fs/ntfs3: Additional check in ntfs_file_release

commit 031d6f608290c847ba6378322d0986d08d1a645a upstream.

Reported-by: syzbot+8c652f14a0fde76ff11d@syzkaller.appspotmail.com
Signed-off-by: Konstantin Komarov <almaz.alexandrovich@paragon-software.com>
Signed-off-by: Bin Lan <bin.lan.cn@windriver.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Suraj Jitindar Singh <surajjs@amazon.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/fs/ntfs3/file.c b/fs/ntfs3/file.c
index af7e138064624fd086d376bf5d71051363a89869..2d5d234a4533d6fb426884715e9012bd07609c4d 100644 (file)
--- a/fs/ntfs3/file.c
+++ b/fs/ntfs3/file.c
@@ -1192,8 +1192,16 @@ static int ntfs_file_release(struct inode *inode, struct file *file)
        int err = 0;
 
        /* If we are last writer on the inode, drop the block reservation. */
-       if (sbi->options->prealloc && ((file->f_mode & FMODE_WRITE) &&
-                                     atomic_read(&inode->i_writecount) == 1)) {
+       if (sbi->options->prealloc &&
+           ((file->f_mode & FMODE_WRITE) &&
+            atomic_read(&inode->i_writecount) == 1)
+          /*
+           * The only file when inode->i_fop = &ntfs_file_operations and
+           * init_rwsem(&ni->file.run_lock) is not called explicitly is MFT.
+           *
+           * Add additional check here.
+           */
+           && inode->i_ino != MFT_REC_MFT) {
                ni_lock(ni);
                down_write(&ni->file.run_lock);