diff mbox series

[f2fs-dev] f2fs: fix unreleased reader lock on return

Message ID 20240814211640.167728-1-djahchankoike@gmail.com (mailing list archive)
State New
Headers show
Series [f2fs-dev] f2fs: fix unreleased reader lock on return | expand

Commit Message

Diogo Jahchan Koike Aug. 14, 2024, 9:16 p.m. UTC
fix reader lock unreleased in error path.

Fixes: 374a8881ce4c ("f2fs: atomic: fix to forbid dio in atomic_file")
Reported-by: syzbot+733300ca0a9baca7e245@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=733300ca0a9baca7e245
Signed-off-by: Diogo Jahchan Koike <djahchankoike@gmail.com>
---
 fs/f2fs/file.c | 4 ++++
 1 file changed, 4 insertions(+)

Comments

Chao Yu Aug. 15, 2024, 12:51 a.m. UTC | #1
On 2024/8/15 5:16, Diogo Jahchan Koike wrote:
> fix reader lock unreleased in error path.

Thank you for catching this, if you don't mind, I'd like to merge it to
original patch, since it is still in dev-test branch.

Thanks,

> 
> Fixes: 374a8881ce4c ("f2fs: atomic: fix to forbid dio in atomic_file")
> Reported-by: syzbot+733300ca0a9baca7e245@syzkaller.appspotmail.com
> Closes: https://syzkaller.appspot.com/bug?extid=733300ca0a9baca7e245
> Signed-off-by: Diogo Jahchan Koike <djahchankoike@gmail.com>
> ---
>   fs/f2fs/file.c | 4 ++++
>   1 file changed, 4 insertions(+)
> 
> diff --git a/fs/f2fs/file.c b/fs/f2fs/file.c
> index 51f6ffd5f4e2..c9eda5dbd11f 100644
> --- a/fs/f2fs/file.c
> +++ b/fs/f2fs/file.c
> @@ -2172,6 +2172,7 @@ static int f2fs_ioc_start_atomic_write(struct file *filp, bool truncate)
>   	ret = filemap_write_and_wait_range(inode->i_mapping, 0, LLONG_MAX);
>   	if (ret) {
>   		f2fs_up_write(&fi->i_gc_rwsem[WRITE]);
> +		f2fs_up_write(&fi->i_gc_rwsem[READ]);
>   		goto out;
>   	}
>   
> @@ -2181,6 +2182,7 @@ static int f2fs_ioc_start_atomic_write(struct file *filp, bool truncate)
>   		pinode = f2fs_iget(inode->i_sb, fi->i_pino);
>   		if (IS_ERR(pinode)) {
>   			f2fs_up_write(&fi->i_gc_rwsem[WRITE]);
> +			f2fs_up_write(&fi->i_gc_rwsem[READ]);
>   			ret = PTR_ERR(pinode);
>   			goto out;
>   		}
> @@ -2189,6 +2191,7 @@ static int f2fs_ioc_start_atomic_write(struct file *filp, bool truncate)
>   		iput(pinode);
>   		if (ret) {
>   			f2fs_up_write(&fi->i_gc_rwsem[WRITE]);
> +			f2fs_up_write(&fi->i_gc_rwsem[READ]);
>   			goto out;
>   		}
>   
> @@ -2202,6 +2205,7 @@ static int f2fs_ioc_start_atomic_write(struct file *filp, bool truncate)
>   		ret = f2fs_do_truncate_blocks(fi->cow_inode, 0, true);
>   		if (ret) {
>   			f2fs_up_write(&fi->i_gc_rwsem[WRITE]);
> +			f2fs_up_write(&fi->i_gc_rwsem[READ]);
>   			goto out;
>   		}
>   	}
Jaegeuk Kim Aug. 15, 2024, 3:29 p.m. UTC | #2
On 08/15, Diogo Jahchan Koike wrote:
> No problem whatsoever.

Thanks. I removed the original patch from -next. Chao, please post a fixed
version.

