From: Konstantin Komarov almaz.alexandrovich@paragon-software.com
commit 031d6f608290c847ba6378322d0986d08d1a645a upstream.
Reported-by: syzbot+8c652f14a0fde76ff11d@syzkaller.appspotmail.com Signed-off-by: Konstantin Komarov almaz.alexandrovich@paragon-software.com Signed-off-by: Bin Lan bin.lan.cn@windriver.com Signed-off-by: Sasha Levin sashal@kernel.org Signed-off-by: Suraj Jitindar Singh surajjs@amazon.com --- fs/ntfs3/file.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-)
diff --git a/fs/ntfs3/file.c b/fs/ntfs3/file.c index af7e138064624..2d5d234a4533d 100644 --- a/fs/ntfs3/file.c +++ b/fs/ntfs3/file.c @@ -1192,8 +1192,16 @@ static int ntfs_file_release(struct inode *inode, struct file *file) int err = 0;
/* If we are last writer on the inode, drop the block reservation. */ - if (sbi->options->prealloc && ((file->f_mode & FMODE_WRITE) && - atomic_read(&inode->i_writecount) == 1)) { + if (sbi->options->prealloc && + ((file->f_mode & FMODE_WRITE) && + atomic_read(&inode->i_writecount) == 1) + /* + * The only file when inode->i_fop = &ntfs_file_operations and + * init_rwsem(&ni->file.run_lock) is not called explicitly is MFT. + * + * Add additional check here. + */ + && inode->i_ino != MFT_REC_MFT) { ni_lock(ni); down_write(&ni->file.run_lock);
[ Sasha's backport helper bot ]
Hi,
The upstream commit SHA1 provided is correct: 031d6f608290c847ba6378322d0986d08d1a645a
WARNING: Author mismatch between patch and upstream commit: Backport author: Suraj Jitindar Singhsurajjs@amazon.com Commit author: Konstantin Komarovalmaz.alexandrovich@paragon-software.com
Status in newer kernel trees: 6.12.y | Present (exact SHA1) 6.6.y | Present (different SHA1: 550ef40fa636) 6.1.y | Present (different SHA1: d1ac7e262030) 5.15.y | Not found
Note: The patch differs from the upstream commit: --- 1: 031d6f608290c ! 1: 4e423d945bbe7 fs/ntfs3: Additional check in ntfs_file_release @@ Metadata ## Commit message ## fs/ntfs3: Additional check in ntfs_file_release
+ commit 031d6f608290c847ba6378322d0986d08d1a645a upstream. + Reported-by: syzbot+8c652f14a0fde76ff11d@syzkaller.appspotmail.com Signed-off-by: Konstantin Komarov almaz.alexandrovich@paragon-software.com + Signed-off-by: Bin Lan bin.lan.cn@windriver.com + Signed-off-by: Sasha Levin sashal@kernel.org + Signed-off-by: Suraj Jitindar Singh surajjs@amazon.com
## fs/ntfs3/file.c ## @@ fs/ntfs3/file.c: static int ntfs_file_release(struct inode *inode, struct file *file) + int err = 0; + /* If we are last writer on the inode, drop the block reservation. */ - if (sbi->options->prealloc && - ((file->f_mode & FMODE_WRITE) && -- atomic_read(&inode->i_writecount) == 1)) { +- if (sbi->options->prealloc && ((file->f_mode & FMODE_WRITE) && +- atomic_read(&inode->i_writecount) == 1)) { ++ if (sbi->options->prealloc && ++ ((file->f_mode & FMODE_WRITE) && + atomic_read(&inode->i_writecount) == 1) + /* + * The only file when inode->i_fop = &ntfs_file_operations and ---
Results of testing on various branches:
| Branch | Patch Apply | Build Test | |---------------------------|-------------|------------| | stable/linux-5.15.y | Success | Success |
linux-stable-mirror@lists.linaro.org
-
Sasha Levin -
Suraj Jitindar Singh