[PATCH OLK-6.6 2/4] jffs2: handle INO_STATE_CLEARING in jffs2_do_read_inode()

5 Jan 2024

From: Hou Tao houtao1@huawei.com
hulk inclusion
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I8TYET
CVE: NA
--------------------------
For inode that fails to be created midway, GC procedure may
try to GC its dnode, and in the following case BUG() will be
triggered:
CPU 0                       CPU 1
in jffs2_do_create()        in jffs2_garbage_collect_pass()
jffs2_write_dnode succeed
// for dirent
jffs2_reserve_space fail
inum = ic->ino
    		    nlink = ic->pino_nlink (> 0)
iget_failed
  make_bad_inode
    remove_inode_hash
  iput
    jffs2_evict_inode
      jffs2_do_clear_inode
        jffs2_set_inocache_state(INO_STATE_CLEARING)
jffs2_gc_fetch_inode
    		      jffs2_iget
    		        // a new inode is created because
    		        // the old inode had been unhashed
    		        iget_locked
    		      jffs2_do_read_inode
    		        jffs2_get_ino_cache
    			// assert BUG()
    			f->inocache->state = INO_STATE_CLEARING
Fix it by waiting for its state changes to INO_STATE_CHECKEDABSENT.
Link: http://lists.infradead.org/pipermail/linux-mtd/2019-February/087762.html
Signed-off-by: Hou Tao houtao1@huawei.com
Signed-off-by: ZhaoLong Wang wangzhaolong1@huawei.com
---
 fs/jffs2/readinode.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/fs/jffs2/readinode.c b/fs/jffs2/readinode.c
index 201622e2244f..00145ae41356 100644
--- a/fs/jffs2/readinode.c
+++ b/fs/jffs2/readinode.c
@@ -1344,6 +1344,7 @@ int jffs2_do_read_inode(struct jffs2_sb_info *c, struct jffs2_inode_info *f,
case INO_STATE_CHECKING:
    	case INO_STATE_GC:
+		case INO_STATE_CLEARING:
    		/* If it's in either of these states, we need
    		   to wait for whoever's got it to finish and
    		   put it back. */
-- 
2.39.2


    

2025

2024

2023

2022

2021

2020

2019

[PATCH OLK-6.6 2/4] jffs2: handle INO_STATE_CLEARING in jffs2_do_read_inode()