> 
> Thanks,
> 
> Em qua., 14 de ago. de 2024, 21:51, Chao Yu <chao@kernel.org> escreveu:
> 
> > On 2024/8/15 5:16, Diogo Jahchan Koike wrote:
> > > fix reader lock unreleased in error path.
> >
> > Thank you for catching this, if you don't mind, I'd like to merge it to
> > original patch, since it is still in dev-test branch.
> >
> > Thanks,
> >
> > >
> > > Fixes: 374a8881ce4c ("f2fs: atomic: fix to forbid dio in atomic_file")
> > > Reported-by: syzbot+733300ca0a9baca7e245@syzkaller.appspotmail.com
> > > Closes: https://syzkaller.appspot.com/bug?extid=733300ca0a9baca7e245
> > > Signed-off-by: Diogo Jahchan Koike <djahchankoike@gmail.com>
> > > ---
> > >   fs/f2fs/file.c | 4 ++++
> > >   1 file changed, 4 insertions(+)
> > >
> > > diff --git a/fs/f2fs/file.c b/fs/f2fs/file.c
> > > index 51f6ffd5f4e2..c9eda5dbd11f 100644
> > > --- a/fs/f2fs/file.c
> > > +++ b/fs/f2fs/file.c
> > > @@ -2172,6 +2172,7 @@ static int f2fs_ioc_start_atomic_write(struct file
> > *filp, bool truncate)
> > >       ret = filemap_write_and_wait_range(inode->i_mapping, 0, LLONG_MAX);
> > >       if (ret) {
> > >               f2fs_up_write(&fi->i_gc_rwsem[WRITE]);
> > > +             f2fs_up_write(&fi->i_gc_rwsem[READ]);
> > >               goto out;
> > >       }
> > >
> > > @@ -2181,6 +2182,7 @@ static int f2fs_ioc_start_atomic_write(struct file
> > *filp, bool truncate)
> > >               pinode = f2fs_iget(inode->i_sb, fi->i_pino);
> > >               if (IS_ERR(pinode)) {
> > >                       f2fs_up_write(&fi->i_gc_rwsem[WRITE]);
> > > +                     f2fs_up_write(&fi->i_gc_rwsem[READ]);
> > >                       ret = PTR_ERR(pinode);
> > >                       goto out;
> > >               }
> > > @@ -2189,6 +2191,7 @@ static int f2fs_ioc_start_atomic_write(struct file
> > *filp, bool truncate)
> > >               iput(pinode);
> > >               if (ret) {
> > >                       f2fs_up_write(&fi->i_gc_rwsem[WRITE]);
> > > +                     f2fs_up_write(&fi->i_gc_rwsem[READ]);
> > >                       goto out;
> > >               }
> > >
> > > @@ -2202,6 +2205,7 @@ static int f2fs_ioc_start_atomic_write(struct file
> > *filp, bool truncate)
> > >               ret = f2fs_do_truncate_blocks(fi->cow_inode, 0, true);
> > >               if (ret) {
> > >                       f2fs_up_write(&fi->i_gc_rwsem[WRITE]);
> > > +                     f2fs_up_write(&fi->i_gc_rwsem[READ]);
> > >                       goto out;
> > >               }
> > >       }
> >
> >
diff mbox series

Patch

diff --git a/fs/f2fs/file.c b/fs/f2fs/file.c
index 51f6ffd5f4e2..c9eda5dbd11f 100644
--- a/fs/f2fs/file.c
+++ b/fs/f2fs/file.c
@@ -2172,6 +2172,7 @@  static int f2fs_ioc_start_atomic_write(struct file *filp, bool truncate)
 	ret = filemap_write_and_wait_range(inode->i_mapping, 0, LLONG_MAX);
 	if (ret) {
 		f2fs_up_write(&fi->i_gc_rwsem[WRITE]);
+		f2fs_up_write(&fi->i_gc_rwsem[READ]);
 		goto out;
 	}
 
@@ -2181,6 +2182,7 @@  static int f2fs_ioc_start_atomic_write(struct file *filp, bool truncate)
 		pinode = f2fs_iget(inode->i_sb, fi->i_pino);
 		if (IS_ERR(pinode)) {
 			f2fs_up_write(&fi->i_gc_rwsem[WRITE]);
+			f2fs_up_write(&fi->i_gc_rwsem[READ]);
 			ret = PTR_ERR(pinode);
 			goto out;
 		}
@@ -2189,6 +2191,7 @@  static int f2fs_ioc_start_atomic_write(struct file *filp, bool truncate)
 		iput(pinode);
 		if (ret) {
 			f2fs_up_write(&fi->i_gc_rwsem[WRITE]);
+			f2fs_up_write(&fi->i_gc_rwsem[READ]);
 			goto out;
 		}
 
@@ -2202,6 +2205,7 @@  static int f2fs_ioc_start_atomic_write(struct file *filp, bool truncate)
 		ret = f2fs_do_truncate_blocks(fi->cow_inode, 0, true);
 		if (ret) {
 			f2fs_up_write(&fi->i_gc_rwsem[WRITE]);
+			f2fs_up_write(&fi->i_gc_rwsem[READ]);
 			goto out;
 		}
 	}