On Sat, Aug 17, 2013 at 10:12:27AM -0400, Theodore Ts'o wrote: > On Mon, Aug 05, 2013 at 03:52:24PM +0200, Jan Kara wrote: > > The following race can lead to a loss of i_disksize update from truncate > > thus resulting in a wrong inode size if the inode size isn't updated > > again before inode is reclaimed: > > > > ext4_setattr() mpage_map_and_submit_extent() > > EXT4_I(inode)->i_disksize = attr->ia_size; > > ... ... > > disksize = ((loff_t)mpd->first_page) << PAGE_CACHE_SHIFT > > /* False because i_size isn't > > * updated yet */ > > if (disksize > i_size_read(inode)) > > /* True, because i_disksize is > > * already truncated */ > > if (disksize > EXT4_I(inode)->i_disksize) > > /* Overwrite i_disksize > > * update from truncate */ > > ext4_update_i_disksize() > > i_size_write(inode, attr->ia_size); > > > > For other places updating i_disksize such race cannot happen because > > i_mutex prevents these races. Writeback is the only place where we do > > not hold i_mutex and we cannot grab it there because of lock ordering. > > > > We fix the race by doing both i_disksize and i_size update in truncate > > atomically under i_data_sem and in mpage_map_and_submit_extent() we move > > the check against i_size under i_data_sem as well. > > > > Signed-off-by: Jan Kara <jack@xxxxxxx> > > Applied, thanks. Is this queued for 3.11 ? 1k blocksize fs's are still broken in rc7. Dave -- To unsubscribe from this list: send the line "unsubscribe linux-ext4" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
