ocfs2: check existence of old dentry in ocfs2_link()
System call linkat first calls user_path_at(), check the existence of
old dentry, and then calls vfs_link()->ocfs2_link() to do the actual
work.  There may exist a race when Node A create a hard link for file
while node B rm it.
         Node A                          Node B
user_path_at()
  ->ocfs2_lookup(),
find old dentry exist
                                rm file, add inode say inodeA
                                to orphan_dir
call ocfs2_link(),create a
hard link for inodeA.
                                rm the link, add inodeA to orphan_dir
                                again
When orphan_scan work start, it calls ocfs2_queue_orphans() to do the
main work.  It first tranverses entrys in orphan_dir, linking all inodes
in this orphan_dir to a list look like this:
	inodeA->inodeB->...->inodeA
When tranvering this list, it will fall into loop, calling iput() again
and again.  And finally trigger BUG_ON(inode->i_state & I_CLEAR).
Signed-off-by:  joyce <xuejiufei@huawei.com>
Reviewed-by:
joyce <xuejiufei@huawei.com>
Reviewed-by:  Mark Fasheh <mfasheh@suse.com>
Cc: Joel Becker <jlbec@evilplan.org>
Signed-off-by:
Mark Fasheh <mfasheh@suse.com>
Cc: Joel Becker <jlbec@evilplan.org>
Signed-off-by:  Andrew Morton <akpm@linux-foundation.org>
Signed-off-by:
Andrew Morton <akpm@linux-foundation.org>
Signed-off-by:  Linus Torvalds <torvalds@linux-foundation.org>
Linus Torvalds <torvalds@linux-foundation.org>
Loading
Please register or sign in to comment
