Commit e0391e92 authored by Filipe Manana's avatar Filipe Manana Committed by David Sterba
Browse files

btrfs: fix double inode unlock for direct IO sync writes 



If we do a direct IO sync write, at btrfs_sync_file(), and we need to skip
inode logging or we get an error starting a transaction or an error when
flushing delalloc, we end up unlocking the inode when we shouldn't under
the 'out_release_extents' label, and then unlock it again at
btrfs_direct_write().

Fix that by checking if we have to skip inode unlocking under that label.

Reported-by: default avatar <syzbot+7dbbb74af6291b5a5a8b@syzkaller.appspotmail.com>
Link: https://lore.kernel.org/linux-btrfs/000000000000dfd631061eaeb4bc@google.com/


Fixes: 939b656b ("btrfs: fix corruption after buffer fault in during direct IO append write")
Reviewed-by: default avatarJosef Bacik <josef@toxicpanda.com>
Signed-off-by: default avatarFilipe Manana <fdmanana@suse.com>
Signed-off-by: default avatarDavid Sterba <dsterba@suse.com>
parent 1e7bec1f

fs/btrfs/file.c

+4 −1
Original line number Diff line number Diff line
@@ -1868,6 +1868,9 @@ int btrfs_sync_file(struct file *file, loff_t start, loff_t end, int datasync) 


out_release_extents:

	btrfs_release_log_ctx_extents(&ctx);

	if (skip_ilock)

		up_write(&inode->i_mmap_lock);

	else

		btrfs_inode_unlock(inode, BTRFS_ILOCK_MMAP);

	goto out;

}