f2fs: fix possible data corruption in f2fs_write_begin()

f2fs_write_begin() doesn't initialize the 'dn' variable if the inode has
inline data. However it uses its contents to decide whether it should
just zero out the page or load data to it. Thus if we are unlucky we can
zero out page contents instead of loading inline data into a page.

CC: stable@vger.kernel.org
CC: Changman Lee <cm224.lee@samsung.com>
Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>

diff --git a/fs/f2fs/data.c b/fs/f2fs/data.c
index 973fd7770d56499a9a80f77e8fe591fcbccc4a7b..e3788bd206d88b8ebc75fb2dfcc9152b0a4bd973 100644 (file)
--- a/fs/f2fs/data.c
+++ b/fs/f2fs/data.c
@@ -1017,21 +1017,19 @@ inline_data:
                goto out;
        }
 
-       if (dn.data_blkaddr == NEW_ADDR) {
+       if (f2fs_has_inline_data(inode)) {
+               err = f2fs_read_inline_data(inode, page);
+               if (err) {
+                       page_cache_release(page);
+                       goto fail;
+               }
+       } else if (dn.data_blkaddr == NEW_ADDR) {
                zero_user_segment(page, 0, PAGE_CACHE_SIZE);
        } else {
-               if (f2fs_has_inline_data(inode)) {
-                       err = f2fs_read_inline_data(inode, page);
-                       if (err) {
-                               page_cache_release(page);
-                               goto fail;
-                       }
-               } else {
-                       err = f2fs_submit_page_bio(sbi, page, dn.data_blkaddr,
-                                                       READ_SYNC);
-                       if (err)
-                               goto fail;
-               }
+               err = f2fs_submit_page_bio(sbi, page, dn.data_blkaddr,
+                                          READ_SYNC);
+               if (err)
+                       goto fail;
 
                lock_page(page);
                if (unlikely(!PageUptodate(page))) {