f2fs: fix possible data corruption in f2fs_write_begin()

f2fs_write_begin() doesn't initialize the 'dn' variable if the inode has inline data. However it uses its contents to decide whether it should just zero out the page or load data to it. Thus if we are unlucky we can zero out page contents instead of loading inline data into a page. CC: stable@vger.kernel.org CC: Changman Lee <cm224.lee@samsung.com> Signed-off-by: N Jan Kara <jack@suse.cz> Signed-off-by: N Jaegeuk Kim <jaegeuk@kernel.org>

f2fs: fix possible data corruption in f2fs_write_begin()
f2fs_write_begin() doesn't initialize the 'dn' variable if the inode has inline data. However it uses its contents to decide whether it should just zero out the page or load data to it. Thus if we are unlucky we can zero out page contents instead of loading inline data into a page. CC: stable@vger.kernel.org CC: Changman Lee <cm224.lee@samsung.com> Signed-off-by: N Jan Kara <jack@suse.cz> Signed-off-by: N Jaegeuk Kim <jaegeuk@kernel.org>
9234f319 · Jan Kara · Jaegeuk Kim · 2cc22186 · 9234f319
隐藏空白更改
内联并排

Showing with 11 addition and 13 deletion

fs/f2fs/data.c fs/f2fs/data.c +11 -13

未找到文件。
--- a/fs/f2fs/data.c
+++ b/fs/f2fs/data.c
@@ -1017,21 +1017,19 @@ static int f2fs_write_begin(struct file *file, struct address_space *mapping,
 		goto out;
 	}

-	if (dn.data_blkaddr == NEW_ADDR) {
+	if (f2fs_has_inline_data(inode)) {
+		err = f2fs_read_inline_data(inode, page);
+		if (err) {
+			page_cache_release(page);
+			goto fail;
+		}
+	} else if (dn.data_blkaddr == NEW_ADDR) {
 		zero_user_segment(page, 0, PAGE_CACHE_SIZE);
 	} else {
-		if (f2fs_has_inline_data(inode)) {
-			err = f2fs_read_inline_data(inode, page);
-			if (err) {
-				page_cache_release(page);
-				goto fail;
-			}
-		} else {
-			err = f2fs_submit_page_bio(sbi, page, dn.data_blkaddr,
-							READ_SYNC);
-			if (err)
-				goto fail;
-		}
+		err = f2fs_submit_page_bio(sbi, page, dn.data_blkaddr,
+					   READ_SYNC);
+		if (err)
+			goto fail;

 		lock_page(page);
 		if (unlikely(!PageUptodate(page))) {