f2fs: fix potential corruption when moving a directory

commit d94772154e524b329a168678836745d2773a6e02 upstream.

F2FS has the same issue in ext4_rename causing crash revealed by
xfstests/generic/707.

See also commit 0813299c586b ("ext4: Fix possible corruption when moving a directory")

CC: stable@vger.kernel.org
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/fs/f2fs/namei.c b/fs/f2fs/namei.c
index 7a86a8dcf4f1cfeeef2b4e6c004e75deb6852273..f3b7ed54f402fc9d631f6a45849d5bb2664b50d0 100644 (file)
--- a/fs/f2fs/namei.c
+++ b/fs/f2fs/namei.c
@@ -991,12 +991,20 @@ static int f2fs_rename(struct inode *old_dir, struct dentry *old_dentry,
                        goto out;
        }
 
+       /*
+        * Copied from ext4_rename: we need to protect against old.inode
+        * directory getting converted from inline directory format into
+        * a normal one.
+        */
+       if (S_ISDIR(old_inode->i_mode))
+               inode_lock_nested(old_inode, I_MUTEX_NONDIR2);
+
        err = -ENOENT;
        old_entry = f2fs_find_entry(old_dir, &old_dentry->d_name, &old_page);
        if (!old_entry) {
                if (IS_ERR(old_page))
                        err = PTR_ERR(old_page);
-               goto out;
+               goto out_unlock_old;
        }
 
        if (S_ISDIR(old_inode->i_mode)) {
@@ -1104,6 +1112,9 @@ static int f2fs_rename(struct inode *old_dir, struct dentry *old_dentry,
 
        f2fs_unlock_op(sbi);
 
+       if (S_ISDIR(old_inode->i_mode))
+               inode_unlock(old_inode);
+
        if (IS_DIRSYNC(old_dir) || IS_DIRSYNC(new_dir))
                f2fs_sync_fs(sbi->sb, 1);
 
@@ -1118,6 +1129,9 @@ static int f2fs_rename(struct inode *old_dir, struct dentry *old_dentry,
                f2fs_put_page(old_dir_page, 0);
 out_old:
        f2fs_put_page(old_page, 0);
+out_unlock_old:
+       if (S_ISDIR(old_inode->i_mode))
+               inode_unlock(old_inode);
 out:
        if (whiteout)
                iput(whiteout);