On Tue, Nov 14, 2023 at 05:32:51PM +0200, Amir Goldstein wrote:
> In vfs code, sb_start_write() is usually called after the permission hook
> in rw_verify_area(). vfs_iocb_iter_write() is an exception to this rule,
> where kiocb_start_write() is called by its callers.
>
> Move kiocb_start_write() from the callers into vfs_iocb_iter_write()
> after the rw_verify_area() checks, to make them "start-write-safe".
>
> This is needed for fanotify "pre content" events.
>
> Suggested-by: Jan Kara <jack@xxxxxxx>
> Signed-off-by: Amir Goldstein <amir73il@xxxxxxxxx>
> ---
> fs/cachefiles/io.c | 2 --
> fs/overlayfs/file.c | 1 -
> fs/read_write.c | 2 ++
> 3 files changed, 2 insertions(+), 3 deletions(-)
>
> diff --git a/fs/cachefiles/io.c b/fs/cachefiles/io.c
> index 009d23cd435b..3d3667807636 100644
> --- a/fs/cachefiles/io.c
> +++ b/fs/cachefiles/io.c
> @@ -319,8 +319,6 @@ int __cachefiles_write(struct cachefiles_object *object,
> ki->iocb.ki_complete = cachefiles_write_complete;
> atomic_long_add(ki->b_writing, &cache->b_writing);
>
> - kiocb_start_write(&ki->iocb);
> -
This bit is subtly wrong, there's a little bit below that does
ret = cachefiles_inject_write_error();
if (ret == 0)
ret = vfs_iocb_iter_write(file, &ki->iocb, iter);
If cachefiles_inject_write_error() returns non-zero it'll fallthrough below and
call cachefiles_write_complete() and complete the kiocb that hasn't started yet.
Thanks,
Josef
