mirror of
https://mirrors.bfsu.edu.cn/git/linux.git
synced 2024-09-21 20:22:13 +08:00
f41e355f8b
If the bitmap block that manages the inode allocation status is corrupted,
nilfs_ifile_create_inode() may allocate a new inode from the reserved
inode area where it should not be allocated.
Previous fix commit d325dc6eb7 ("nilfs2: fix use-after-free bug of
struct nilfs_root"), fixed the problem that reserved inodes with inode
numbers less than NILFS_USER_INO (=11) were incorrectly reallocated due to
bitmap corruption, but since the start number of non-reserved inodes is
read from the super block and may change, in which case inode allocation
may occur from the extended reserved inode area.
If that happens, access to that inode will cause an IO error, causing the
file system to degrade to an error state.
Fix this potential issue by adding a wraparound option to the common
metadata object allocation routine and by modifying
nilfs_ifile_create_inode() to disable the option so that it only allocates
inodes with inode numbers greater than or equal to the inode number read
in "nilfs->ns_first_ino", regardless of the bitmap status of reserved
inodes.
Link: https://lkml.kernel.org/r/20240623051135.4180-4-konishi.ryusuke@gmail.com
Signed-off-by: Ryusuke Konishi <konishi.ryusuke@gmail.com>
Cc: Hillf Danton <hdanton@sina.com>
Cc: Jan Kara <jack@suse.cz>
Cc: Matthew Wilcox (Oracle) <willy@infradead.org>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
218 lines
5.4 KiB
C
218 lines
5.4 KiB
C
// SPDX-License-Identifier: GPL-2.0+
|
|
/*
|
|
* NILFS inode file
|
|
*
|
|
* Copyright (C) 2006-2008 Nippon Telegraph and Telephone Corporation.
|
|
*
|
|
* Written by Amagai Yoshiji.
|
|
* Revised by Ryusuke Konishi.
|
|
*
|
|
*/
|
|
|
|
#include <linux/types.h>
|
|
#include <linux/buffer_head.h>
|
|
#include "nilfs.h"
|
|
#include "mdt.h"
|
|
#include "alloc.h"
|
|
#include "ifile.h"
|
|
#include "cpfile.h"
|
|
|
|
/**
|
|
* struct nilfs_ifile_info - on-memory private data of ifile
|
|
* @mi: on-memory private data of metadata file
|
|
* @palloc_cache: persistent object allocator cache of ifile
|
|
*/
|
|
struct nilfs_ifile_info {
|
|
struct nilfs_mdt_info mi;
|
|
struct nilfs_palloc_cache palloc_cache;
|
|
};
|
|
|
|
static inline struct nilfs_ifile_info *NILFS_IFILE_I(struct inode *ifile)
|
|
{
|
|
return (struct nilfs_ifile_info *)NILFS_MDT(ifile);
|
|
}
|
|
|
|
/**
|
|
* nilfs_ifile_create_inode - create a new disk inode
|
|
* @ifile: ifile inode
|
|
* @out_ino: pointer to a variable to store inode number
|
|
* @out_bh: buffer_head contains newly allocated disk inode
|
|
*
|
|
* Return Value: On success, 0 is returned and the newly allocated inode
|
|
* number is stored in the place pointed by @ino, and buffer_head pointer
|
|
* that contains newly allocated disk inode structure is stored in the
|
|
* place pointed by @out_bh
|
|
* On error, one of the following negative error codes is returned.
|
|
*
|
|
* %-EIO - I/O error.
|
|
*
|
|
* %-ENOMEM - Insufficient amount of memory available.
|
|
*
|
|
* %-ENOSPC - No inode left.
|
|
*/
|
|
int nilfs_ifile_create_inode(struct inode *ifile, ino_t *out_ino,
|
|
struct buffer_head **out_bh)
|
|
{
|
|
struct nilfs_palloc_req req;
|
|
int ret;
|
|
|
|
req.pr_entry_nr = NILFS_FIRST_INO(ifile->i_sb);
|
|
req.pr_entry_bh = NULL;
|
|
|
|
ret = nilfs_palloc_prepare_alloc_entry(ifile, &req, false);
|
|
if (!ret) {
|
|
ret = nilfs_palloc_get_entry_block(ifile, req.pr_entry_nr, 1,
|
|
&req.pr_entry_bh);
|
|
if (ret < 0)
|
|
nilfs_palloc_abort_alloc_entry(ifile, &req);
|
|
}
|
|
if (ret < 0) {
|
|
brelse(req.pr_entry_bh);
|
|
return ret;
|
|
}
|
|
nilfs_palloc_commit_alloc_entry(ifile, &req);
|
|
mark_buffer_dirty(req.pr_entry_bh);
|
|
nilfs_mdt_mark_dirty(ifile);
|
|
*out_ino = (ino_t)req.pr_entry_nr;
|
|
*out_bh = req.pr_entry_bh;
|
|
return 0;
|
|
}
|
|
|
|
/**
|
|
* nilfs_ifile_delete_inode - delete a disk inode
|
|
* @ifile: ifile inode
|
|
* @ino: inode number
|
|
*
|
|
* Return Value: On success, 0 is returned. On error, one of the following
|
|
* negative error codes is returned.
|
|
*
|
|
* %-EIO - I/O error.
