fuse: write inode in fuse_release()

commit 035ff33cf4db101250fb980a3941bf078f37a544 upstream. A race between write(2) and close(2) allows pages to be dirtied after fuse_flush -> write_inode_now(). If these pages are not flushed from fuse_release(), then there might not be a writable open file later. So any remaining dirty pages must be written back before the file is released. This is a partial revert of the blamed commit. Reported-by: syzbot+6e1efbd8efaaa6860e91@syzkaller.appspotmail.com Fixes: 36ea23374d1f ("fuse: write inode in fuse_vma_close() instead of fuse_release()") Cc: <stable@vger.kernel.org> # v5.16 Signed-off-by: Miklos Szeredi <mszeredi@redhat.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2022-04-20 16:05:41 +02:00 · 2022-04-20 16:05:41 +02:00 · 4bd9d5d20f
commit 4bd9d5d20f
parent ed2ac89f29
1 changed files with 9 additions and 0 deletions
--- a/fs/fuse/file.c
+++ b/fs/fuse/file.c
@ -338,6 +338,15 @@ static int fuse_open(struct inode *inode, struct file *file)

 static int fuse_release(struct inode *inode, struct file *file)
 {
+	struct fuse_conn *fc = get_fuse_conn(inode);
+
+	/*
+	 * Dirty pages might remain despite write_inode_now() call from
+	 * fuse_flush() due to writes racing with the close.
+	 */
+	if (fc->writeback_cache)
+		write_inode_now(inode, 1);
+
 	fuse_release_common(file, false);

 	/* return value is ignored by VFS */