Received: by 2002:a05:6a10:1a4d:0:0:0:0 with SMTP id nk13csp6482570pxb;
        Tue, 15 Feb 2022 03:31:03 -0800 (PST)
X-Google-Smtp-Source: ABdhPJyP5Hpp5nn7CNzZsrodJlOWngK32DdiWkcXsba4FJ2zYMU44Yt6zaNC5h4BqrtP2ScjOEt2
X-Received: by 2002:a63:7141:: with SMTP id b1mr3144142pgn.31.1644924663074;
        Tue, 15 Feb 2022 03:31:03 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1644924663; cv=none;
        d=google.com; s=arc-20160816;
        b=tEg82TmB1q7HmUEi97vJco7cSmq4lcEH7DgJieQsScfrerSZISu0dV6d2KT0On0RpT
         QaNWCd0S7asKOIZEUmbWwug6LZr99stCFEmzMf23uvP6TUaaBTVnI20LHFPwtrXcTivL
         QXICoSFSkixHgNXMLWdglflO4ouJJ6WJ5YbU4GW5Hs80UJ3a5ZQ8XEKFBiz8wrNfwAur
         x1E1xRhiEaP/+VIAwcfJfa0gnjttqWiVGkVSua3JPaXrWu08etaXSO0Pkx9+XHcsvHZM
         VvqswgkMfZa66mSF6MsXgnNz98rRwMgr3/0bT0cN6qVcACeAWc5R5hFM2dTlxqP0jPBi
         b7tQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to
         :references:mime-version:dkim-signature;
        bh=RV9b+cKLMc+taV0E0thVfuoXTKPyMNBl8U5rNvre5qw=;
        b=FmPnv9ROGxHRMwGoZzCgUveCju8s3YXQhIkxArlTWjsg9fLtg1Cxx/4Cw0OW8kzDKk
         YXCCEfmY2dFUBBpoihr6bw+B+o6wpROdEslC+lYGOuysv1YBB4botT06hdTQtmgefiPf
         dtcMAMODXrfY0Rs0yGjyv8EJ123GpW9x+hgA6t48CZ70ZeSpk1OEOUQZL1OU5aYmDG9W
         OI6KoL3mvVYfcVC6KgqG8LKAFbaFddNrUKkGEkGbg+nFyqe2DEzLmvDDT7YY1SOwj5BR
         Fp6DdR3ccwLeau82WK/GmW0BBc/9QTraQbuKZkF0uQ2YGTbeJZa51O0/H4kS26miB2ki
         xHEA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=temperror (no key for signature) header.i=@szeredi.hu header.s=google header.b=RH0RXuwh;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id k195si2343375pgc.159.2022.02.15.03.30.48;
        Tue, 15 Feb 2022 03:31:02 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=temperror (no key for signature) header.i=@szeredi.hu header.s=google header.b=RH0RXuwh;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S236147AbiBOJ4y (ORCPT <rfc822;andrey.bzh.r@gmail.com>
        + 99 others); Tue, 15 Feb 2022 04:56:54 -0500
Received: from mxb-00190b01.gslb.pphosted.com ([23.128.96.19]:59290 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S236130AbiBOJ4u (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 15 Feb 2022 04:56:50 -0500
Received: from mail-vs1-xe29.google.com (mail-vs1-xe29.google.com [IPv6:2607:f8b0:4864:20::e29])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D0C7010CF34
        for <linux-kernel@vger.kernel.org>; Tue, 15 Feb 2022 01:56:40 -0800 (PST)
Received: by mail-vs1-xe29.google.com with SMTP id g20so9795776vsb.9
        for <linux-kernel@vger.kernel.org>; Tue, 15 Feb 2022 01:56:40 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=szeredi.hu; s=google;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc;
        bh=RV9b+cKLMc+taV0E0thVfuoXTKPyMNBl8U5rNvre5qw=;
        b=RH0RXuwhdhEgwG6CEP1Pt9fHVQy4soD2TJ+IpVuxgtAqBQw3Sebbzc7/1oJkQ8wCJ8
         3o0wZ6HXpUJYbiJpByjTCyCSHtHEAKsGscPkvPh5WhXqrQcSOJ/mXsEuPM2zYZs3hK6Q
         UmdL603FjaB8BVRAaZS/S2ZVaIjXev4IZlUkc=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=RV9b+cKLMc+taV0E0thVfuoXTKPyMNBl8U5rNvre5qw=;
        b=S6DnRovzA4jCJQ94GmB9v4QTrKp17IH34y+Qw5w0dqSgK60ZifEiYx1iCEZqEFJ45w
