NULL, inode); } call_rcu(&inode->i_rcu, ext4_i_callback); } diff --git a/fs/inode.c b/fs/inode.c index 88110fd..079d383 100644 --- a/fs/inode.c +++ b/fs/inode.c @@ -279,7 +279,10 @@ static void destroy_inode(struct inode *inode) */ void drop_nlink(struct inode *inode) { - WARN_ON(inode->i_nlink == 0); + if (WARN(inode->i_nlink == 0, + "inode %lu nlink is already 0", inode->i_ino)) + return; + inode->__i_nlink--; if (!inode->i_nlink) atomic_long_inc(&inode->i_sb->s_remove_count);