5.10-stable patches

added patches:
	fuse-lock-inode-unconditionally-in-fuse_fallocate.patch

diff --git a/queue-5.10/fuse-lock-inode-unconditionally-in-fuse_fallocate.patch b/queue-5.10/fuse-lock-inode-unconditionally-in-fuse_fallocate.patch
new file mode 100644 (file)
index 0000000..bb960b6
--- /dev/null
+++ b/queue-5.10/fuse-lock-inode-unconditionally-in-fuse_fallocate.patch
@@ -0,0 +1,88 @@
+From 44361e8cf9ddb23f17bdcc40ca944abf32e83e79 Mon Sep 17 00:00:00 2001
+From: Miklos Szeredi <mszeredi@redhat.com>
+Date: Wed, 23 Nov 2022 09:10:42 +0100
+Subject: fuse: lock inode unconditionally in fuse_fallocate()
+
+From: Miklos Szeredi <mszeredi@redhat.com>
+
+commit 44361e8cf9ddb23f17bdcc40ca944abf32e83e79 upstream.
+
+file_modified() must be called with inode lock held.  fuse_fallocate()
+didn't lock the inode in case of just FALLOC_KEEP_SIZE flags value, which
+resulted in a kernel Warning in notify_change().
+
+Lock the inode unconditionally, like all other fallocate implementations
+do.
+
+Reported-by: Pengfei Xu <pengfei.xu@intel.com>
+Reported-and-tested-by: syzbot+462da39f0667b357c4b6@syzkaller.appspotmail.com
+Fixes: 4a6f278d4827 ("fuse: add file_modified() to fallocate")
+Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ fs/fuse/file.c |   40 ++++++++++++++++++----------------------
+ 1 file changed, 18 insertions(+), 22 deletions(-)
+
+--- a/fs/fuse/file.c
++++ b/fs/fuse/file.c
+@@ -3275,10 +3275,9 @@ static long fuse_file_fallocate(struct f
+               .mode = mode
+       };
+       int err;
+-      bool lock_inode = !(mode & FALLOC_FL_KEEP_SIZE) ||
+-                         (mode & FALLOC_FL_PUNCH_HOLE);
+-
+-      bool block_faults = FUSE_IS_DAX(inode) && lock_inode;
++      bool block_faults = FUSE_IS_DAX(inode) &&
++              (!(mode & FALLOC_FL_KEEP_SIZE) ||
++               (mode & FALLOC_FL_PUNCH_HOLE));
+ 
+       if (mode & ~(FALLOC_FL_KEEP_SIZE | FALLOC_FL_PUNCH_HOLE))
+               return -EOPNOTSUPP;
+@@ -3286,22 +3285,20 @@ static long fuse_file_fallocate(struct f
+       if (fm->fc->no_fallocate)
+               return -EOPNOTSUPP;
+ 
+-      if (lock_inode) {
+-              inode_lock(inode);
+-              if (block_faults) {
+-                      down_write(&fi->i_mmap_sem);
+-                      err = fuse_dax_break_layouts(inode, 0, 0);
+-                      if (err)
+-                              goto out;
+-              }
+-
+-              if (mode & FALLOC_FL_PUNCH_HOLE) {
+-                      loff_t endbyte = offset + length - 1;
+-
+-                      err = fuse_writeback_range(inode, offset, endbyte);
+-                      if (err)
+-                              goto out;
+-              }
++      inode_lock(inode);
++      if (block_faults) {
++              down_write(&fi->i_mmap_sem);
++              err = fuse_dax_break_layouts(inode, 0, 0);
++              if (err)
++                      goto out;
++      }
++
++      if (mode & FALLOC_FL_PUNCH_HOLE) {
++              loff_t endbyte = offset + length - 1;
++
++              err = fuse_writeback_range(inode, offset, endbyte);
++              if (err)
++                      goto out;
+       }
+ 
+       if (!(mode & FALLOC_FL_KEEP_SIZE) &&
+@@ -3351,8 +3348,7 @@ out:
+       if (block_faults)
+               up_write(&fi->i_mmap_sem);
+ 
+-      if (lock_inode)
+-              inode_unlock(inode);
++      inode_unlock(inode);
+ 
+       fuse_flush_time_update(inode);
+ 

diff --git a/queue-5.10/series b/queue-5.10/series
index 8b0f5b3d672ee54f0d3b6037e77e6c4b809c4946..641aae52d6a69293da128030cf98aff52bdb68c3 100644 (file)
--- a/queue-5.10/series
+++ b/queue-5.10/series
@@ -157,3 +157,4 @@ btrfs-sysfs-normalize-the-error-handling-branch-in-btrfs_init_sysfs.patch
 drm-amd-dc-dce120-fix-audio-register-mapping-stop-triggering-kasan.patch
 drm-amdgpu-always-register-an-mmu-notifier-for-userptr.patch
 drm-i915-fix-tlb-invalidation-for-gen12-video-and-compute-engines.patch
+fuse-lock-inode-unconditionally-in-fuse_fallocate.patch