[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20201027134907.890094564@linuxfoundation.org>
Date: Tue, 27 Oct 2020 14:50:15 +0100
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-kernel@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
stable@...r.kernel.org,
syzbot+187510916eb6a14598f7@...kaller.appspotmail.com,
Eric Biggers <ebiggers@...gle.com>, Jan Kara <jack@...e.cz>,
Sasha Levin <sashal@...nel.org>
Subject: [PATCH 4.9 121/139] reiserfs: only call unlock_new_inode() if I_NEW
From: Eric Biggers <ebiggers@...gle.com>
[ Upstream commit 8859bf2b1278d064a139e3031451524a49a56bd0 ]
unlock_new_inode() is only meant to be called after a new inode has
already been inserted into the hash table. But reiserfs_new_inode() can
call it even before it has inserted the inode, triggering the WARNING in
unlock_new_inode(). Fix this by only calling unlock_new_inode() if the
inode has the I_NEW flag set, indicating that it's in the table.
This addresses the syzbot report "WARNING in unlock_new_inode"
(https://syzkaller.appspot.com/bug?extid=187510916eb6a14598f7).
Link: https://lore.kernel.org/r/20200628070057.820213-1-ebiggers@kernel.org
Reported-by: syzbot+187510916eb6a14598f7@...kaller.appspotmail.com
Signed-off-by: Eric Biggers <ebiggers@...gle.com>
Signed-off-by: Jan Kara <jack@...e.cz>
Signed-off-by: Sasha Levin <sashal@...nel.org>
---
fs/reiserfs/inode.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/fs/reiserfs/inode.c b/fs/reiserfs/inode.c
index 897154e993800..f28999f717761 100644
--- a/fs/reiserfs/inode.c
+++ b/fs/reiserfs/inode.c
@@ -2166,7 +2166,8 @@ int reiserfs_new_inode(struct reiserfs_transaction_handle *th,
out_inserted_sd:
clear_nlink(inode);
th->t_trans_id = 0; /* so the caller can't use this handle later */
- unlock_new_inode(inode); /* OK to do even if we hadn't locked it */
+ if (inode->i_state & I_NEW)
+ unlock_new_inode(inode);
iput(inode);
return err;
}
--
2.25.1
Powered by blists - more mailing lists