summaryrefslogtreecommitdiff
path: root/fs/hfsplus/brec.c
diff options
context:
space:
mode:
authorErnesto A. Fernández <ernesto.mnd.fernandez@gmail.com>2018-10-30 15:06:00 -0700
committerLinus Torvalds <torvalds@linux-foundation.org>2018-10-31 08:54:13 -0700
commit0a3021d4f5295aa073c7bf5c5e4de60a2e292578 (patch)
tree1ebc07aaea1a9ddab9837c240a41119d67531344 /fs/hfsplus/brec.c
parentf027c34d844013d9d6c902af8fa01a82d6e5073d (diff)
downloadlwn-0a3021d4f5295aa073c7bf5c5e4de60a2e292578.tar.gz
lwn-0a3021d4f5295aa073c7bf5c5e4de60a2e292578.zip
hfsplus: prevent btree data loss on root split
Creating, renaming or deleting a file may cause catalog corruption and data loss. This bug is randomly triggered by xfstests generic/027, but here is a faster reproducer: truncate -s 50M fs.iso mkfs.hfsplus fs.iso mount fs.iso /mnt i=100 while [ $i -le 150 ]; do touch /mnt/$i &>/dev/null ((++i)) done i=100 while [ $i -le 150 ]; do mv /mnt/$i /mnt/$(perl -e "print $i x82") &>/dev/null ((++i)) done umount /mnt fsck.hfsplus -n fs.iso The bug is triggered whenever hfs_brec_update_parent() needs to split the root node. The height of the btree is not increased, which leaves the new node orphaned and its records lost. Link: http://lkml.kernel.org/r/26d882184fc43043a810114258f45277752186c7.1535682461.git.ernesto.mnd.fernandez@gmail.com Signed-off-by: Ernesto A. Fernández <ernesto.mnd.fernandez@gmail.com> Cc: Christoph Hellwig <hch@infradead.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'fs/hfsplus/brec.c')
-rw-r--r--fs/hfsplus/brec.c4
1 files changed, 4 insertions, 0 deletions
diff --git a/fs/hfsplus/brec.c b/fs/hfsplus/brec.c
index ed8eacb34452..aa17a392b414 100644
--- a/fs/hfsplus/brec.c
+++ b/fs/hfsplus/brec.c
@@ -429,6 +429,10 @@ skip:
if (new_node) {
__be32 cnid;
+ if (!new_node->parent) {
+ hfs_btree_inc_height(tree);
+ new_node->parent = tree->root;
+ }
fd->bnode = hfs_bnode_find(tree, new_node->parent);
/* create index key and entry */
hfs_bnode_read_key(new_node, fd->search_key, 14);