• Ryusuke Konishi's avatar
    nilfs2: fix incorrect inode allocation from reserved inodes · 93aef9ed
    Ryusuke Konishi authored
    If the bitmap block that manages the inode allocation status is corrupted,
    nilfs_ifile_create_inode() may allocate a new inode from the reserved
    inode area where it should not be allocated.
    
    Previous fix commit d325dc6e ("nilfs2: fix use-after-free bug of
    struct nilfs_root"), fixed the problem that reserved inodes with inode
    numbers less than NILFS_USER_INO (=11) were incorrectly reallocated due to
    bitmap corruption, but since the start number of non-reserved inodes is
    read from the super block and may change, in which case inode allocation
    may occur from the extended reserved inode area.
    
    If that happens, access to that inode will cause an IO error, causing the
    file system to degrade to an error state.
    
    Fix this potential issue by adding a wraparound option to the common
    metadata object allocation routine and by modifying
    nilfs_ifile_create_inode() to disable the option so that it only allocates
    inodes with inode numbers greater than or equal to the inode number read
    in "nilfs->ns_first_ino", regardless of the bitmap status of reserved
    inodes.
    
    Link: https://lkml.kernel.org/r/20240623051135.4180-4-konishi.ryusuke@gmail.comSigned-off-by: default avatarRyusuke Konishi <konishi.ryusuke@gmail.com>
    Cc: Hillf Danton <hdanton@sina.com>
    Cc: Jan Kara <jack@suse.cz>
    Cc: Matthew Wilcox (Oracle) <willy@infradead.org>
    Cc: <stable@vger.kernel.org>
    Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
    93aef9ed
alloc.c 24.7 KB