Received: by 2002:a05:6358:11c7:b0:104:8066:f915 with SMTP id i7csp41721rwl; Thu, 6 Apr 2023 12:54:10 -0700 (PDT) X-Google-Smtp-Source: AKy350Y3Fjl9i//S9B73dBMo00K2+lutWpHTgIpMdW54r4VCMBB8Ip4S/EwoIJg5pu+MiRlMVafa X-Received: by 2002:aa7:c6c2:0:b0:501:d43e:d1e6 with SMTP id b2-20020aa7c6c2000000b00501d43ed1e6mr741882eds.4.1680810850054; Thu, 06 Apr 2023 12:54:10 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1680810850; cv=none; d=google.com; s=arc-20160816; b=oHOK/ZrpOFShns0jfiYqgt5UUM9oNM/smXk0AtO8Ia7r/hG5NBOMPrcS7F1u3CGV+Z ZkNcBsaD9MoU4WwOjufzWdJ5h0XnDH8R4HpaquIc2HQuwgRExdYsSvP1o1dPNIpd1A2a mVZGX6H3+XO6xReBKgEikNiPgPYpwW+jde+5ADUuyw8BlZ3YZvoH6r1732WFgD6GRzMQ OjBih5Qv7Gnx2CQIG3OYg2xa0GDmEUyOVjs1ixLi5fI+LGdKiikNZQGT56JoY82rIHf9 5EXoU/OAPJEVK4AfZZZeb5Bn+DHVX8+6RvplLKu+LmFKPEnsXnNXl2haHPszplLusfDs 6Oqg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from:dkim-signature; bh=hkaXgsIKs/jFo8TH8Q7ZWPVUqbq2tm3gb5uN6r7ZyII=; b=YJkjUYlX3oHt8HfLxQbBgaG8fdlsZDSE5P0xEvfm1KXBldTagL082DmOE7aOItiSay +arR5MHPJz6ftb82mwets2MDQ7Dn3cGc4VrffKKYanRJ1Vr6mirJgxG09CFDoUz7wN0k k7HtEEcxbdsQz/HthPcaVj+NE1Zl3U8p3/8aFsZPVlbUBLIEes5x/rDKtUxQBevv/lqN nE+5y5vOFg2NPVk96obPGAI0/sZXzb1J2IyMtvs22ihwkwarnyDAdZga5YQRfOMX1rxV tmifEN3ftzhO87IuqZcoZXpq/aJ7Kp8IqnoaCHQ4TJCJm3laFzCTYbeC3qxN9wKbvD8J J9SA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=WdcEZbDA; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id g18-20020a170906349200b0093b064e5934si1529658ejb.464.2023.04.06.12.53.44; Thu, 06 Apr 2023 12:54:10 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=WdcEZbDA; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S238420AbjDFTvc (ORCPT + 99 others); Thu, 6 Apr 2023 15:51:32 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57710 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229626AbjDFTv2 (ORCPT ); Thu, 6 Apr 2023 15:51:28 -0400 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id EEE829012; Thu, 6 Apr 2023 12:51:26 -0700 (PDT) Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id 8B80A62CE1; Thu, 6 Apr 2023 19:51:26 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id E75E4C433EF; Thu, 6 Apr 2023 19:51:25 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1680810686; bh=/s7giKfeSIqZNbsqf9X75JHxU9L9jKT2SkAOoZXyTxQ=; h=From:To:Cc:Subject:Date:From; b=WdcEZbDAhSV3qRTsIEn4xieYPuVjP7x/zfXStn2g84Ui9Hb+mQ2TKHHiNOXoII8e8 Xo2Xl4XziPGlcqjZMkUvovCw1JnOFz8qvw/svxGiTFv2T/plKwUoQmnCCvlfDiBkss PhT4R54hIuXu98K8F1N5fMtLRufzm6YN5e1LksLgTHryki8HxeBE2oflAcHJna6Kea E0o48/Hs5A3jrw7YdkPKpFf1s6LRqOSKz5+yq3ego/ms6u+XPzNXn4ROo1crbD/jGz il6Aey9VwcJNQYnmctWT4R5E60KdNz+GODVw4W5LbqKSwai9TwKTdMdzNWxYQsu2um 9mH5Gbtn0AsyA== From: Jaegeuk Kim To: linux-kernel@vger.kernel.org, linux-f2fs-devel@lists.sourceforge.net Cc: Jaegeuk Kim , stable@vger.kernel.org Subject: [PATCH] f2fs: fix potential corruption when moving a directory Date: Thu, 6 Apr 2023 12:51:22 -0700 Message-Id: <20230406195122.3917650-1-jaegeuk@kernel.org> X-Mailer: git-send-email 2.40.0.577.gac1e443424-goog MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-5.2 required=5.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI,SPF_HELO_NONE, SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org F2FS has the same issue in ext4_rename causing crash revealed by xfstests/generic/707. See also commit 0813299c586b ("ext4: Fix possible corruption when moving a directory") CC: stable@vger.kernel.org Signed-off-by: Jaegeuk Kim --- fs/f2fs/namei.c | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/fs/f2fs/namei.c b/fs/f2fs/namei.c index ad597b417fea..77a71276ecb1 100644 --- a/fs/f2fs/namei.c +++ b/fs/f2fs/namei.c @@ -995,12 +995,20 @@ static int f2fs_rename(struct mnt_idmap *idmap, struct inode *old_dir, goto out; } + /* + * Copied from ext4_rename: we need to protect against old.inode + * directory getting converted from inline directory format into + * a normal one. + */ + if (S_ISDIR(old_inode->i_mode)) + inode_lock_nested(old_inode, I_MUTEX_NONDIR2); + err = -ENOENT; old_entry = f2fs_find_entry(old_dir, &old_dentry->d_name, &old_page); if (!old_entry) { if (IS_ERR(old_page)) err = PTR_ERR(old_page); - goto out; + goto out_unlock_old; } if (S_ISDIR(old_inode->i_mode)) { @@ -1108,6 +1116,9 @@ static int f2fs_rename(struct mnt_idmap *idmap, struct inode *old_dir, f2fs_unlock_op(sbi); + if (S_ISDIR(old_inode->i_mode)) + inode_unlock(old_inode); + if (IS_DIRSYNC(old_dir) || IS_DIRSYNC(new_dir)) f2fs_sync_fs(sbi->sb, 1); @@ -1122,6 +1133,9 @@ static int f2fs_rename(struct mnt_idmap *idmap, struct inode *old_dir, f2fs_put_page(old_dir_page, 0); out_old: f2fs_put_page(old_page, 0); +out_unlock_old: + if (S_ISDIR(old_inode->i_mode)) + inode_unlock(old_inode); out: iput(whiteout); return err; -- 2.40.0.577.gac1e443424-goog