udf: Protect udf_file_aio_write from possible races

Code doing conversion from INICB file to a normal file in udf_file_aio_write()
is not protected by any lock from other code modifying the inode. Use
i_alloc_sem for that.

Reported-by: Alessio Igor Bogani <abogani@texware.it>
Signed-off-by: Jan Kara <jack@suse.cz>

diff --git a/fs/udf/file.c b/fs/udf/file.c
index 4e3bbd81b57ba7652d1ade3e9c40332a648eacdf..89c78486cbbe589ff899350eba218e41334f1719 100644 (file)
--- a/fs/udf/file.c
+++ b/fs/udf/file.c
@@ -113,6 +113,7 @@ static ssize_t udf_file_aio_write(struct kiocb *iocb, const struct iovec *iov,
        size_t count = iocb->ki_left;
        struct udf_inode_info *iinfo = UDF_I(inode);
 
+       down_write(&iinfo->i_data_sem);
        if (iinfo->i_alloc_type == ICBTAG_FLAG_AD_IN_ICB) {
                if (file->f_flags & O_APPEND)
                        pos = inode->i_size;
@@ -125,6 +126,7 @@ static ssize_t udf_file_aio_write(struct kiocb *iocb, const struct iovec *iov,
                        udf_expand_file_adinicb(inode, pos + count, &err);
                        if (iinfo->i_alloc_type == ICBTAG_FLAG_AD_IN_ICB) {
                                udf_debug("udf_expand_adinicb: err=%d\n", err);
+                               up_write(&iinfo->i_data_sem);
                                return err;
                        }
                } else {
@@ -134,6 +136,7 @@ static ssize_t udf_file_aio_write(struct kiocb *iocb, const struct iovec *iov,
                                iinfo->i_lenAlloc = inode->i_size;
                }
        }
+       up_write(&iinfo->i_data_sem);
 
        retval = generic_file_aio_write(iocb, iov, nr_segs, ppos);
        if (retval > 0)