| Message ID | 20240814211640.167728-1-djahchankoike@gmail.com (mailing list archive) |
|---|---|
| State | New |
| Headers | show |
| Series | [f2fs-dev] f2fs: fix unreleased reader lock on return | expand |
On 2024/8/15 5:16, Diogo Jahchan Koike wrote: > fix reader lock unreleased in error path. Thank you for catching this, if you don't mind, I'd like to merge it to original patch, since it is still in dev-test branch. Thanks, > > Fixes: 374a8881ce4c ("f2fs: atomic: fix to forbid dio in atomic_file") > Reported-by: syzbot+733300ca0a9baca7e245@syzkaller.appspotmail.com > Closes: https://syzkaller.appspot.com/bug?extid=733300ca0a9baca7e245 > Signed-off-by: Diogo Jahchan Koike <djahchankoike@gmail.com> > --- > fs/f2fs/file.c | 4 ++++ > 1 file changed, 4 insertions(+) > > diff --git a/fs/f2fs/file.c b/fs/f2fs/file.c > index 51f6ffd5f4e2..c9eda5dbd11f 100644 > --- a/fs/f2fs/file.c > +++ b/fs/f2fs/file.c > @@ -2172,6 +2172,7 @@ static int f2fs_ioc_start_atomic_write(struct file *filp, bool truncate) > ret = filemap_write_and_wait_range(inode->i_mapping, 0, LLONG_MAX); > if (ret) { > f2fs_up_write(&fi->i_gc_rwsem[WRITE]); > + f2fs_up_write(&fi->i_gc_rwsem[READ]); > goto out; > } > > @@ -2181,6 +2182,7 @@ static int f2fs_ioc_start_atomic_write(struct file *filp, bool truncate) > pinode = f2fs_iget(inode->i_sb, fi->i_pino); > if (IS_ERR(pinode)) { > f2fs_up_write(&fi->i_gc_rwsem[WRITE]); > + f2fs_up_write(&fi->i_gc_rwsem[READ]); > ret = PTR_ERR(pinode); > goto out; > } > @@ -2189,6 +2191,7 @@ static int f2fs_ioc_start_atomic_write(struct file *filp, bool truncate) > iput(pinode); > if (ret) { > f2fs_up_write(&fi->i_gc_rwsem[WRITE]); > + f2fs_up_write(&fi->i_gc_rwsem[READ]); > goto out; > } > > @@ -2202,6 +2205,7 @@ static int f2fs_ioc_start_atomic_write(struct file *filp, bool truncate) > ret = f2fs_do_truncate_blocks(fi->cow_inode, 0, true); > if (ret) { > f2fs_up_write(&fi->i_gc_rwsem[WRITE]); > + f2fs_up_write(&fi->i_gc_rwsem[READ]); > goto out; > } > }
On 08/15, Diogo Jahchan Koike wrote: > No problem whatsoever. Thanks. I removed the original patch from -next. Chao, please post a fixed version. > > Thanks, > > Em qua., 14 de ago. de 2024, 21:51, Chao Yu <chao@kernel.org> escreveu: > > > On 2024/8/15 5:16, Diogo Jahchan Koike wrote: > > > fix reader lock unreleased in error path. > > > > Thank you for catching this, if you don't mind, I'd like to merge it to > > original patch, since it is still in dev-test branch. > > > > Thanks, > > > > > > > > Fixes: 374a8881ce4c ("f2fs: atomic: fix to forbid dio in atomic_file") > > > Reported-by: syzbot+733300ca0a9baca7e245@syzkaller.appspotmail.com > > > Closes: https://syzkaller.appspot.com/bug?extid=733300ca0a9baca7e245 > > > Signed-off-by: Diogo Jahchan Koike <djahchankoike@gmail.com> > > > --- > > > fs/f2fs/file.c | 4 ++++ > > > 1 file changed, 4 insertions(+) > > > > > > diff --git a/fs/f2fs/file.c b/fs/f2fs/file.c > > > index 51f6ffd5f4e2..c9eda5dbd11f 100644 > > > --- a/fs/f2fs/file.c > > > +++ b/fs/f2fs/file.c > > > @@ -2172,6 +2172,7 @@ static int f2fs_ioc_start_atomic_write(struct file > > *filp, bool truncate) > > > ret = filemap_write_and_wait_range(inode->i_mapping, 0, LLONG_MAX); > > > if (ret) { > > > f2fs_up_write(&fi->i_gc_rwsem[WRITE]); > > > + f2fs_up_write(&fi->i_gc_rwsem[READ]); > > > goto out; > > > } > > > > > > @@ -2181,6 +2182,7 @@ static int f2fs_ioc_start_atomic_write(struct file > > *filp, bool truncate) > > > pinode = f2fs_iget(inode->i_sb, fi->i_pino); > > > if (IS_ERR(pinode)) { > > > f2fs_up_write(&fi->i_gc_rwsem[WRITE]); > > > + f2fs_up_write(&fi->i_gc_rwsem[READ]); > > > ret = PTR_ERR(pinode); > > > goto out; > > > } > > > @@ -2189,6 +2191,7 @@ static int f2fs_ioc_start_atomic_write(struct file > > *filp, bool truncate) > > > iput(pinode); > > > if (ret) { > > > f2fs_up_write(&fi->i_gc_rwsem[WRITE]); > > > + f2fs_up_write(&fi->i_gc_rwsem[READ]); > > > goto out; > > > } > > > > > > @@ -2202,6 +2205,7 @@ static int f2fs_ioc_start_atomic_write(struct file > > *filp, bool truncate) > > > ret = f2fs_do_truncate_blocks(fi->cow_inode, 0, true); > > > if (ret) { > > > f2fs_up_write(&fi->i_gc_rwsem[WRITE]); > > > + f2fs_up_write(&fi->i_gc_rwsem[READ]); > > > goto out; > > > } > > > } > > > >
diff --git a/fs/f2fs/file.c b/fs/f2fs/file.c index 51f6ffd5f4e2..c9eda5dbd11f 100644 --- a/fs/f2fs/file.c +++ b/fs/f2fs/file.c @@ -2172,6 +2172,7 @@ static int f2fs_ioc_start_atomic_write(struct file *filp, bool truncate) ret = filemap_write_and_wait_range(inode->i_mapping, 0, LLONG_MAX); if (ret) { f2fs_up_write(&fi->i_gc_rwsem[WRITE]); + f2fs_up_write(&fi->i_gc_rwsem[READ]); goto out; } @@ -2181,6 +2182,7 @@ static int f2fs_ioc_start_atomic_write(struct file *filp, bool truncate) pinode = f2fs_iget(inode->i_sb, fi->i_pino); if (IS_ERR(pinode)) { f2fs_up_write(&fi->i_gc_rwsem[WRITE]); + f2fs_up_write(&fi->i_gc_rwsem[READ]); ret = PTR_ERR(pinode); goto out; } @@ -2189,6 +2191,7 @@ static int f2fs_ioc_start_atomic_write(struct file *filp, bool truncate) iput(pinode); if (ret) { f2fs_up_write(&fi->i_gc_rwsem[WRITE]); + f2fs_up_write(&fi->i_gc_rwsem[READ]); goto out; } @@ -2202,6 +2205,7 @@ static int f2fs_ioc_start_atomic_write(struct file *filp, bool truncate) ret = f2fs_do_truncate_blocks(fi->cow_inode, 0, true); if (ret) { f2fs_up_write(&fi->i_gc_rwsem[WRITE]); + f2fs_up_write(&fi->i_gc_rwsem[READ]); goto out; } }
fix reader lock unreleased in error path. Fixes: 374a8881ce4c ("f2fs: atomic: fix to forbid dio in atomic_file") Reported-by: syzbot+733300ca0a9baca7e245@syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=733300ca0a9baca7e245 Signed-off-by: Diogo Jahchan Koike <djahchankoike@gmail.com> --- fs/f2fs/file.c | 4 ++++ 1 file changed, 4 insertions(+)