udf: Fix directory corruption after extent merging

If udf_bread() called from udf_add_entry() managed to merge created extent to
an already existing one (or if previous extents could be merged), the code
truncating the last extent to proper size would just overwrite the freshly
allocated extent with an extent that used to be in that place.  This obviously
results in a directory corruption. Fix the problem by properly reloading the
last extent.

Signed-off-by: Jan Kara <jack@suse.cz>

diff --git a/fs/udf/namei.c b/fs/udf/namei.c
index 26815a2..a2974f7 100644 (file)
--- a/fs/udf/namei.c
+++ b/fs/udf/namei.c
@@ -471,15 +471,19 @@ add:
                                f_pos >> dir->i_sb->s_blocksize_bits, 1, err);
                if (!fibh->ebh)
                        goto out_err;
+               /* Extents could have been merged, invalidate our position */
+               brelse(epos.bh);
+               epos.bh = NULL;
+               epos.block = dinfo->i_location;
+               epos.offset = udf_file_entry_alloc_offset(dir);
 
                if (!fibh->soffset) {
-                       if (udf_next_aext(dir, &epos, &eloc, &elen, 1) ==
-                           (EXT_RECORDED_ALLOCATED >> 30)) {
-                               block = eloc.logicalBlockNum + ((elen - 1) >>
+                       /* Find the freshly allocated block */
+                       while (udf_next_aext(dir, &epos, &eloc, &elen, 1) ==
+                               (EXT_RECORDED_ALLOCATED >> 30))
+                               ;
+                       block = eloc.logicalBlockNum + ((elen - 1) >>
                                        dir->i_sb->s_blocksize_bits);
-                       } else
-                               block++;
-
                        brelse(fibh->sbh);
                        fibh->sbh = fibh->ebh;
                        fi = (struct fileIdentDesc *)(fibh->sbh->b_data);