From: Al Viro <viro@zeniv.linux.org.uk>
Date: Sat, 26 Nov 2022 03:17:17 +0000 (+0000)
Subject: ext2: unbugger ext2_empty_dir()
X-Git-Tag: v6.2-rc1~146^2~6
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=27e714c007e4ad01837bf0fac5c11913a38d7695;p=thirdparty%2Flinux.git

ext2: unbugger ext2_empty_dir()

In 27cfa258951a "ext2: fix fs corruption when trying to remove
a non-empty directory with IO error" a funny thing has happened:

-               page = ext2_get_page(inode, i, dir_has_error, &page_addr);
+               page = ext2_get_page(inode, i, 0, &page_addr);

 -               if (IS_ERR(page)) {
 -                       dir_has_error = 1;
 -                       continue;
 -               }
 +               if (IS_ERR(page))
 +                       goto not_empty;

And at not_empty: we hit ext2_put_page(page, page_addr), which does
put_page(page).  Which, unless I'm very mistaken, should oops
immediately when given ERR_PTR(-E...) as page.

OK, shit happens, insufficiently tested patches included.  But when
commit in question describes the fault-injection test that exercised
that particular failure exit...

Ow.

CC: stable@vger.kernel.org
Fixes: 27cfa258951a ("ext2: fix fs corruption when trying to remove a non-empty directory with IO error")
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Jan Kara <jack@suse.cz>
---

diff --git a/fs/ext2/dir.c b/fs/ext2/dir.c
index 6fa714dbee84a..e5cbc27ba4595 100644
--- a/fs/ext2/dir.c
+++ b/fs/ext2/dir.c
@@ -684,7 +684,7 @@ int ext2_empty_dir (struct inode * inode)
 		page = ext2_get_page(inode, i, 0, &page_addr);
 
 		if (IS_ERR(page))
-			goto not_empty;
+			return 0;
 
 		kaddr = page_addr;
 		de = (ext2_dirent *)kaddr;