Project

General

Profile

Bug #7656

unlinking directory on tmpfs can cause kernel panic

Added by Andrew Stormont over 2 years ago. Updated over 2 years ago.

Status:
Closed
Priority:
High
Category:
filesystems (not ZFS)
Start date:
2016-12-08
Due date:
% Done:

100%

Estimated time:
Difficulty:
Medium
Tags:
needs-triage

Description

Steps to reproduce:

# mkdir -p /tmp/libs/1
# cp /lib/*.so.* /tmp/libs/1
# unlink /tmp/libs

This assert will get tickled: https://github.com/illumos/illumos-gate/blob/master/usr/src/uts/common/fs/tmpfs/tmp_dir.c#L532

History

#1

Updated by Andrew Stormont over 2 years ago

  • Description updated (diff)
#2

Updated by Andrew Stormont over 2 years ago

Another way to hit the assert:

# mkdir /tmp/1
# link /tmp/1 /tmp/2
# unlink /tmp/1
#4

Updated by Andrew Stormont over 2 years ago

I think trying to fix unlink on dirs is a pointless exercise. Instead I think we should disallow unlink() on directories, and link() too - since you can't really have one without the other, and leave it at that. Oracle made this change in Solaris 11.2 but I can't find the blog post that mentions it.

#6

Updated by Electric Monk over 2 years ago

  • Status changed from In Progress to Closed
  • % Done changed from 0 to 100

git commit ceef358f3b068577bb5f84a851bdc8b464596dc2

commit  ceef358f3b068577bb5f84a851bdc8b464596dc2
Author: Andrew Stormont <astormont@racktopsystems.com>
Date:   2016-12-22T18:04:26.000Z

    7656 unlinking directory on tmpfs can cause kernel panic
    Reviewed by: Robert Mustacchi <rm@joyent.com>
    Reviewed by: Rich Lowe <richlowe@richlowe.net>
    Reviewed by: Vitaliy Gusev <vgusev@racktopsystems.com>
    Approved by: Dan McDonald <danmcd@omniti.com>

Also available in: Atom PDF