fuse: write inode in fuse_release()
A race between write(2) and close(2) allows pages to be dirtied after
fuse_flush -> write_inode_now(). If these pages are not flushed from
fuse_release(), then there might not be a writable open file later. So any
remaining dirty pages must be written back before the file is released.
This is a partial revert of the blamed commit.
Reported-by: syzbot+6e1efbd8efaaa6860e91@syzkaller.appspotmail.com
Fixes: 36ea23374d
("fuse: write inode in fuse_vma_close() instead of fuse_release()")
Cc: <stable@vger.kernel.org> # v5.16
Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
This commit is contained in:
parent
f2906aa863
commit
035ff33cf4
|
@ -338,6 +338,15 @@ static int fuse_open(struct inode *inode, struct file *file)
|
|||
|
||||
static int fuse_release(struct inode *inode, struct file *file)
|
||||
{
|
||||
struct fuse_conn *fc = get_fuse_conn(inode);
|
||||
|
||||
/*
|
||||
* Dirty pages might remain despite write_inode_now() call from
|
||||
* fuse_flush() due to writes racing with the close.
|
||||
*/
|
||||
if (fc->writeback_cache)
|
||||
write_inode_now(inode, 1);
|
||||
|
||||
fuse_release_common(file, false);
|
||||
|
||||
/* return value is ignored by VFS */
|
||||
|
|
Loading…
Reference in New Issue