Commit 82c096d0 authored Oct 11, 2022 by Zhihao Cheng Committed by Greg Kroah-Hartman Mar 11, 2023

ubifs: do_rename: Fix wrong space budget when target inode's nlink > 1

[ Upstream commit 25fce616a61fc2f1821e4a9ce212d0e064707093 ]

If target inode is a special file (eg. block/char device) with nlink
count greater than 1, the inode with ui->data will be re-written on
disk. However, UBIFS losts target inode's data_len while doing space
budget. Bad space budget may let make_reservation() return with -ENOSPC,
which could turn ubifs to read-only mode in do_writepage() process.

Fetch a reproducer in [Link].

Link: https://bugzilla.kernel.org/show_bug.cgi?id=216494


Fixes: 1e51764a ("UBIFS: add new flash file system")
Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com>
Signed-off-by: Richard Weinberger <richard@nod.at>
Signed-off-by: Sasha Levin <sashal@kernel.org>

parent bf8f5495

fs/ubifs/dir.c

+2 −0

Original line number	Original line	Diff line number	Diff line
	@@ -1296,6 +1296,8 @@ static int do_rename(struct inode old_dir, struct dentry old_dentry,
	if (unlink) {		if (unlink) {
	ubifs_assert(c, inode_is_locked(new_inode));		ubifs_assert(c, inode_is_locked(new_inode));

			/* Budget for old inode's data when its nlink > 1. */
			req.dirtied_ino_d = ALIGN(ubifs_inode(new_inode)->data_len, 8);
	err = ubifs_purge_xattrs(new_inode);		err = ubifs_purge_xattrs(new_inode);
	if (err)		if (err)
	return err;		return err;