From patchwork Sat Jan  7 03:22:38 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Zhang Yi <yi.zhang@huawei.com>
X-Patchwork-Id: 9502801
Return-Path: <linux-fsdevel-owner@kernel.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	60C71606B4 for <patchwork-linux-fsdevel@patchwork.kernel.org>;
	Sat,  7 Jan 2017 03:22:56 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 4A34728538
	for <patchwork-linux-fsdevel@patchwork.kernel.org>;
	Sat,  7 Jan 2017 03:22:56 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 3F20D2853F; Sat,  7 Jan 2017 03:22:56 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,RCVD_IN_DNSWL_HI
	autolearn=ham version=3.3.1
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id B575528538
	for <patchwork-linux-fsdevel@patchwork.kernel.org>;
	Sat,  7 Jan 2017 03:22:55 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1755179AbdAGDWx (ORCPT
	<rfc822;patchwork-linux-fsdevel@patchwork.kernel.org>);
	Fri, 6 Jan 2017 22:22:53 -0500
Received: from szxga03-in.huawei.com ([119.145.14.66]:49781 "EHLO
	szxga03-in.huawei.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1754262AbdAGDWv (ORCPT
	<rfc822;linux-fsdevel@vger.kernel.org>);
	Fri, 6 Jan 2017 22:22:51 -0500
Received: from 172.24.1.47 (EHLO szxeml426-hub.china.huawei.com)
	([172.24.1.47])
	by szxrg03-dlp.huawei.com (MOS 4.4.3-GA FastPath queued)
	with ESMTP id CNR59704; Sat, 07 Jan 2017 11:22:40 +0800 (CST)
Received: from 138.huawei.com (10.175.124.28) by
	szxeml426-hub.china.huawei.com (10.82.67.181) with Microsoft SMTP
	Server (TLS) id 14.3.235.1; Sat, 7 Jan 2017 11:22:33 +0800
From: yi zhang <yi.zhang@huawei.com>
To: <linux-ext4@vger.kernel.org>
CC: <linux-kernel@vger.kernel.org>, <linux-fsdevel@vger.kernel.org>,
	<tytso@mit.edu>, <adilger.kernel@dilger.ca>, <yi.zhang@huawei.com>
Subject: [PATCH v3] ext4: increase the protection of nlink dec and ext4
	inode destroy
Date: Sat, 7 Jan 2017 11:22:38 +0800
Message-ID: <1483759358-7188-1-git-send-email-yi.zhang@huawei.com>
X-Mailer: git-send-email 2.5.0
MIME-Version: 1.0
X-Originating-IP: [10.175.124.28]
X-CFilter-Loop: Reflected
Sender: linux-fsdevel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-fsdevel.vger.kernel.org>
X-Mailing-List: linux-fsdevel@vger.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

Because of the disk and hardware issue, the ext4 filesystem have
many errors, the inode->i_nlink of ext4 becomes zero abnormally
but the dentry is still positive, it will cause memory corruption
after the following process:

 1) Due to the inode->i_nlink is 0, this inode will be added into
the orhpan list,
 2) ext4_rename() cover this inode, and drop_nlink() will reverse
the inode->i_nlink to 0xFFFFFFFF,
 3) iput() add this inode to LRU,
 4) evict() will call destroy_inode() to destroy this inode but
skip removing it from the orphan list,
 5) after this, the inode's memory address space will be used by
other module, when the ext4 filesystem change the orphan list, it will
trample other module's data and then may cause oops.

Although we cannot avoid hardware and disk errors, we can control the
softwore error in the ext4 module, do not affect other modules and
increase the difficulty of locating problems.

This patch avoid inode->i_nlink reverse and remove the inode from the
orphan list when destroy it if the list is not empty.

changes since: RFC Patch v2
 - move the protection from drop_nlink() to ext4_rename()

Signed-off-by: zhangyi (F) <yi.zhang@huawei.com>
---
 fs/ext4/namei.c | 7 +++++++
 fs/ext4/super.c | 1 +
 2 files changed, 8 insertions(+)

diff --git a/fs/ext4/namei.c b/fs/ext4/namei.c
index eadba91..e0718cd 100644
--- a/fs/ext4/namei.c
+++ b/fs/ext4/namei.c
@@ -3662,6 +3662,13 @@ static int ext4_rename(struct inode *old_dir, struct dentry *old_dentry,
 	}
 
 	if (new.inode) {
+		if (new.inode->i_nlink == 0) {
+			ext4_warning_inode(new.inode,
+					   "Removing file '%.*s' with no links",
+					   new.dentry->d_name.len,
+					   new.dentry->d_name.name);
+			set_nlink(new.inode, 1);
+		}
 		ext4_dec_count(handle, new.inode);
 		new.inode->i_ctime = current_time(new.inode);
 	}
diff --git a/fs/ext4/super.c b/fs/ext4/super.c
index 66845a0..ad5ad42 100644
--- a/fs/ext4/super.c
+++ b/fs/ext4/super.c
@@ -975,6 +975,7 @@ static void ext4_destroy_inode(struct inode *inode)
 				EXT4_I(inode), sizeof(struct ext4_inode_info),
 				true);
 		dump_stack();
+		ext4_orphan_del(NULL, inode);
 	}
 	call_rcu(&inode->i_rcu, ext4_i_callback);
 }