| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <0000000000002bcec5061fa95396@google.com>
Date: Wed, 14 Aug 2024 11:59:25 -0700
From: syzbot <syzbot+733300ca0a9baca7e245@...kaller.appspotmail.com>
To: linux-kernel@...r.kernel.org
Subject: Re: [syzbot] WARNING: lock held when returning to user space in f2fs_ioc_start_atomic_write
For archival purposes, forwarding an incoming command email to
linux-kernel@...r.kernel.org.
***
Subject: WARNING: lock held when returning to user space in f2fs_ioc_start_atomic_write
Author: djahchankoike@...il.com
#syz test
Reader lock unreleased when returning upon error.
Signed-off-by: Diogo Jahchan Koike <djahchankoike@...il.com>
---
fs/f2fs/file.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/fs/f2fs/file.c b/fs/f2fs/file.c
index 270c32e3385f..3ce8478ae5be 100644
--- a/fs/f2fs/file.c
+++ b/fs/f2fs/file.c
@@ -2172,6 +2172,7 @@ static int f2fs_ioc_start_atomic_write(struct file *filp, bool truncate)
ret = filemap_write_and_wait_range(inode->i_mapping, 0, LLONG_MAX);
if (ret) {
f2fs_up_write(&fi->i_gc_rwsem[WRITE]);
+ f2fs_up_write(&fi->i_gc_rwsem[READ]);
goto out;
}
@@ -2181,6 +2182,7 @@ static int f2fs_ioc_start_atomic_write(struct file *filp, bool truncate)
pinode = f2fs_iget(inode->i_sb, fi->i_pino);
if (IS_ERR(pinode)) {
f2fs_up_write(&fi->i_gc_rwsem[WRITE]);
+ f2fs_up_write(&fi->i_gc_rwsem[READ]);
ret = PTR_ERR(pinode);
goto out;
}
@@ -2189,6 +2191,7 @@ static int f2fs_ioc_start_atomic_write(struct file *filp, bool truncate)
iput(pinode);
if (ret) {
f2fs_up_write(&fi->i_gc_rwsem[WRITE]);
+ f2fs_up_write(&fi->i_gc_rwsem[READ]);
goto out;
}
@@ -2202,6 +2205,7 @@ static int f2fs_ioc_start_atomic_write(struct file *filp, bool truncate)
ret = f2fs_do_truncate_blocks(fi->cow_inode, 0, true);
if (ret) {
f2fs_up_write(&fi->i_gc_rwsem[WRITE]);
+ f2fs_up_write(&fi->i_gc_rwsem[READ]);
goto out;
}
}
--
2.39.2
Powered by blists - more mailing lists