ubifs: Check link count of inodes when killing orphans. (ee1438ce) · Commits · e / devices / android_kernel_fairphone_FP5

fs/ubifs/orphan.c

+35 −9

Original line number	Diff line number	Diff line
		@@ -630,6 +630,7 @@ static int do_kill_orphans(struct ubifs_info c, struct ubifs_scan_leb sleb,
		{
		struct ubifs_scan_node *snod;
		struct ubifs_orph_node *orph;
		struct ubifs_ino_node *ino = NULL;
		unsigned long long cmt_no;
		ino_t inum;
		int i, n, err, first = 1;
		@@ -676,11 +677,26 @@ static int do_kill_orphans(struct ubifs_info c, struct ubifs_scan_leb sleb,
		if (first)
		first = 0;

		ino = kmalloc(UBIFS_MAX_INO_NODE_SZ, GFP_NOFS);
		if (!ino)
		return -ENOMEM;

		n = (le32_to_cpu(orph->ch.len) - UBIFS_ORPH_NODE_SZ) >> 3;
		for (i = 0; i < n; i++) {
		union ubifs_key key1, key2;

		inum = le64_to_cpu(orph->inos[i]);

		ino_key_init(c, &key1, inum);
		err = ubifs_tnc_lookup(c, &key1, ino);
		if (err)
		goto out_free;

		/*
		* Check whether an inode can really get deleted.
		* linkat() with O_TMPFILE allows rebirth of an inode.
		*/
		if (ino->nlink == 0) {
		dbg_rcvry("deleting orphaned inode %lu",
		(unsigned long)inum);

		@@ -689,10 +705,12 @@ static int do_kill_orphans(struct ubifs_info c, struct ubifs_scan_leb sleb,

		err = ubifs_tnc_remove_range(c, &key1, &key2);
		if (err)
		return err;
		goto out_ro;
		}

		err = insert_dead_orphan(c, inum);
		if (err)
		return err;
		goto out_free;
		}

		*last_cmt_no = cmt_no;
		@@ -704,7 +722,15 @@ static int do_kill_orphans(struct ubifs_info c, struct ubifs_scan_leb sleb,
		*last_flagged = 0;
		}

		return 0;
		err = 0;
		out_free:
		kfree(ino);
		return err;

		out_ro:
		ubifs_ro_mode(c, err);
		kfree(ino);
		return err;
		}

		/**