f2fs: fix potential corruption in area before F2FS_SUPER_OFFSET
authorSheng Yong <shengyong1@huawei.com>
Mon, 29 Jan 2018 11:13:15 +0000 (19:13 +0800)
committerJaegeuk Kim <jaegeuk@kernel.org>
Mon, 12 Mar 2018 23:05:29 +0000 (08:05 +0900)
sb_getblk does not guarantee the buffer head is uptodate. If bh is not
uptodate, the data (may be used as boot code) in area before
F2FS_SUPER_OFFSET may get corrupted when super block is committed.

Signed-off-by: Sheng Yong <shengyong1@huawei.com>
Reviewed-by: Chao Yu <yuchao0@huawei.com>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
fs/f2fs/super.c

index 8173ae688814a04bc2ff2d53e3f566dace0b52ce..3db1f02ed8c2d16e7412c3e33e5f1a06c1d9ab9b 100644 (file)
@@ -1894,7 +1894,6 @@ static int __f2fs_commit_super(struct buffer_head *bh,
        lock_buffer(bh);
        if (super)
                memcpy(bh->b_data + F2FS_SUPER_OFFSET, super, sizeof(*super));
-       set_buffer_uptodate(bh);
        set_buffer_dirty(bh);
        unlock_buffer(bh);
 
@@ -2334,7 +2333,7 @@ int f2fs_commit_super(struct f2fs_sb_info *sbi, bool recover)
        }
 
        /* write back-up superblock first */
-       bh = sb_getblk(sbi->sb, sbi->valid_super_block ? 0: 1);
+       bh = sb_bread(sbi->sb, sbi->valid_super_block ? 0 : 1);
        if (!bh)
                return -EIO;
        err = __f2fs_commit_super(bh, F2FS_RAW_SUPER(sbi));
@@ -2345,7 +2344,7 @@ int f2fs_commit_super(struct f2fs_sb_info *sbi, bool recover)
                return err;
 
        /* write current valid superblock */
-       bh = sb_getblk(sbi->sb, sbi->valid_super_block);
+       bh = sb_bread(sbi->sb, sbi->valid_super_block);
        if (!bh)
                return -EIO;
        err = __f2fs_commit_super(bh, F2FS_RAW_SUPER(sbi));