udf: Do not update file length for failed writes to inline files

commit 256fe4162f8b5a1625b8603ca5f7ff79725bfb47 upstream.

When write to inline file fails (or happens only partly), we still
updated length of inline data as if the whole write succeeded. Fix the
update of length of inline data to happen only if the write succeeds.

Reported-by: syzbot+0937935b993956ba28ab@syzkaller.appspotmail.com
CC: stable@vger.kernel.org
Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/fs/udf/file.c b/fs/udf/file.c
index 356c2bf148a5d0932f3813ee91966902ee633dbf..1fa074ed06b7c8ed536e7a38ef0a5590a914d013 100644 (file)
--- a/fs/udf/file.c
+++ b/fs/udf/file.c
@@ -148,26 +148,24 @@ static ssize_t udf_file_write_iter(struct kiocb *iocb, struct iov_iter *from)
                goto out;
 
        down_write(&iinfo->i_data_sem);
-       if (iinfo->i_alloc_type == ICBTAG_FLAG_AD_IN_ICB) {
-               loff_t end = iocb->ki_pos + iov_iter_count(from);
-
-               if (inode->i_sb->s_blocksize <
-                               (udf_file_entry_alloc_offset(inode) + end)) {
-                       err = udf_expand_file_adinicb(inode);
-                       if (err) {
-                               inode_unlock(inode);
-                               udf_debug("udf_expand_adinicb: err=%d\n", err);
-                               return err;
-                       }
-               } else {
-                       iinfo->i_lenAlloc = max(end, inode->i_size);
-                       up_write(&iinfo->i_data_sem);
+       if (iinfo->i_alloc_type == ICBTAG_FLAG_AD_IN_ICB &&
+           inode->i_sb->s_blocksize < (udf_file_entry_alloc_offset(inode) +
+                                iocb->ki_pos + iov_iter_count(from))) {
+               err = udf_expand_file_adinicb(inode);
+               if (err) {
+                       inode_unlock(inode);
+                       udf_debug("udf_expand_adinicb: err=%d\n", err);
+                       return err;
                }
        } else
                up_write(&iinfo->i_data_sem);
 
        retval = __generic_file_write_iter(iocb, from);
 out:
+       down_write(&iinfo->i_data_sem);
+       if (iinfo->i_alloc_type == ICBTAG_FLAG_AD_IN_ICB && retval > 0)
+               iinfo->i_lenAlloc = inode->i_size;
+       up_write(&iinfo->i_data_sem);
        inode_unlock(inode);
 
        if (retval > 0) {