diff options
| author | Miklos Szeredi <mszeredi@redhat.com> | 2022-04-20 16:05:41 +0200 |
|---|---|---|
| committer | Miklos Szeredi <mszeredi@redhat.com> | 2022-07-21 16:02:45 +0200 |
| commit | 035ff33cf4db101250fb980a3941bf078f37a544 (patch) | |
| tree | 0fda3aa19a62f49540903c49112ec03bc58e3c5d /fs/fuse/file.c | |
| parent | Linux 5.19-rc1 (diff) | |
| download | linux-035ff33cf4db101250fb980a3941bf078f37a544.tar.xz linux-035ff33cf4db101250fb980a3941bf078f37a544.zip | |
fuse: write inode in fuse_release()
A race between write(2) and close(2) allows pages to be dirtied after
fuse_flush -> write_inode_now(). If these pages are not flushed from
fuse_release(), then there might not be a writable open file later. So any
remaining dirty pages must be written back before the file is released.
This is a partial revert of the blamed commit.
Reported-by: syzbot+6e1efbd8efaaa6860e91@syzkaller.appspotmail.com
Fixes: 36ea23374d1f ("fuse: write inode in fuse_vma_close() instead of fuse_release()")
Cc: <stable@vger.kernel.org> # v5.16
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Diffstat (limited to '')
| -rw-r--r-- | fs/fuse/file.c | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/fs/fuse/file.c b/fs/fuse/file.c index 05caa2b9272e..60885ff9157c 100644 --- a/fs/fuse/file.c +++ b/fs/fuse/file.c @@ -338,6 +338,15 @@ static int fuse_open(struct inode *inode, struct file *file) static int fuse_release(struct inode *inode, struct file *file) { + struct fuse_conn *fc = get_fuse_conn(inode); + + /* + * Dirty pages might remain despite write_inode_now() call from + * fuse_flush() due to writes racing with the close. + */ + if (fc->writeback_cache) + write_inode_now(inode, 1); + fuse_release_common(file, false); /* return value is ignored by VFS */ |