         J+n/a10bb06tKHWyS2yfI3MvB2o0mi+VEaQBhlIBVltADRFZAjFhkGrFcva3iJMjX0KW
         ii3A+jjK/FSrbMgyhOCcvAKqsAtRl/ubKT1UjwFi9yxz/wVgiiF6IyAUsXPW0zTZsz0/
         WPqlyEVSbknkOi3h7So3BDYxOSC1vliN56hcGxvDRLVDZkWfr0GTI0XNGCB7qk+ZlXTj
         pLbm/dzJeF7aGvFoFIxpEpO611Rs8pg+bYBG2qikJzEAbMEBBm2p89B+p/bpPtO4DyNM
         SV2g==
X-Gm-Message-State: AOAM5300m1VV0iuYrfLyfYydiUa9QF5cPoMO8crrx2BvJufl9C+rFa8N
        r98PKxHKhLvN1SLg4fJZvav2IvIPCY4pTsJHyaUj/EsP5pY=
X-Received: by 2002:a05:6102:558b:: with SMTP id dc11mr65470vsb.87.1644919000014;
 Tue, 15 Feb 2022 01:56:40 -0800 (PST)
MIME-Version: 1.0
References: <20220214210708.GA2167841@xavier-xps>
In-Reply-To: <20220214210708.GA2167841@xavier-xps>
From:   Miklos Szeredi <miklos@szeredi.hu>
Date:   Tue, 15 Feb 2022 10:56:29 +0100
Message-ID: <CAJfpegvVKWHhhXwOi9jDUOJi2BnYSDxZQrp1_RRrpVjjZ3Rs2w@mail.gmail.com>
Subject: Re: race between vfs_rename and do_linkat (mv and link)
To:     Xavier Roche <xavier.roche@algolia.com>
Cc:     linux-kernel@vger.kernel.org,
        Alexander Viro <viro@zeniv.linux.org.uk>,
        linux-fsdevel@vger.kernel.org,
        "Aneesh Kumar K.V" <aneesh.kumar@linux.vnet.ibm.com>
Content-Type: text/plain; charset="UTF-8"
X-Spam-Status: No, score=-1.7 required=5.0 tests=BAYES_00,DKIM_INVALID,
        DKIM_SIGNED,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,
        T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Mon, 14 Feb 2022 at 22:07, Xavier Roche <xavier.roche@algolia.com> wrote:
>
> There has been a longstanding race condition between vfs_rename and do_linkat,
> when those operations are done in parallel:
>
> 1. Moving a file to an existing target file (eg. mv file target)
> 2. Creating a link from the target file  to a third file (eg. ln target link)
>
> A typical example would be (1) a regular process putting a new version
> of a database in place and (2) a regular process backuping the live
> database by hardlinking it.
>
> My understanding is that as the target file is never erased on client
> side, but just replaced, the link should never fail.
>
> The issue seem to lie inside vfs_link (fs/namei.c):
>        inode_lock(inode);
>        /* Make sure we don't allow creating hardlink to an unlinked file */
>        if (inode->i_nlink == 0 && !(inode->i_state & I_LINKABLE))
>                error =  -ENOENT;
>
> The possible answer is that the inode refcount is zero because the
> file has just been replaced concurrently, old file being erased, and
> as such, the link operation is failing.
>
> The race appears to have been introduced by aae8a97d3ec30, to fix
> _another_ race between unlink and link (but I'm not sure to understand
> what were the implications).
>
> Reverting the inode->i_nlink == 0 section "fixes" the issue, but would
> probably reintroduce this another issue.
>
> At this point I don't know what would be the best way to fix this issue.

Doing "lock_rename() + lookup last components" would fix this race.
If this was only done on retry, then that would prevent possible
performance regressions, at the cost of extra complexity.

Thanks,
Miklos