summaryrefslogtreecommitdiff
path: root/fs/ubifs
diff options
context:
space:
mode:
authorZhihao Cheng <chengzhihao1@huawei.com>2022-10-11 11:47:31 +0800
committerRichard Weinberger <richard@nod.at>2023-02-02 21:13:40 +0100
commit25fce616a61fc2f1821e4a9ce212d0e064707093 (patch)
tree637a0857fd919e9426f161c27b5d240df6581686 /fs/ubifs
parentb248eaf049d9cdc5eb76b59399e4d3de233f02ac (diff)
downloadlwn-25fce616a61fc2f1821e4a9ce212d0e064707093.tar.gz
lwn-25fce616a61fc2f1821e4a9ce212d0e064707093.zip
ubifs: do_rename: Fix wrong space budget when target inode's nlink > 1
If target inode is a special file (eg. block/char device) with nlink count greater than 1, the inode with ui->data will be re-written on disk. However, UBIFS losts target inode's data_len while doing space budget. Bad space budget may let make_reservation() return with -ENOSPC, which could turn ubifs to read-only mode in do_writepage() process. Fetch a reproducer in [Link]. Link: https://bugzilla.kernel.org/show_bug.cgi?id=216494 Fixes: 1e51764a3c2ac0 ("UBIFS: add new flash file system") Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com> Signed-off-by: Richard Weinberger <richard@nod.at>
Diffstat (limited to 'fs/ubifs')
-rw-r--r--fs/ubifs/dir.c2
1 files changed, 2 insertions, 0 deletions
diff --git a/fs/ubifs/dir.c b/fs/ubifs/dir.c
index 7a1dcd14e387..4509d9fa9e6e 100644
--- a/fs/ubifs/dir.c
+++ b/fs/ubifs/dir.c
@@ -1324,6 +1324,8 @@ static int do_rename(struct inode *old_dir, struct dentry *old_dentry,
if (unlink) {
ubifs_assert(c, inode_is_locked(new_inode));
+ /* Budget for old inode's data when its nlink > 1. */
+ req.dirtied_ino_d = ALIGN(ubifs_inode(new_inode)->data_len, 8);
err = ubifs_purge_xattrs(new_inode);
if (err)
return err;