diff options
| author | Eric Biggers <ebiggers@google.com> | 2020-06-28 00:00:57 -0700 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2020-10-30 10:38:30 +0100 |
| commit | 7a1e074bc18d32718edcde0a0ad75fff262a4410 (patch) | |
| tree | 8bd1019061086087adcfcb83aa9f9e98362b2912 | |
| parent | bad3576faaac16e41f0db3218f25b72c0523161d (diff) | |
| download | linux-stable-7a1e074bc18d32718edcde0a0ad75fff262a4410.tar.gz linux-stable-7a1e074bc18d32718edcde0a0ad75fff262a4410.tar.bz2 linux-stable-7a1e074bc18d32718edcde0a0ad75fff262a4410.zip | |
reiserfs: only call unlock_new_inode() if I_NEW
[ Upstream commit 8859bf2b1278d064a139e3031451524a49a56bd0 ]
unlock_new_inode() is only meant to be called after a new inode has
already been inserted into the hash table. But reiserfs_new_inode() can
call it even before it has inserted the inode, triggering the WARNING in
unlock_new_inode(). Fix this by only calling unlock_new_inode() if the
inode has the I_NEW flag set, indicating that it's in the table.
This addresses the syzbot report "WARNING in unlock_new_inode"
(https://syzkaller.appspot.com/bug?extid=187510916eb6a14598f7).
Link: https://lore.kernel.org/r/20200628070057.820213-1-ebiggers@kernel.org
Reported-by: syzbot+187510916eb6a14598f7@syzkaller.appspotmail.com
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Sasha Levin <sashal@kernel.org>
| -rw-r--r-- | fs/reiserfs/inode.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/fs/reiserfs/inode.c b/fs/reiserfs/inode.c index 70387650436c..ac35ddf0dd60 100644 --- a/fs/reiserfs/inode.c +++ b/fs/reiserfs/inode.c @@ -2161,7 +2161,8 @@ out_end_trans: out_inserted_sd: clear_nlink(inode); th->t_trans_id = 0; /* so the caller can't use this handle later */ - unlock_new_inode(inode); /* OK to do even if we hadn't locked it */ + if (inode->i_state & I_NEW) + unlock_new_inode(inode); iput(inode); return err; } |