Received: by 2002:a05:6a10:1a4d:0:0:0:0 with SMTP id nk13csp6482570pxb; Tue, 15 Feb 2022 03:31:03 -0800 (PST) X-Google-Smtp-Source: ABdhPJyP5Hpp5nn7CNzZsrodJlOWngK32DdiWkcXsba4FJ2zYMU44Yt6zaNC5h4BqrtP2ScjOEt2 X-Received: by 2002:a63:7141:: with SMTP id b1mr3144142pgn.31.1644924663074; Tue, 15 Feb 2022 03:31:03 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1644924663; cv=none; d=google.com; s=arc-20160816; b=tEg82TmB1q7HmUEi97vJco7cSmq4lcEH7DgJieQsScfrerSZISu0dV6d2KT0On0RpT QaNWCd0S7asKOIZEUmbWwug6LZr99stCFEmzMf23uvP6TUaaBTVnI20LHFPwtrXcTivL QXICoSFSkixHgNXMLWdglflO4ouJJ6WJ5YbU4GW5Hs80UJ3a5ZQ8XEKFBiz8wrNfwAur x1E1xRhiEaP/+VIAwcfJfa0gnjttqWiVGkVSua3JPaXrWu08etaXSO0Pkx9+XHcsvHZM VvqswgkMfZa66mSF6MsXgnNz98rRwMgr3/0bT0cN6qVcACeAWc5R5hFM2dTlxqP0jPBi b7tQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=RV9b+cKLMc+taV0E0thVfuoXTKPyMNBl8U5rNvre5qw=; b=FmPnv9ROGxHRMwGoZzCgUveCju8s3YXQhIkxArlTWjsg9fLtg1Cxx/4Cw0OW8kzDKk YXCCEfmY2dFUBBpoihr6bw+B+o6wpROdEslC+lYGOuysv1YBB4botT06hdTQtmgefiPf dtcMAMODXrfY0Rs0yGjyv8EJ123GpW9x+hgA6t48CZ70ZeSpk1OEOUQZL1OU5aYmDG9W OI6KoL3mvVYfcVC6KgqG8LKAFbaFddNrUKkGEkGbg+nFyqe2DEzLmvDDT7YY1SOwj5BR Fp6DdR3ccwLeau82WK/GmW0BBc/9QTraQbuKZkF0uQ2YGTbeJZa51O0/H4kS26miB2ki xHEA== ARC-Authentication-Results: i=1; mx.google.com; dkim=temperror (no key for signature) header.i=@szeredi.hu header.s=google header.b=RH0RXuwh; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id k195si2343375pgc.159.2022.02.15.03.30.48; Tue, 15 Feb 2022 03:31:02 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=temperror (no key for signature) header.i=@szeredi.hu header.s=google header.b=RH0RXuwh; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236147AbiBOJ4y (ORCPT + 99 others); Tue, 15 Feb 2022 04:56:54 -0500 Received: from mxb-00190b01.gslb.pphosted.com ([23.128.96.19]:59290 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236130AbiBOJ4u (ORCPT ); Tue, 15 Feb 2022 04:56:50 -0500 Received: from mail-vs1-xe29.google.com (mail-vs1-xe29.google.com [IPv6:2607:f8b0:4864:20::e29]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id D0C7010CF34 for ; Tue, 15 Feb 2022 01:56:40 -0800 (PST) Received: by mail-vs1-xe29.google.com with SMTP id g20so9795776vsb.9 for ; Tue, 15 Feb 2022 01:56:40 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=szeredi.hu; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=RV9b+cKLMc+taV0E0thVfuoXTKPyMNBl8U5rNvre5qw=; b=RH0RXuwhdhEgwG6CEP1Pt9fHVQy4soD2TJ+IpVuxgtAqBQw3Sebbzc7/1oJkQ8wCJ8 3o0wZ6HXpUJYbiJpByjTCyCSHtHEAKsGscPkvPh5WhXqrQcSOJ/mXsEuPM2zYZs3hK6Q UmdL603FjaB8BVRAaZS/S2ZVaIjXev4IZlUkc= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=RV9b+cKLMc+taV0E0thVfuoXTKPyMNBl8U5rNvre5qw=; b=S6DnRovzA4jCJQ94GmB9v4QTrKp17IH34y+Qw5w0dqSgK60ZifEiYx1iCEZqEFJ45w J+n/a10bb06tKHWyS2yfI3MvB2o0mi+VEaQBhlIBVltADRFZAjFhkGrFcva3iJMjX0KW ii3A+jjK/FSrbMgyhOCcvAKqsAtRl/ubKT1UjwFi9yxz/wVgiiF6IyAUsXPW0zTZsz0/ WPqlyEVSbknkOi3h7So3BDYxOSC1vliN56hcGxvDRLVDZkWfr0GTI0XNGCB7qk+ZlXTj pLbm/dzJeF7aGvFoFIxpEpO611Rs8pg+bYBG2qikJzEAbMEBBm2p89B+p/bpPtO4DyNM SV2g== X-Gm-Message-State: AOAM5300m1VV0iuYrfLyfYydiUa9QF5cPoMO8crrx2BvJufl9C+rFa8N r98PKxHKhLvN1SLg4fJZvav2IvIPCY4pTsJHyaUj/EsP5pY= X-Received: by 2002:a05:6102:558b:: with SMTP id dc11mr65470vsb.87.1644919000014; Tue, 15 Feb 2022 01:56:40 -0800 (PST) MIME-Version: 1.0 References: <20220214210708.GA2167841@xavier-xps> In-Reply-To: <20220214210708.GA2167841@xavier-xps> From: Miklos Szeredi Date: Tue, 15 Feb 2022 10:56:29 +0100 Message-ID: Subject: Re: race between vfs_rename and do_linkat (mv and link) To: Xavier Roche Cc: linux-kernel@vger.kernel.org, Alexander Viro , linux-fsdevel@vger.kernel.org, "Aneesh Kumar K.V" Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-1.7 required=5.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, 14 Feb 2022 at 22:07, Xavier Roche wrote: > > There has been a longstanding race condition between vfs_rename and do_linkat, > when those operations are done in parallel: > > 1. Moving a file to an existing target file (eg. mv file target) > 2. Creating a link from the target file to a third file (eg. ln target link) > > A typical example would be (1) a regular process putting a new version > of a database in place and (2) a regular process backuping the live > database by hardlinking it. > > My understanding is that as the target file is never erased on client > side, but just replaced, the link should never fail. > > The issue seem to lie inside vfs_link (fs/namei.c): > inode_lock(inode); > /* Make sure we don't allow creating hardlink to an unlinked file */ > if (inode->i_nlink == 0 && !(inode->i_state & I_LINKABLE)) > error = -ENOENT; > > The possible answer is that the inode refcount is zero because the > file has just been replaced concurrently, old file being erased, and > as such, the link operation is failing. > > The race appears to have been introduced by aae8a97d3ec30, to fix > _another_ race between unlink and link (but I'm not sure to understand > what were the implications). > > Reverting the inode->i_nlink == 0 section "fixes" the issue, but would > probably reintroduce this another issue. > > At this point I don't know what would be the best way to fix this issue. Doing "lock_rename() + lookup last components" would fix this race. If this was only done on retry, then that would prevent possible performance regressions, at the cost of extra complexity. Thanks, Miklos