diff options
author | Xue jiufei <xuejiufei@huawei.com> | 2014-02-10 14:25:54 -0800 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2014-02-10 16:01:43 -0800 |
commit | 0e048316ff577e12c748e2d0a2e4f0f7b006654d (patch) | |
tree | f37ad130de45bf55b3cb43fcb8e5e06a924a41d8 /fs/ioctl.c | |
parent | c7d2cbc364b2a237b0ed1bdd7cbf8a24c8a89dfd (diff) | |
download | linux-0e048316ff577e12c748e2d0a2e4f0f7b006654d.tar.bz2 |
ocfs2: check existence of old dentry in ocfs2_link()
System call linkat first calls user_path_at(), check the existence of
old dentry, and then calls vfs_link()->ocfs2_link() to do the actual
work. There may exist a race when Node A create a hard link for file
while node B rm it.
Node A Node B
user_path_at()
->ocfs2_lookup(),
find old dentry exist
rm file, add inode say inodeA
to orphan_dir
call ocfs2_link(),create a
hard link for inodeA.
rm the link, add inodeA to orphan_dir
again
When orphan_scan work start, it calls ocfs2_queue_orphans() to do the
main work. It first tranverses entrys in orphan_dir, linking all inodes
in this orphan_dir to a list look like this:
inodeA->inodeB->...->inodeA
When tranvering this list, it will fall into loop, calling iput() again
and again. And finally trigger BUG_ON(inode->i_state & I_CLEAR).
Signed-off-by: joyce <xuejiufei@huawei.com>
Reviewed-by: Mark Fasheh <mfasheh@suse.com>
Cc: Joel Becker <jlbec@evilplan.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'fs/ioctl.c')
0 files changed, 0 insertions, 0 deletions