git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	Christoph Hellwig <hch@lst.de>
	Wed, 22 Jan 2025 05:43:21 +0000 (06:43 +0100)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Mon, 17 Feb 2025 09:05:29 +0000 (10:05 +0100)
commit	88678371a53e8b7826fa830a3d52772814e84c98
tree	c1888fb62b3ea2b278116a0d890012ba71d7df11	tree
parent	df751229b5c654b5a648f8732ddf51db3e2c663b	commit \| diff

xfs: don't call remap_verify_area with sb write protection held

commit f5f0ed89f13e3e5246404a322ee85169a226bfb5 upstream.

The XFS_IOC_EXCHANGE_RANGE ioctl with the XFS_EXCHANGE_RANGE_TO_EOF flag
operates on a range bounded by the end of the file.  This means the
actual amount of blocks exchanged is derived from the inode size, which
is only stable with the IOLOCK (i_rwsem) held.  Do that, it currently
calls remap_verify_area from inside the sb write protection which nests
outside the IOLOCK.  But this makes fsnotify_file_area_perm which is
called from remap_verify_area unhappy when the kernel is built with
lockdep and the recently added CONFIG_FANOTIFY_ACCESS_PERMISSIONS
option.

Fix this by always calling remap_verify_area before taking the write
protection, and passing a 0 size to remap_verify_area similar to
the FICLONE/FICLONERANGE ioctls when they are asked to clone until
the file end.

(Note: the size argument gets passed to fsnotify_file_area_perm, but
then isn't actually used there).

Fixes: 9a64d9b3109d ("xfs: introduce new file range exchange ioctl")
Cc: <stable@vger.kernel.org> # v6.10
Signed-off-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Darrick J. Wong <djwong@kernel.org>
Signed-off-by: Carlos Maiolino <cem@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>