diff --git a/patches.suse/fuse-lock-inode-unconditionally-in-fuse_fallocate.patch b/patches.suse/fuse-lock-inode-unconditionally-in-fuse_fallocate.patch new file mode 100644 index 0000000..6450d1f --- /dev/null +++ b/patches.suse/fuse-lock-inode-unconditionally-in-fuse_fallocate.patch @@ -0,0 +1,89 @@ +From: Miklos Szeredi +Date: Wed, 23 Nov 2022 09:10:42 +0100 +Subject: fuse: lock inode unconditionally in fuse_fallocate() +Git-commit: 44361e8cf9ddb23f17bdcc40ca944abf32e83e79 +Patch-mainline: v6.1-rc8 +References: bsc#1206273 + +file_modified() must be called with inode lock held. fuse_fallocate() +didn't lock the inode in case of just FALLOC_KEEP_SIZE flags value, which +resulted in a kernel Warning in notify_change(). + +Lock the inode unconditionally, like all other fallocate implementations +do. + +Reported-by: Pengfei Xu +Reported-and-tested-by: syzbot+462da39f0667b357c4b6@syzkaller.appspotmail.com +Fixes: 4a6f278d4827 ("fuse: add file_modified() to fallocate") +Signed-off-by: Miklos Szeredi +Acked-by: Luis Henriques + +--- + fs/fuse/file.c | 37 ++++++++++++++++--------------------- + 1 file changed, 16 insertions(+), 21 deletions(-) + +diff --git a/fs/fuse/file.c b/fs/fuse/file.c +index 71bfb663aac5..89f4741728ba 100644 +--- a/fs/fuse/file.c ++++ b/fs/fuse/file.c +@@ -2963,11 +2963,9 @@ static long fuse_file_fallocate(struct file *file, int mode, loff_t offset, + .mode = mode + }; + int err; +- bool lock_inode = !(mode & FALLOC_FL_KEEP_SIZE) || +- (mode & (FALLOC_FL_PUNCH_HOLE | +- FALLOC_FL_ZERO_RANGE)); +- +- bool block_faults = FUSE_IS_DAX(inode) && lock_inode; ++ bool block_faults = FUSE_IS_DAX(inode) && ++ (!(mode & FALLOC_FL_KEEP_SIZE) || ++ (mode & (FALLOC_FL_PUNCH_HOLE | FALLOC_FL_ZERO_RANGE))); + + if (mode & ~(FALLOC_FL_KEEP_SIZE | FALLOC_FL_PUNCH_HOLE | + FALLOC_FL_ZERO_RANGE)) +@@ -2976,22 +2974,20 @@ static long fuse_file_fallocate(struct file *file, int mode, loff_t offset, + if (fm->fc->no_fallocate) + return -EOPNOTSUPP; + +- if (lock_inode) { +- inode_lock(inode); +- if (block_faults) { +- filemap_invalidate_lock(inode->i_mapping); +- err = fuse_dax_break_layouts(inode, 0, 0); +- if (err) +- goto out; +- } ++ inode_lock(inode); ++ if (block_faults) { ++ filemap_invalidate_lock(inode->i_mapping); ++ err = fuse_dax_break_layouts(inode, 0, 0); ++ if (err) ++ goto out; ++ } + +- if (mode & (FALLOC_FL_PUNCH_HOLE | FALLOC_FL_ZERO_RANGE)) { +- loff_t endbyte = offset + length - 1; ++ if (mode & (FALLOC_FL_PUNCH_HOLE | FALLOC_FL_ZERO_RANGE)) { ++ loff_t endbyte = offset + length - 1; + +- err = fuse_writeback_range(inode, offset, endbyte); +- if (err) +- goto out; +- } ++ err = fuse_writeback_range(inode, offset, endbyte); ++ if (err) ++ goto out; + } + + if (!(mode & FALLOC_FL_KEEP_SIZE) && +@@ -3039,8 +3035,7 @@ static long fuse_file_fallocate(struct file *file, int mode, loff_t offset, + if (block_faults) + filemap_invalidate_unlock(inode->i_mapping); + +- if (lock_inode) +- inode_unlock(inode); ++ inode_unlock(inode); + + fuse_flush_time_update(inode); + + diff --git a/series.conf b/series.conf index ce370ec..02da8a2 100644 --- a/series.conf +++ b/series.conf @@ -16381,6 +16381,7 @@ patches.suse/usb-dwc3-exynos-Fix-remove-function.patch patches.suse/usb-dwc3-gadget-Clear-ep-descriptor-last.patch patches.suse/usb-cdnsp-fix-issue-with-ZLP-added-TD_SIZE-1.patch + patches.suse/fuse-lock-inode-unconditionally-in-fuse_fallocate.patch patches.suse/can-sja1000_isa-sja1000_isa_probe-add-missing-free_s.patch patches.suse/can-cc770-cc770_isa_probe-add-missing-free_cc770dev.patch patches.suse/can-etas_es58x-es58x_init_netdev-free-netdev-when-re.patch