Commit 6be9b564 authored Nov 05, 2024 by Chao Yu Committed by Gu Bowen Nov 05, 2024

f2fs: fix to wait dio completion

mainline inclusion
from mainline-v6.12-rc1
commit 96cfeb0389530ae32ade8a48ae3ae1ac3b6c009d
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/IAYQQH
CVE: CVE-2024-47726

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=96cfeb0389530ae32ade8a48ae3ae1ac3b6c009d



--------------------------------

It should wait all existing dio write IOs before block removal,
otherwise, previous direct write IO may overwrite data in the
block which may be reused by other inode.

Cc: stable@vger.kernel.org
Signed-off-by: Chao Yu <chao@kernel.org>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Conflicts:
	fs/f2fs/file.c
[Context conflicts in f2fs_setattr().]
Signed-off-by: Gu Bowen <gubowen5@huawei.com>

parent c8b75210

fs/f2fs/file.c

+13 −0

Original line number	Diff line number	Diff line
		@@ -938,6 +938,13 @@ int f2fs_setattr(struct dentry dentry, struct iattr attr)
		return err;
		}

		/*
		* wait for inflight dio, blocks should be removed after
		* IO completion.
		*/
		if (attr->ia_size < old_size)
		inode_dio_wait(inode);

		down_write(&F2FS_I(inode)->i_gc_rwsem[WRITE]);
		down_write(&F2FS_I(inode)->i_mmap_sem);

		@@ -1748,6 +1755,12 @@ static long f2fs_fallocate(struct file *file, int mode,
		if (ret)
		goto out;

		/*
		* wait for inflight dio, blocks should be removed after IO
		* completion.
		*/
		inode_dio_wait(inode);

		if (mode & FALLOC_FL_PUNCH_HOLE) {
		if (offset >= inode->i_size)
		goto out;