mirror of
https://github.com/linux-apfs/apfstests.git
synced 2026-05-01 15:01:44 -07:00
Dave Chinner
794798fa74
When Christoph and I were discussing bulkstat coherency on IRC, we realised that inode lookup from bulkstat was not actually looking up the inode allocation btree in xfs_imap() before reading the inode buffer from disk in xfs_iread(). Bulkstat uses the same lookup mechanism as handle validation to avoid shutting down the filesystem if inode numbers that point to non-inode buffers (i.e. invalid) are passed in the handle. The problem with this is that when we delete inodes from disk and we remove the inode chunk (i.e. deallocate inodes) we mark both the inodes in memory and the cluster buffer as stale, thereby preventing it from being written back to disk. The result of this is that some number of inodes remain on disk looking like allocated, in use inodes (i.e. di_mode is not zero). Hence if we get a cold cache lookup from a stale handle that references such an inode, we can read the inode off disk even though it has been deleted because we don't check if the inode is allocated or not. If the inode chunk has not been overwritten, then the inode read will succeed and the handle-to-dentry conversion will not error out like it is supposed to. The result is that stale NFS filehandles and open_by_handle() will succeed incorrectly on unlinked files for cold cache lookups. This is a bug that has been present ever since the inode chunk deletion code was implemented. This test exercises the problem and documents the hoops you have to jump through to reproduce it. Signed-off-by: Dave Chinner <dchinner@redhat.com> Reviewed-by: Christoph Hellwig <hch@lst.de>
3 lines
43 B
Plaintext
3 lines
43 B
Plaintext
QA output created by 238
|
|
Silence is golden
|