On Sun, 28 Oct 2018 at 22:44, Richard Weinberger <[email protected]> wrote: > UBIFS's recovery code strictly assumes that a deleted inode will never > come back, therefore it removes all data which belongs to that inode > as soon it faces an inode with link count 0 in the replay list. > Before O_TMPFILE this assumption was perfectly fine. With O_TMPFILE > it can lead to data loss upon a power-cut. > > Consider a journal with entries like: > 0: inode X (nlink = 0) /* O_TMPFILE was created */ > 1: data for inode X /* Someone writes to the temp file */ > 2: inode X (nlink = 0) /* inode was changed, xattr, chmod, … */ > 3: inode X (nlink = 1) /* inode was re-linked via linkat() */ > > Upon replay of entry #2 UBIFS will drop all data that belongs to inode X, > this will lead to an empty file after mounting. > > As solution for this problem, scan the replay list for a re-link entry > before dropping data. > > Fixes: 474b93704f32 ("ubifs: Implement O_TMPFILE") > Cc: [email protected] > Reported-by: Russell Senior <[email protected]> > Reported-by: Rafał Miłecki <[email protected]> > Signed-off-by: Richard Weinberger <[email protected]>
Thank you Richard!!! Tested-by: Rafał Miłecki <[email protected]>
