udf: Fix race between file type conversion and writeback - linux.git

diff options

author	Jan Kara <jack@suse.cz>	2026-03-26 15:06:32 +0100
committer	Jan Kara <jack@suse.cz>	2026-03-27 17:01:40 +0100
commit	102e57d56f81fa5c5ed78f576101d1bf1b3e6fe2 (patch)
tree	468af3d0dae05dacd6d64a155e0989696e7ad31a /fs/btrfs/disk-io.c
parent	fffca572f9ca51607f180a37d0c898404c8f9112 (diff)

udf: Fix race between file type conversion and writeback

udf_setsize() can race with udf_writepages() as follows: udf_setsize() udf_writepages() if (iinfo->i_alloc_type == ICBTAG_FLAG_AD_IN_ICB) err = udf_expand_file_adinicb(inode); err = udf_extend_file(inode, newsize); udf_adinicb_writepages() memcpy_from_file_folio() - crash because inode size is too big. Fix the problem by checking the file type under folio lock in udf_handle_page_wb() handler called from __mpage_writepages() which properly serializes with udf_expand_file_adinicb(). Reported-by: Jianzhou Zhao <luckd0g@163.com> Link: https://lore.kernel.org/all/f622c01.67ac.19cdbdd777d.Coremail.luckd0g@163.com Reviewed-by: Christoph Hellwig <hch@lst.de> Link: https://patch.msgid.link/20260326140635.15895-4-jack@suse.cz Signed-off-by: Jan Kara <jack@suse.cz>

Diffstat (limited to 'fs/btrfs/disk-io.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: