Commit 243cc955 authored Oct 22, 2014 by Jan Kara Committed by Greg Kroah-Hartman Jan 08, 2015

f2fs: fix possible data corruption in f2fs_write_begin()



commit 9234f3190bf8b25b11b105191d408ac50a107948 upstream.

f2fs_write_begin() doesn't initialize the 'dn' variable if the inode has
inline data. However it uses its contents to decide whether it should
just zero out the page or load data to it. Thus if we are unlucky we can
zero out page contents instead of loading inline data into a page.

CC: Changman Lee <cm224.lee@samsung.com>
Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

parent 8744de7f

fs/f2fs/data.c

+11 −13

Original line number	Diff line number	Diff line
		@@ -1007,21 +1007,19 @@ inline_data:
		goto out;
		}

		if (dn.data_blkaddr == NEW_ADDR) {
		zero_user_segment(page, 0, PAGE_CACHE_SIZE);
		} else {
		if (f2fs_has_inline_data(inode)) {
		err = f2fs_read_inline_data(inode, page);
		if (err) {
		page_cache_release(page);
		goto fail;
		}
		} else if (dn.data_blkaddr == NEW_ADDR) {
		zero_user_segment(page, 0, PAGE_CACHE_SIZE);
		} else {
		err = f2fs_submit_page_bio(sbi, page, dn.data_blkaddr,
		READ_SYNC);
		if (err)
		goto fail;
		}

		lock_page(page);
		if (unlikely(!PageUptodate(page))) {