2014-02-04, OGAWA Hirofumi <hirofumi@xxxxxxxxxxxxxxxxxx>: > Namjae Jeon <linkinjeon@xxxxxxxxx> writes: > >>>> /* fat_get_cluster() assumes the requested blocknr isn't truncated. >>>> */ >>>> down_read(&MSDOS_I(mapping->host)->truncate_lock); >>>> + /* To get block number beyond file size in fallocated region */ >>>> + atomic_set(&MSDOS_I(mapping->host)->beyond_isize, 1); >>>> blocknr = generic_block_bmap(mapping, block, fat_get_block); >>>> + atomic_set(&MSDOS_I(mapping->host)->beyond_isize, 0); >>>> up_read(&MSDOS_I(mapping->host)->truncate_lock); >>> >>> This is racy. While user is using bmap, kernel can allocate new blocks. >>> We should use another function for this. >> I understand that fat can map fallocated blocks in read case while >> user is using bmap. >> But I can not find the case allocate new blocks. >> If I am missing something, Could you please elaborate more ? >> Is it a case of _bmap request returning the block number for block >> allocated in parallel write path ? > > ->beyond_size is global for inode. So, write(2) path on same inode with > bmap() also can see 1 set by bmap() while another process is using bmap(). 'create' flag will be 1 in write(2) path. ->beyond_isize will only be checked when 'create' flag is 0. Is there any case to be racy by beyond_isize in write(2) path ? Thanks. > -- > OGAWA Hirofumi <hirofumi@xxxxxxxxxxxxxxxxxx> > -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
