[PATCH 02/24] cachefiles: Fix non-taking of sb_writers around set/removexattr

[David Howells]

Unlike other vfs_xxxx() calls, vfs_setxattr() and vfs_removexattr() don't
take the sb_writers lock, so the caller should do it for them.

Fix cachefiles to do this.

Fixes: 9ae326a69004 ("CacheFiles: A cache that backs onto a mounted filesystem")
Signed-off-by: David Howells <dhowe...@redhat.com>
cc: Christian Brauner <brau...@kernel.org>
cc: Gao Xiang <xi...@kernel.org>
cc: ne...@lists.linux.dev
cc: linux-erofs@lists.ozlabs.org
cc: linux-fsde...@vger.kernel.org
---
 fs/cachefiles/xattr.c | 34 ++++++++++++++++++++++++++--------
 1 file changed, 26 insertions(+), 8 deletions(-)

diff --git a/fs/cachefiles/xattr.c b/fs/cachefiles/xattr.c
index 4dd8a993c60a..7c6f260a3be5 100644
--- a/fs/cachefiles/xattr.c
+++ b/fs/cachefiles/xattr.c
@@ -64,9 +64,15 @@ int cachefiles_set_object_xattr(struct cachefiles_object 
*object)
                memcpy(buf->data, fscache_get_aux(object->cookie), len);
 
        ret = cachefiles_inject_write_error();
-       if (ret == 0)
-               ret = vfs_setxattr(&nop_mnt_idmap, dentry, 
cachefiles_xattr_cache,
-                                  buf, sizeof(struct cachefiles_xattr) + len, 
0);
+       if (ret == 0) {
+               ret = mnt_want_write_file(file);
+               if (ret == 0) {
+                       ret = vfs_setxattr(&nop_mnt_idmap, dentry,
+                                          cachefiles_xattr_cache, buf,
+                                          sizeof(struct cachefiles_xattr) + 
len, 0);
+                       mnt_drop_write_file(file);
+               }
+       }
        if (ret < 0) {
                trace_cachefiles_vfs_error(object, file_inode(file), ret,
                                           cachefiles_trace_setxattr_error);
@@ -151,8 +157,14 @@ int cachefiles_remove_object_xattr(struct cachefiles_cache 
*cache,
        int ret;
 
        ret = cachefiles_inject_remove_error();
-       if (ret == 0)
-               ret = vfs_removexattr(&nop_mnt_idmap, dentry, 
cachefiles_xattr_cache);
+       if (ret == 0) {
+               ret = mnt_want_write(cache->mnt);
+               if (ret == 0) {
+                       ret = vfs_removexattr(&nop_mnt_idmap, dentry,
+                                             cachefiles_xattr_cache);
+                       mnt_drop_write(cache->mnt);
+               }
+       }
        if (ret < 0) {
                trace_cachefiles_vfs_error(object, d_inode(dentry), ret,
                                           cachefiles_trace_remxattr_error);
@@ -208,9 +220,15 @@ bool cachefiles_set_volume_xattr(struct cachefiles_volume 
*volume)
        memcpy(buf->data, p, volume->vcookie->coherency_len);
 
        ret = cachefiles_inject_write_error();
-       if (ret == 0)
-               ret = vfs_setxattr(&nop_mnt_idmap, dentry, 
cachefiles_xattr_cache,
-                                  buf, len, 0);
+       if (ret == 0) {
+               ret = mnt_want_write(volume->cache->mnt);
+               if (ret == 0) {
+                       ret = vfs_setxattr(&nop_mnt_idmap, dentry,
+                                          cachefiles_xattr_cache,
+                                          buf, len, 0);
+                       mnt_drop_write(volume->cache->mnt);
+               }
+       }
        if (ret < 0) {
                trace_cachefiles_vfs_error(NULL, d_inode(dentry), ret,
                                           cachefiles_trace_setxattr_error);