summaryrefslogtreecommitdiff
path: root/fs/fuse/file.c
diff options
context:
space:
mode:
authorMiklos Szeredi <mszeredi@redhat.com>2020-11-11 19:22:31 +0300
committerMiklos Szeredi <mszeredi@redhat.com>2020-11-11 19:22:31 +0300
commit3993382bb3198cc5e263c3519418e716bd57b056 (patch)
treea2d97126ba8c865f429696c7797894fb0dbf8aff /fs/fuse/file.c
parent3650b228f83adda7e5ee532e2b90429c03f7b9ec (diff)
downloadlinux-3993382bb3198cc5e263c3519418e716bd57b056.tar.xz
fuse: launder page should wait for page writeback
Qian Cai reports that the WARNING in tree_insert() can be triggered by a fuzzer with the following call chain: invalidate_inode_pages2_range() fuse_launder_page() fuse_writepage_locked() tree_insert() The reason is that another write for the same page is already queued. The simplest fix is to wait until the pending write is completed and only after that queue the new write. Since this case is very rare, the additional wait should not be a problem. Reported-by: Qian Cai <cai@redhat.com> Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Diffstat (limited to 'fs/fuse/file.c')
-rw-r--r--fs/fuse/file.c3
1 files changed, 3 insertions, 0 deletions
diff --git a/fs/fuse/file.c b/fs/fuse/file.c
index c03034e8c152..41b1e14f3820 100644
--- a/fs/fuse/file.c
+++ b/fs/fuse/file.c
@@ -2281,6 +2281,9 @@ static int fuse_launder_page(struct page *page)
int err = 0;
if (clear_page_dirty_for_io(page)) {
struct inode *inode = page->mapping->host;
+
+ /* Serialize with pending writeback for the same page */
+ fuse_wait_on_page_writeback(inode, page->index);
err = fuse_writepage_locked(page);
if (!err)
fuse_wait_on_page_writeback(inode, page->index);