On Wed, 7 Nov 2018 at 23:04, Richard Weinberger <rich...@nod.at> wrote:
> UBIFS's recovery code strictly assumes that a deleted inode will never
> come back, therefore it removes all data which belongs to that inode
> as soon it faces an inode with link count 0 in the replay list.
> Before O_TMPFILE this assumption was perfectly fine. With O_TMPFILE
> it can lead to data loss upon a power-cut.
>
> Consider a journal with entries like:
> 0: inode X (nlink = 0) /* O_TMPFILE was created */
> 1: data for inode X /* Someone writes to the temp file */
> 2: inode X (nlink = 0) /* inode was changed, xattr, chmod, … */
> 3: inode X (nlink = 1) /* inode was re-linked via linkat() */
>
> Upon replay of entry #2 UBIFS will drop all data that belongs to inode X,
> this will lead to an empty file after mounting.
>
> As solution for this problem, scan the replay list for a re-link entry
> before dropping data.
>
> Fixes: 474b93704f32 ("ubifs: Implement O_TMPFILE")
> Cc: sta...@vger.kernel.org
> Cc: Russell Senior <russ...@personaltelco.net>
> Cc: Rafał Miłecki <zaj...@gmail.com>
> Reported-by: Russell Senior <russ...@personaltelco.net>
> Reported-by: Rafał Miłecki <zaj...@gmail.com>
> Signed-off-by: Richard Weinberger <rich...@nod.at>Thank you!!! Tested-by: Rafał Miłecki <ra...@milecki.pl>
