diff options
| author | Miklos Szeredi <mszeredi@redhat.com> | 2024-10-21 10:02:51 +0200 |
|---|---|---|
| committer | Miklos Szeredi <mszeredi@redhat.com> | 2024-10-21 10:02:51 +0200 |
| commit | 184429a17f8ffc9e188dee9a4459165014025e71 (patch) | |
| tree | 9c4e1eb7eb68dfc6389e673bd3683ea3131242c1 | |
| parent | fuse: update inode size after extending passthrough write (diff) | |
| download | linux-184429a17f8ffc9e188dee9a4459165014025e71.tar.xz linux-184429a17f8ffc9e188dee9a4459165014025e71.zip | |
Revert "fuse: move initialization of fuse_file to fuse_writepages() instead of in callback"
This reverts commit 672c3b7457fcee9656c36a29a4b21ec4a652433e.
fuse_writepages() might be called with no dirty pages after all writable
opens were closed. In this case __fuse_write_file_get() will return NULL
which will trigger the WARNING.
The exact conditions under which this is triggered is unclear and syzbot
didn't find a reproducer yet.
Reported-by: syzbot+217a976dc26ef2fa8711@syzkaller.appspotmail.com
Link: https://lore.kernel.org/all/CAJnrk1aQwfvb51wQ5rUSf9N8j1hArTFeSkHqC_3T-mU6_BCD=A@mail.gmail.com/
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
| -rw-r--r-- | fs/fuse/file.c | 18 |
1 files changed, 12 insertions, 6 deletions
diff --git a/fs/fuse/file.c b/fs/fuse/file.c index f33fbce86ae0..dafdf766b1d5 100644 --- a/fs/fuse/file.c +++ b/fs/fuse/file.c @@ -2288,6 +2288,13 @@ static int fuse_writepages_fill(struct folio *folio, struct folio *tmp_folio; int err; + if (!data->ff) { + err = -EIO; + data->ff = fuse_write_file_get(fi); + if (!data->ff) + goto out_unlock; + } + if (wpa && fuse_writepage_need_send(fc, &folio->page, ap, data)) { fuse_writepages_send(data); data->wpa = NULL; @@ -2351,13 +2358,13 @@ static int fuse_writepages(struct address_space *mapping, struct writeback_control *wbc) { struct inode *inode = mapping->host; - struct fuse_inode *fi = get_fuse_inode(inode); struct fuse_conn *fc = get_fuse_conn(inode); struct fuse_fill_wb_data data; int err; + err = -EIO; if (fuse_is_bad(inode)) - return -EIO; + goto out; if (wbc->sync_mode == WB_SYNC_NONE && fc->num_background >= fc->congestion_threshold) @@ -2365,9 +2372,7 @@ static int fuse_writepages(struct address_space *mapping, data.inode = inode; data.wpa = NULL; - data.ff = fuse_write_file_get(fi); - if (!data.ff) - return -EIO; + data.ff = NULL; err = -ENOMEM; data.orig_pages = kcalloc(fc->max_pages, @@ -2381,10 +2386,11 @@ static int fuse_writepages(struct address_space *mapping, WARN_ON(!data.wpa->ia.ap.num_pages); fuse_writepages_send(&data); } + if (data.ff) + fuse_file_put(data.ff, false); kfree(data.orig_pages); out: - fuse_file_put(data.ff, false); return err; } |