5.4-stable patches

added patches:
	fuse-lock-inode-unconditionally-in-fuse_fallocate.patch

diff --git a/queue-5.4/fuse-lock-inode-unconditionally-in-fuse_fallocate.patch b/queue-5.4/fuse-lock-inode-unconditionally-in-fuse_fallocate.patch
new file mode 100644 (file)
index 0000000..37180f7
--- /dev/null
+++ b/queue-5.4/fuse-lock-inode-unconditionally-in-fuse_fallocate.patch
@@ -0,0 +1,69 @@
+From 44361e8cf9ddb23f17bdcc40ca944abf32e83e79 Mon Sep 17 00:00:00 2001
+From: Miklos Szeredi <mszeredi@redhat.com>
+Date: Wed, 23 Nov 2022 09:10:42 +0100
+Subject: fuse: lock inode unconditionally in fuse_fallocate()
+
+From: Miklos Szeredi <mszeredi@redhat.com>
+
+commit 44361e8cf9ddb23f17bdcc40ca944abf32e83e79 upstream.
+
+file_modified() must be called with inode lock held.  fuse_fallocate()
+didn't lock the inode in case of just FALLOC_KEEP_SIZE flags value, which
+resulted in a kernel Warning in notify_change().
+
+Lock the inode unconditionally, like all other fallocate implementations
+do.
+
+Reported-by: Pengfei Xu <pengfei.xu@intel.com>
+Reported-and-tested-by: syzbot+462da39f0667b357c4b6@syzkaller.appspotmail.com
+Fixes: 4a6f278d4827 ("fuse: add file_modified() to fallocate")
+Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/fuse/file.c |   22 ++++++++--------------
+ 1 file changed, 8 insertions(+), 14 deletions(-)
+
+--- a/fs/fuse/file.c
++++ b/fs/fuse/file.c
+@@ -3212,24 +3212,19 @@ static long fuse_file_fallocate(struct f
+               .mode = mode
+       };
+       int err;
+-      bool lock_inode = !(mode & FALLOC_FL_KEEP_SIZE) ||
+-                         (mode & FALLOC_FL_PUNCH_HOLE);
+-
+       if (mode & ~(FALLOC_FL_KEEP_SIZE | FALLOC_FL_PUNCH_HOLE))
+               return -EOPNOTSUPP;
+ 
+       if (fc->no_fallocate)
+               return -EOPNOTSUPP;
+ 
+-      if (lock_inode) {
+-              inode_lock(inode);
+-              if (mode & FALLOC_FL_PUNCH_HOLE) {
+-                      loff_t endbyte = offset + length - 1;
+-
+-                      err = fuse_writeback_range(inode, offset, endbyte);
+-                      if (err)
+-                              goto out;
+-              }
++      inode_lock(inode);
++      if (mode & FALLOC_FL_PUNCH_HOLE) {
++              loff_t endbyte = offset + length - 1;
++
++              err = fuse_writeback_range(inode, offset, endbyte);
++              if (err)
++                      goto out;
+       }
+ 
+       if (!(mode & FALLOC_FL_KEEP_SIZE) &&
+@@ -3276,8 +3271,7 @@ out:
+       if (!(mode & FALLOC_FL_KEEP_SIZE))
+               clear_bit(FUSE_I_SIZE_UNSTABLE, &fi->state);
+ 
+-      if (lock_inode)
+-              inode_unlock(inode);
++      inode_unlock(inode);
+ 
+       return err;
+ }

diff --git a/queue-5.4/series b/queue-5.4/series
index 0ffdd2da81939781cb4e57bbf8a2316862b2e0ff..69a28c07bcead45f24e399acd3c4569765953362 100644 (file)
--- a/queue-5.4/series
+++ b/queue-5.4/series
@@ -84,3 +84,4 @@ btrfs-sysfs-normalize-the-error-handling-branch-in-btrfs_init_sysfs.patch
 drm-amd-dc-dce120-fix-audio-register-mapping-stop-triggering-kasan.patch
 drm-amdgpu-always-register-an-mmu-notifier-for-userptr.patch
 drm-i915-fix-tlb-invalidation-for-gen12-video-and-compute-engines.patch
+fuse-lock-inode-unconditionally-in-fuse_fallocate.patch