evie/android_kernel_oneplus_msm8998
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

f2fs: fix possible data corruption in f2fs_write_begin()

Browse source 
f2fs_write_begin() doesn't initialize the 'dn' variable if the inode has
inline data. However it uses its contents to decide whether it should
just zero out the page or load data to it. Thus if we are unlucky we can
zero out page contents instead of loading inline data into a page.

CC: stable@vger.kernel.org
CC: Changman Lee <cm224.lee@samsung.com>
Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
This commit is contained in:
Jan Kara 2014-10-22 15:21:47 +02:00 committed by Jaegeuk Kim
parent 2cc2218611
commit 9234f3190b
1 changed files with 11 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

24
fs/f2fs/data.c
View file

@ -1017,21 +1017,19 @@ inline_data:
goto out;
}
if (dn.data_blkaddr == NEW_ADDR) {
if (f2fs_has_inline_data(inode)) {
err = f2fs_read_inline_data(inode, page);
if (err) {
page_cache_release(page);
goto fail;
}
} else if (dn.data_blkaddr == NEW_ADDR) {
zero_user_segment(page, 0, PAGE_CACHE_SIZE);
} else {
if (f2fs_has_inline_data(inode)) {
err = f2fs_read_inline_data(inode, page);
if (err) {
page_cache_release(page);
goto fail;
}
} else {
err = f2fs_submit_page_bio(sbi, page, dn.data_blkaddr,
READ_SYNC);
if (err)
goto fail;
}
err = f2fs_submit_page_bio(sbi, page, dn.data_blkaddr,
READ_SYNC);
if (err)
goto fail;
lock_page(page);
if (unlikely(!PageUptodate(page))) {