ocfs2: clear dinode links count in case of error
authorJoseph Qi <joseph.qi@linux.alibaba.com>
Mon, 17 Oct 2022 13:02:27 +0000 (21:02 +0800)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Thu, 3 Nov 2022 14:49:14 +0000 (23:49 +0900)
commit 28f4821b1b53e0649706912e810c6c232fc506f9 upstream.

In ocfs2_mknod(), if error occurs after dinode successfully allocated,
ocfs2 i_links_count will not be 0.

So even though we clear inode i_nlink before iput in error handling, it
still won't wipe inode since we'll refresh inode from dinode during inode
lock.  So just like clear inode i_nlink, we clear ocfs2 i_links_count as
well.  Also do the same change for ocfs2_symlink().

Link: https://lkml.kernel.org/r/20221017130227.234480-2-joseph.qi@linux.alibaba.com
Signed-off-by: Joseph Qi <joseph.qi@linux.alibaba.com>
Reported-by: Yan Wang <wangyan122@huawei.com>
Cc: Mark Fasheh <mark@fasheh.com>
Cc: Joel Becker <jlbec@evilplan.org>
Cc: Junxiao Bi <junxiao.bi@oracle.com>
Cc: Changwei Ge <gechangwei@live.cn>
Cc: Gang He <ghe@suse.com>
Cc: Jun Piao <piaojun@huawei.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
fs/ocfs2/namei.c

index 8d887c75765cf3169040d9b24068e6491cf365a7..2eb8d54e466f242fc634730219bd5a2a0decbe16 100644 (file)
@@ -244,6 +244,7 @@ static int ocfs2_mknod(struct inode *dir,
        handle_t *handle = NULL;
        struct ocfs2_super *osb;
        struct ocfs2_dinode *dirfe;
+       struct ocfs2_dinode *fe = NULL;
        struct buffer_head *new_fe_bh = NULL;
        struct inode *inode = NULL;
        struct ocfs2_alloc_context *inode_ac = NULL;
@@ -394,6 +395,7 @@ static int ocfs2_mknod(struct inode *dir,
                goto leave;
        }
 
+       fe = (struct ocfs2_dinode *) new_fe_bh->b_data;
        if (S_ISDIR(mode)) {
                status = ocfs2_fill_new_dir(osb, handle, dir, inode,
                                            new_fe_bh, data_ac, meta_ac);
@@ -459,8 +461,11 @@ static int ocfs2_mknod(struct inode *dir,
 leave:
        if (status < 0 && did_quota_inode)
                dquot_free_inode(inode);
-       if (handle)
+       if (handle) {
+               if (status < 0 && fe)
+                       ocfs2_set_links_count(fe, 0);
                ocfs2_commit_trans(osb, handle);
+       }
 
        ocfs2_inode_unlock(dir, 1);
        if (did_block_signals)
@@ -2028,8 +2033,11 @@ bail:
                                        ocfs2_clusters_to_bytes(osb->sb, 1));
        if (status < 0 && did_quota_inode)
                dquot_free_inode(inode);
-       if (handle)
+       if (handle) {
+               if (status < 0 && fe)
+                       ocfs2_set_links_count(fe, 0);
                ocfs2_commit_trans(osb, handle);
+       }
 
        ocfs2_inode_unlock(dir, 1);
        if (did_block_signals)