There is a potential space leak problem while linking tmpfile, in which case, inode node (with nlink=0) is valid in tnc (on flash), which leads to space leak. Meanwhile, the corresponding data nodes won't be released from tnc. For example, (A reproducer can be found in Link):
$ mount UBIFS [process A] [process B] [TNC] [orphan area] ubifs_tmpfile inode_A (nlink=0) inode_A do_commit inode_A (nlink=0) inode_A ↑ (comment: It makes sure not replay inode_A in next mount) ubifs_link inode_A (nlink=0) inode_A ubifs_delete_orphan inode_A (nlink=0) do_commit inode_A (nlink=0) ---> POWERCUT <--- (ubifs_jnl_update) $ mount UBIFS inode_A will neither be replayed in ubifs_replay_journal() nor ubifs_mount_orphans(). inode_A (nlink=0) with its data nodes will always on tnc, it occupy space but is non-visable for users. Commit ee1438ce5dc4d ("ubifs: Check link count of inodes when killing orphans.") handles problem in mistakenly deleting relinked tmpfile while replaying orphan area. Since that, tmpfile inode should always live in orphan area even it is linked. Fix it by reverting commit 32fe905c17f001 ("ubifs: Fix O_TMPFILE corner case in ubifs_link()"). Signed-off-by: Zhihao Cheng <chengzhih...@huawei.com> Cc: <sta...@vger.kernel.org> Fixes: 32fe905c17f001 ("ubifs: Fix O_TMPFILE corner case in ubifs_link()") Link: https://bugzilla.kernel.org/show_bug.cgi?id=208405 --- fs/ubifs/dir.c | 7 ------- 1 file changed, 7 deletions(-) diff --git a/fs/ubifs/dir.c b/fs/ubifs/dir.c index ef85ec167a84..9534c4bb598f 100644 --- a/fs/ubifs/dir.c +++ b/fs/ubifs/dir.c @@ -722,11 +722,6 @@ static int ubifs_link(struct dentry *old_dentry, struct inode *dir, goto out_fname; lock_2_inodes(dir, inode); - - /* Handle O_TMPFILE corner case, it is allowed to link a O_TMPFILE. */ - if (inode->i_nlink == 0) - ubifs_delete_orphan(c, inode->i_ino); - inc_nlink(inode); ihold(inode); inode->i_ctime = current_time(inode); @@ -747,8 +742,6 @@ static int ubifs_link(struct dentry *old_dentry, struct inode *dir, dir->i_size -= sz_change; dir_ui->ui_size = dir->i_size; drop_nlink(inode); - if (inode->i_nlink == 0) - ubifs_add_orphan(c, inode->i_ino); unlock_2_inodes(dir, inode); ubifs_release_budget(c, &req); iput(inode); -- 2.25.4