On Mon, Aug 05, 2013 at 03:52:24PM +0200, Jan Kara wrote: > The following race can lead to a loss of i_disksize update from truncate > thus resulting in a wrong inode size if the inode size isn't updated > again before inode is reclaimed: > > ext4_setattr() mpage_map_and_submit_extent() > EXT4_I(inode)->i_disksize = attr->ia_size; > ... ... > disksize = ((loff_t)mpd->first_page) << PAGE_CACHE_SHIFT > /* False because i_size isn't > * updated yet */ > if (disksize > i_size_read(inode)) > /* True, because i_disksize is > * already truncated */ > if (disksize > EXT4_I(inode)->i_disksize) > /* Overwrite i_disksize > * update from truncate */ > ext4_update_i_disksize() > i_size_write(inode, attr->ia_size); > > For other places updating i_disksize such race cannot happen because > i_mutex prevents these races. Writeback is the only place where we do > not hold i_mutex and we cannot grab it there because of lock ordering. > > We fix the race by doing both i_disksize and i_size update in truncate > atomically under i_data_sem and in mpage_map_and_submit_extent() we move > the check against i_size under i_data_sem as well. > > Signed-off-by: Jan Kara <jack@xxxxxxx> Applied, thanks. - Ted -- To unsubscribe from this list: send the line "unsubscribe linux-ext4" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
