From: Sasha Levin <sashal@kernel.org>
Date: Thu, 27 Dec 2018 23:47:14 +0000 (-0500)
Subject: patches for 4.9
X-Git-Tag: v4.19.13~12
X-Git-Url: http://git.ipfire.org/gitweb/?a=commitdiff_plain;h=6088954671ee2cdc16181ec2753e9bca5a17f001;p=thirdparty%2Fkernel%2Fstable-queue.git

patches for 4.9

Signed-off-by: Sasha Levin <sashal@kernel.org>
---

diff --git a/queue-4.9/series b/queue-4.9/series
index 3e41b23c85b..e95e94253ad 100644
--- a/queue-4.9/series
+++ b/queue-4.9/series
@@ -16,3 +16,4 @@ gpio-max7301-fix-driver-for-use-with-config_vmap_stack.patch
 drivers-hv-vmbus-return-einval-for-the-sys-files-for-unopened-channels.patch
 x86-mtrr-don-t-copy-uninitialized-gentry-fields-back-to-userspace.patch
 x86-fpu-disable-bottom-halves-while-loading-fpu-registers.patch
+ubifs-handle-re-linking-of-inodes-correctly-while-re.patch
diff --git a/queue-4.9/ubifs-handle-re-linking-of-inodes-correctly-while-re.patch b/queue-4.9/ubifs-handle-re-linking-of-inodes-correctly-while-re.patch
new file mode 100644
index 00000000000..1615ec09ec9
--- /dev/null
+++ b/queue-4.9/ubifs-handle-re-linking-of-inodes-correctly-while-re.patch
@@ -0,0 +1,102 @@
+From 2337ce00d9d653d71c72abc5d65b5cddb6ac0bd2 Mon Sep 17 00:00:00 2001
+From: Richard Weinberger <richard@nod.at>
+Date: Wed, 26 Dec 2018 13:32:11 +0100
+Subject: ubifs: Handle re-linking of inodes correctly while recovery
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+commit e58725d51fa8da9133f3f1c54170aa2e43056b91 upstream.
+
+UBIFS's recovery code strictly assumes that a deleted inode will never
+come back, therefore it removes all data which belongs to that inode
+as soon it faces an inode with link count 0 in the replay list.
+Before O_TMPFILE this assumption was perfectly fine. With O_TMPFILE
+it can lead to data loss upon a power-cut.
+
+Consider a journal with entries like:
+0: inode X (nlink = 0) /* O_TMPFILE was created */
+1: data for inode X /* Someone writes to the temp file */
+2: inode X (nlink = 0) /* inode was changed, xattr, chmod, â¦ */
+3: inode X (nlink = 1) /* inode was re-linked via linkat() */
+
+Upon replay of entry #2 UBIFS will drop all data that belongs to inode X,
+this will lead to an empty file after mounting.
+
+As solution for this problem, scan the replay list for a re-link entry
+before dropping data.
+
+Fixes: 474b93704f32 ("ubifs: Implement O_TMPFILE")
+Cc: stable@vger.kernel.org # 4.9-4.18
+Cc: Russell Senior <russell@personaltelco.net>
+Cc: RafaÅ MiÅecki <zajec5@gmail.com>
+Reported-by: Russell Senior <russell@personaltelco.net>
+Reported-by: RafaÅ MiÅecki <zajec5@gmail.com>
+Tested-by: RafaÅ MiÅecki <rafal@milecki.pl>
+Signed-off-by: Richard Weinberger <richard@nod.at>
+[rmilecki: update ubifs_assert() calls to compile with 4.18 and older]
+Signed-off-by: RafaÅ MiÅecki <rafal@milecki.pl>
+(cherry picked from commit e58725d51fa8da9133f3f1c54170aa2e43056b91)
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ fs/ubifs/replay.c | 37 +++++++++++++++++++++++++++++++++++++
+ 1 file changed, 37 insertions(+)
+
+diff --git a/fs/ubifs/replay.c b/fs/ubifs/replay.c
+index fb0f44cd1e28..de7799a0a9d1 100644
+--- a/fs/ubifs/replay.c
++++ b/fs/ubifs/replay.c
+@@ -209,6 +209,38 @@ static int trun_remove_range(struct ubifs_info *c, struct replay_entry *r)
+ 	return ubifs_tnc_remove_range(c, &min_key, &max_key);
+ }
+ 
++/**
++ * inode_still_linked - check whether inode in question will be re-linked.
++ * @c: UBIFS file-system description object
++ * @rino: replay entry to test
++ *
++ * O_TMPFILE files can be re-linked, this means link count goes from 0 to 1.
++ * This case needs special care, otherwise all references to the inode will
++ * be removed upon the first replay entry of an inode with link count 0
++ * is found.
++ */
++static bool inode_still_linked(struct ubifs_info *c, struct replay_entry *rino)
++{
++	struct replay_entry *r;
++
++	ubifs_assert(rino->deletion);
++	ubifs_assert(key_type(c, &rino->key) == UBIFS_INO_KEY);
++
++	/*
++	 * Find the most recent entry for the inode behind @rino and check
++	 * whether it is a deletion.
++	 */
++	list_for_each_entry_reverse(r, &c->replay_list, list) {
++		ubifs_assert(r->sqnum >= rino->sqnum);
++		if (key_inum(c, &r->key) == key_inum(c, &rino->key))
++			return r->deletion == 0;
++
++	}
++
++	ubifs_assert(0);
++	return false;
++}
++
+ /**
+  * apply_replay_entry - apply a replay entry to the TNC.
+  * @c: UBIFS file-system description object
+@@ -239,6 +271,11 @@ static int apply_replay_entry(struct ubifs_info *c, struct replay_entry *r)
+ 			{
+ 				ino_t inum = key_inum(c, &r->key);
+ 
++				if (inode_still_linked(c, r)) {
++					err = 0;
++					break;
++				}
++
+ 				err = ubifs_tnc_remove_ino(c, inum);
+ 				break;
+ 			}
+-- 
+2.19.1
+