summaryrefslogtreecommitdiff
path: root/fs/udf/file.c
diff options
context:
space:
mode:
authorJan Kara <jack@suse.cz>2024-05-20 15:23:37 +0200
committerJan Kara <jack@suse.cz>2024-06-05 10:36:46 +0200
commit8832fc1e502687869606bb0a7b79848ed3bf036f (patch)
tree2395facf6bde8c42f55d5bc1821af6edee9c9de0 /fs/udf/file.c
parentc1f1b25a6089eb93a11a147e8de766c0d6ad29ac (diff)
udf: Fix lock ordering in udf_evict_inode()
udf_evict_inode() calls udf_setsize() to truncate deleted inode. However inode deletion through udf_evict_inode() can happen from inode reclaim context and udf_setsize() grabs mapping->invalidate_lock which isn't generally safe to acquire from fs reclaim context since we allocate pages under mapping->invalidate_lock for example in a page fault path. This is however not a real deadlock possibility as by the time udf_evict_inode() is called, nobody can be accessing the inode, even less work with its page cache. So this is just a lockdep triggering false positive. Fix the problem by moving mapping->invalidate_lock locking outsize of udf_setsize() into udf_setattr() as grabbing mapping->invalidate_lock from udf_evict_inode() is pointless. Reported-by: syzbot+0333a6f4b88bcd68a62f@syzkaller.appspotmail.com Fixes: b9a861fd527a ("udf: Protect truncate and file type conversion with invalidate_lock") Signed-off-by: Jan Kara <jack@suse.cz>
Diffstat (limited to 'fs/udf/file.c')
-rw-r--r--fs/udf/file.c2
1 files changed, 2 insertions, 0 deletions
diff --git a/fs/udf/file.c b/fs/udf/file.c
index 97c59585208c..3a4179de316b 100644
--- a/fs/udf/file.c
+++ b/fs/udf/file.c
@@ -232,7 +232,9 @@ static int udf_setattr(struct mnt_idmap *idmap, struct dentry *dentry,
if ((attr->ia_valid & ATTR_SIZE) &&
attr->ia_size != i_size_read(inode)) {
+ filemap_invalidate_lock(inode->i_mapping);
error = udf_setsize(inode, attr->ia_size);
+ filemap_invalidate_unlock(inode->i_mapping);
if (error)
return error;
}
generated by cgit v1.2.3 (git 2.46.0) at 2025-08-27 10:26:47 +0000