This is a note to let you know that I've just added the patch titled
ext4: Fix possible corruption when moving a directory
to the 6.2-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
ext4-fix-possible-corruption-when-moving-a-directory.patch
and it can be found in the queue-6.2 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
>From 0813299c586b175d7edb25f56412c54b812d0379 Mon Sep 17 00:00:00 2001
From: Jan Kara <jack@xxxxxxx>
Date: Thu, 26 Jan 2023 12:22:21 +0100
Subject: ext4: Fix possible corruption when moving a directory
From: Jan Kara <jack@xxxxxxx>
commit 0813299c586b175d7edb25f56412c54b812d0379 upstream.
When we are renaming a directory to a different directory, we need to
update '..' entry in the moved directory. However nothing prevents moved
directory from being modified and even converted from the inline format
to the normal format. When such race happens the rename code gets
confused and we crash. Fix the problem by locking the moved directory.
CC: stable@xxxxxxxxxxxxxxx
Fixes: 32f7f22c0b52 ("ext4: let ext4_rename handle inline dir")
Signed-off-by: Jan Kara <jack@xxxxxxx>
Link: https://lore.kernel.org/r/20230126112221.11866-1-jack@xxxxxxx
Signed-off-by: Theodore Ts'o <tytso@xxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
fs/ext4/namei.c | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
--- a/fs/ext4/namei.c
+++ b/fs/ext4/namei.c
@@ -3872,9 +3872,16 @@ static int ext4_rename(struct user_names
if (new.dir != old.dir && EXT4_DIR_LINK_MAX(new.dir))
goto end_rename;
}
+ /*
+ * We need to protect against old.inode directory getting
+ * converted from inline directory format into a normal one.
+ */
+ inode_lock_nested(old.inode, I_MUTEX_NONDIR2);
retval = ext4_rename_dir_prepare(handle, &old);
- if (retval)
+ if (retval) {
+ inode_unlock(old.inode);
goto end_rename;
+ }
}
/*
* If we're renaming a file within an inline_data dir and adding or
@@ -4006,6 +4013,8 @@ end_rename:
} else {
ext4_journal_stop(handle);
}
+ if (old.dir_bh)
+ inode_unlock(old.inode);
release_bh:
brelse(old.dir_bh);
brelse(old.bh);
Patches currently in stable-queue which might be from jack@xxxxxxx are
queue-6.2/udf-fix-file-corruption-when-appending-just-after-end-of-preallocated-extent.patch
queue-6.2/block-fix-scan-partition-for-exclusively-open-device-again.patch
queue-6.2/sbitmap-correct-wake_batch-recalculation-to-avoid-po.patch
queue-6.2/jbd2-fix-data-missing-when-reusing-bh-which-is-ready-to-be-checkpointed.patch
queue-6.2/udf-do-not-update-file-length-for-failed-writes-to-inline-files.patch
queue-6.2/ext4-fix-possible-corruption-when-moving-a-directory.patch
queue-6.2/udf-truncate-added-extents-on-failed-expansion.patch
queue-6.2/udf-detect-system-inodes-linked-into-directory-hierarchy.patch
queue-6.2/udf-do-not-bother-merging-very-long-extents.patch
queue-6.2/udf-define-efscorrupted-error-code.patch
queue-6.2/sbitmap-remove-redundant-check-in-__sbitmap_queue_ge.patch
queue-6.2/udf-preserve-link-count-of-system-files.patch