|
|
*
|
|
* %-ENOMEM - Insufficient amount of memory available.
|
|
*
|
|
* %-ENOENT - The inode number @ino have not been allocated.
|
|
*/
|
|
int nilfs_ifile_delete_inode(struct inode *ifile, ino_t ino)
|
|
{
|
|
struct nilfs_palloc_req req = {
|
|
.pr_entry_nr = ino, .pr_entry_bh = NULL
|
|
};
|
|
struct nilfs_inode *raw_inode;
|
|
void *kaddr;
|
|
int ret;
|
|
|
|
ret = nilfs_palloc_prepare_free_entry(ifile, &req);
|
|
if (!ret) {
|
|
ret = nilfs_palloc_get_entry_block(ifile, req.pr_entry_nr, 0,
|
|
&req.pr_entry_bh);
|
|
if (ret < 0)
|
|
nilfs_palloc_abort_free_entry(ifile, &req);
|
|
}
|
|
if (ret < 0) {
|
|
brelse(req.pr_entry_bh);
|
|
return ret;
|
|
}
|
|
|
|
kaddr = kmap_local_page(req.pr_entry_bh->b_page);
|
|
raw_inode = nilfs_palloc_block_get_entry(ifile, req.pr_entry_nr,
|
|
req.pr_entry_bh, kaddr);
|
|
raw_inode->i_flags = 0;
|
|
kunmap_local(kaddr);
|
|
|
|
mark_buffer_dirty(req.pr_entry_bh);
|
|
brelse(req.pr_entry_bh);
|
|
|
|
nilfs_palloc_commit_free_entry(ifile, &req);
|
|
|
|
return 0;
|
|
}
|
|
|
|
int nilfs_ifile_get_inode_block(struct inode *ifile, ino_t ino,
|
|
struct buffer_head **out_bh)
|
|
{
|
|
struct super_block *sb = ifile->i_sb;
|
|
int err;
|
|
|
|
if (unlikely(!NILFS_VALID_INODE(sb, ino))) {
|
|
nilfs_error(sb, "bad inode number: %lu", (unsigned long)ino);
|
|
return -EINVAL;
|
|
}
|
|
|
|
err = nilfs_palloc_get_entry_block(ifile, ino, 0, out_bh);
|
|
if (unlikely(err))
|
|
nilfs_warn(sb, "error %d reading inode: ino=%lu",
|
|
err, (unsigned long)ino);
|
|
return err;
|
|
}
|
|
|
|
/**
|
|
* nilfs_ifile_count_free_inodes - calculate free inodes count
|
|
* @ifile: ifile inode
|
|
* @nmaxinodes: current maximum of available inodes count [out]
|
|
* @nfreeinodes: free inodes count [out]
|
|
*/
|
|
int nilfs_ifile_count_free_inodes(struct inode *ifile,
|
|
u64 *nmaxinodes, u64 *nfreeinodes)
|
|
{
|
|
u64 nused;
|
|
int err;
|
|
|
|
*nmaxinodes = 0;
|
|
*nfreeinodes = 0;
|
|
|
|
nused = atomic64_read(&NILFS_I(ifile)->i_root->inodes_count);
|
|
err = nilfs_palloc_count_max_entries(ifile, nused, nmaxinodes);
|
|
if (likely(!err))
|
|
*nfreeinodes = *nmaxinodes - nused;
|
|
return err;
|
|
}
|
|
|
|
/**
|
|
* nilfs_ifile_read - read or get ifile inode
|
|
* @sb: super block instance
|
|
* @root: root object
|
|
* @cno: number of checkpoint entry to read
|
|
* @inode_size: size of an inode
|
|
*
|
|
* Return: 0 on success, or the following negative error code on failure.
|
|
* * %-EINVAL - Invalid checkpoint.
|
|
* * %-ENOMEM - Insufficient memory available.
|
|
* * %-EIO - I/O error (including metadata corruption).
|
|
*/
|
|
int nilfs_ifile_read(struct super_block *sb, struct nilfs_root *root,
|
|
__u64 cno, size_t inode_size)
|
|
{
|
|
struct the_nilfs *nilfs;
|
|
struct inode *ifile;
|
|
int err;
|
|
|
|
ifile = nilfs_iget_locked(sb, root, NILFS_IFILE_INO);
|
|
if (unlikely(!ifile))
|
|
return -ENOMEM;
|
|
if (!(ifile->i_state & I_NEW))
|
|
goto out;
|
|
|
|
err = nilfs_mdt_init(ifile, NILFS_MDT_GFP,
|
|
sizeof(struct nilfs_ifile_info));
|
|
if (err)
|
|
goto failed;
|
|
|
|
err = nilfs_palloc_init_blockgroup(ifile, inode_size);
|
|
if (err)
|
|
goto failed;
|
|
|
|
nilfs_palloc_setup_cache(ifile, &NILFS_IFILE_I(ifile)->palloc_cache);
|
|
|
|
nilfs = sb->s_fs_info;
|
|
err = nilfs_cpfile_read_checkpoint(nilfs->ns_cpfile, cno, root, ifile);
|
|
if (err)
|
|
goto failed;
|
|
|
|
unlock_new_inode(ifile);
|
|
out:
|
|
return 0;
|
|
failed:
|
|
iget_failed(ifile);
|
|
return err;
|
|
}
|