This is a note to let you know that I've just added the patch titled fuse: lock inode unconditionally in fuse_fallocate() to the 5.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: fuse-lock-inode-unconditionally-in-fuse_fallocate.patch and it can be found in the queue-5.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable@xxxxxxxxxxxxxxx> know about it. >From 44361e8cf9ddb23f17bdcc40ca944abf32e83e79 Mon Sep 17 00:00:00 2001 From: Miklos Szeredi <mszeredi@xxxxxxxxxx> Date: Wed, 23 Nov 2022 09:10:42 +0100 Subject: fuse: lock inode unconditionally in fuse_fallocate() From: Miklos Szeredi <mszeredi@xxxxxxxxxx> commit 44361e8cf9ddb23f17bdcc40ca944abf32e83e79 upstream. file_modified() must be called with inode lock held. fuse_fallocate() didn't lock the inode in case of just FALLOC_KEEP_SIZE flags value, which resulted in a kernel Warning in notify_change(). Lock the inode unconditionally, like all other fallocate implementations do. Reported-by: Pengfei Xu <pengfei.xu@xxxxxxxxx> Reported-and-tested-by: syzbot+462da39f0667b357c4b6@xxxxxxxxxxxxxxxxxxxxxxxxx Fixes: 4a6f278d4827 ("fuse: add file_modified() to fallocate") Signed-off-by: Miklos Szeredi <mszeredi@xxxxxxxxxx> Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> --- fs/fuse/file.c | 22 ++++++++-------------- 1 file changed, 8 insertions(+), 14 deletions(-) --- a/fs/fuse/file.c +++ b/fs/fuse/file.c @@ -3212,24 +3212,19 @@ static long fuse_file_fallocate(struct f .mode = mode }; int err; - bool lock_inode = !(mode & FALLOC_FL_KEEP_SIZE) || - (mode & FALLOC_FL_PUNCH_HOLE); - if (mode & ~(FALLOC_FL_KEEP_SIZE | FALLOC_FL_PUNCH_HOLE)) return -EOPNOTSUPP; if (fc->no_fallocate) return -EOPNOTSUPP; - if (lock_inode) { - inode_lock(inode); - if (mode & FALLOC_FL_PUNCH_HOLE) { - loff_t endbyte = offset + length - 1; - - err = fuse_writeback_range(inode, offset, endbyte); - if (err) - goto out; - } + inode_lock(inode); + if (mode & FALLOC_FL_PUNCH_HOLE) { + loff_t endbyte = offset + length - 1; + + err = fuse_writeback_range(inode, offset, endbyte); + if (err) + goto out; } if (!(mode & FALLOC_FL_KEEP_SIZE) && @@ -3276,8 +3271,7 @@ out: if (!(mode & FALLOC_FL_KEEP_SIZE)) clear_bit(FUSE_I_SIZE_UNSTABLE, &fi->state); - if (lock_inode) - inode_unlock(inode); + inode_unlock(inode); return err; } Patches currently in stable-queue which might be from mszeredi@xxxxxxxxxx are queue-5.4/fuse-lock-inode-unconditionally-in-fuse_fallocate.patch