From 8d70af17e76ff73cd6c23163717b1f5cbea11855 Mon Sep 17 00:00:00 2001 From: Miklos Szeredi Date: Wed, 26 May 2021 20:55:45 +0800 Subject: [PATCH] fuse: update attr_version counter on fuse_notify_inval_inode() mainline inclusion from mainline-v5.8-rc1 commit 5ddd9ced9aef6cfa76af27d384c17c9e2d610ce8 category: bugfix bugzilla: 37636 CVE: NA ------------------------------------------------- A GETATTR request can race with FUSE_NOTIFY_INVAL_INODE, resulting in the attribute cache being updated with stale information after the invalidation. Fix this by bumping the attribute version in fuse_reverse_inval_inode(). Reported-by: Krzysztof Rusek Signed-off-by: Miklos Szeredi Conflict: fs/fuse/inode.c a. commit f15ecfef058d ("fuse: Introduce fi->lock to protect write related fields") is not backported, 'fi->lock' do not exist. b. commit 4510d86fbbb3 ("fuse: Convert fc->attr_version into atomic64_t") is not backported, 'fc->lock' is needed to read 'fc->attr_version'. Signed-off-by: Yu Kuai Reviewed-by: Zhang Yi Signed-off-by: Yang Yingliang --- fs/fuse/inode.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/fs/fuse/inode.c b/fs/fuse/inode.c index 821597c61884..e245e0d40504 100644 --- a/fs/fuse/inode.c +++ b/fs/fuse/inode.c @@ -334,6 +334,8 @@ struct inode *fuse_iget(struct super_block *sb, u64 nodeid, int fuse_reverse_inval_inode(struct super_block *sb, u64 nodeid, loff_t offset, loff_t len) { + struct fuse_conn *fc = get_fuse_conn_super(sb); + struct fuse_inode *fi; struct inode *inode; pgoff_t pg_start; pgoff_t pg_end; @@ -342,6 +344,11 @@ int fuse_reverse_inval_inode(struct super_block *sb, u64 nodeid, if (!inode) return -ENOENT; + fi = get_fuse_inode(inode); + spin_lock(&fc->lock); + fi->attr_version = ++fc->attr_version; + spin_unlock(&fc->lock); + fuse_invalidate_attr(inode); forget_all_cached_acls(inode); if (offset >= 0) { -- GitLab