[PATCH] fuse: Fix deadlock on open(O_TRUNC)

Xie Yongji <xieyongji@xxxxxxxxxxxxx> · Fri, 13 Aug 2021 17:31:55 +0800

The invalidate_inode_pages2() might be called with FUSE_NOWRITE
set in fuse_finish_open(), which can lead to deadlock in
fuse_launder_page().

To fix it, this tries to delay calling invalidate_inode_pages2()
until FUSE_NOWRITE is removed.

Fixes: e4648309b85a ("fuse: truncate pending writes on O_TRUNC")
Signed-off-by: Xie Yongji <xieyongji@xxxxxxxxxxxxx>
---
 fs/fuse/dir.c    |  2 +-
 fs/fuse/file.c   | 19 +++++++++++++++----
 fs/fuse/fuse_i.h |  2 +-
 3 files changed, 17 insertions(+), 6 deletions(-)

diff --git a/fs/fuse/dir.c b/fs/fuse/dir.c
index eade6f965b2e..d919c3e89cb0 100644
--- a/fs/fuse/dir.c
+++ b/fs/fuse/dir.c
@@ -548,7 +548,7 @@ static int fuse_create_open(struct inode *dir, struct dentry *entry,
 		fuse_sync_release(fi, ff, flags);
 	} else {
 		file->private_data = ff;
-		fuse_finish_open(inode, file);
+		fuse_finish_open(inode, file, false);
 	}
 	return err;
 
diff --git a/fs/fuse/file.c b/fs/fuse/file.c
index 97f860cfc195..035af9c88eaf 100644
--- a/fs/fuse/file.c
+++ b/fs/fuse/file.c
@@ -193,12 +193,12 @@ static void fuse_link_write_file(struct file *file)
 	spin_unlock(&fi->lock);
 }
 
-void fuse_finish_open(struct inode *inode, struct file *file)
+void fuse_finish_open(struct inode *inode, struct file *file, bool no_write)
 {
 	struct fuse_file *ff = file->private_data;
 	struct fuse_conn *fc = get_fuse_conn(inode);
 
-	if (!(ff->open_flags & FOPEN_KEEP_CACHE))
+	if (!(ff->open_flags & FOPEN_KEEP_CACHE) && !no_write)
 		invalidate_inode_pages2(inode->i_mapping);
 	if (ff->open_flags & FOPEN_STREAM)
 		stream_open(inode, file);
@@ -229,6 +229,7 @@ int fuse_open_common(struct inode *inode, struct file *file, bool isdir)
 			  fc->writeback_cache;
 	bool dax_truncate = (file->f_flags & O_TRUNC) &&
 			  fc->atomic_o_trunc && FUSE_IS_DAX(inode);
+	bool keep_cache = true;
 
 	if (fuse_is_bad(inode))
 		return -EIO;
@@ -250,8 +251,12 @@ int fuse_open_common(struct inode *inode, struct file *file, bool isdir)
 	}
 
 	err = fuse_do_open(fm, get_node_id(inode), file, isdir);
-	if (!err)
-		fuse_finish_open(inode, file);
+	if (!err) {
+		struct fuse_file *ff = file->private_data;
+
+		fuse_finish_open(inode, file, is_wb_truncate | dax_truncate);
+		keep_cache = ff->open_flags & FOPEN_KEEP_CACHE;
+	}
 
 out:
 	if (dax_truncate)
@@ -259,6 +264,12 @@ int fuse_open_common(struct inode *inode, struct file *file, bool isdir)
 
 	if (is_wb_truncate | dax_truncate) {
 		fuse_release_nowrite(inode);
+		/*
+		 * Only call invalidate_inode_pages2() after removing
+		 * FUSE_NOWRITE, otherwise fuse_launder_page() would deadlock.
+		 */
+		if (!keep_cache)
+			invalidate_inode_pages2(inode->i_mapping);
 		inode_unlock(inode);
 	}
 
diff --git a/fs/fuse/fuse_i.h b/fs/fuse/fuse_i.h
index 07829ce78695..8a8830e2cc7f 100644
--- a/fs/fuse/fuse_i.h
+++ b/fs/fuse/fuse_i.h
@@ -969,7 +969,7 @@ int fuse_open_common(struct inode *inode, struct file *file, bool isdir);
 
 struct fuse_file *fuse_file_alloc(struct fuse_mount *fm);
 void fuse_file_free(struct fuse_file *ff);
-void fuse_finish_open(struct inode *inode, struct file *file);
+void fuse_finish_open(struct inode *inode, struct file *file, bool no_write);
 
 void fuse_sync_release(struct fuse_inode *fi, struct fuse_file *ff,
 		       unsigned int flags);
-- 
2.11.0







