Commit ac72dfd3 authored Nov 07, 2024 by Chao Yu Committed by Gu Bowen Nov 07, 2024

f2fs: fix to wait dio completion

mainline inclusion
from mainline-v6.12-rc1
commit 96cfeb0389530ae32ade8a48ae3ae1ac3b6c009d
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/IAYQQH
CVE: CVE-2024-47726

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=96cfeb0389530ae32ade8a48ae3ae1ac3b6c009d



--------------------------------

It should wait all existing dio write IOs before block removal,
otherwise, previous direct write IO may overwrite data in the
block which may be reused by other inode.

Cc: stable@vger.kernel.org
Signed-off-by: Chao Yu <chao@kernel.org>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Conflicts:
	fs/f2fs/file.c
[Context conflicts f2fs_setattr().]
Signed-off-by: Gu Bowen <gubowen5@huawei.com>

parent 22b613ee

fs/f2fs/file.c

+13 −0

Original line number	Diff line number	Diff line
		@@ -1033,6 +1033,13 @@ int f2fs_setattr(struct mnt_idmap idmap, struct dentry dentry,
		return err;
		}

		/*
		* wait for inflight dio, blocks should be removed after
		* IO completion.
		*/
		if (attr->ia_size < old_size)
		inode_dio_wait(inode);

		f2fs_down_write(&F2FS_I(inode)->i_gc_rwsem[WRITE]);
		filemap_invalidate_lock(inode->i_mapping);

		@@ -1869,6 +1876,12 @@ static long f2fs_fallocate(struct file *file, int mode,
		if (ret)
		goto out;

		/*
		* wait for inflight dio, blocks should be removed after IO
		* completion.
		*/
		inode_dio_wait(inode);

		if (mode & FALLOC_FL_PUNCH_HOLE) {
		if (offset >= inode->i_size)
		goto out;