>>> On 04.11.14 at 16:33, <jack@xxxxxxx> wrote: > On Tue 04-11-14 12:20:26, Jan Beulich wrote: >> >>> On 04.11.14 at 12:43, <"jack@xxxxxxx".non-mime.internet> wrote: >> > --- a/mm/truncate.c >> > +++ b/mm/truncate.c >> > @@ -743,10 +743,13 @@ EXPORT_SYMBOL(truncate_setsize); >> > * changed. >> > * >> > * The function must be called after i_size is updated so that page fault >> > - * coming after we unlock the page will already see the new i_size. >> > - * The function must be called while we still hold i_mutex - this not only >> > - * makes sure i_size is stable but also that userspace cannot observe new >> > - * i_size value before we are prepared to store mmap writes at new inode > size. >> > + * coming after we unlock the page will already see the new i_size. The > caller >> > + * must make sure (generally by holding i_mutex but e.g. XFS uses its > private >> > + * lock) i_size cannot change from the new value while we are called. It > must >> > + * also make sure userspace cannot observe new i_size value before we are >> > + * prepared to store mmap writes upto new inode size (otherwise userspace > could >> > + * think it stored data via mmap within i_size but they would get zeroed > due to >> > + * writeback & reclaim because they have no backing blocks). >> > */ >> > void pagecache_isize_extended(struct inode *inode, loff_t from, loff_t to) >> > { >> >> May I suggest that the comment preceding truncate_setsize() also be >> updated/removed? > But that comment is actually still true AFAICT because VFS takes i_mutex > before calling into ->setattr(). So we hold i_mutex in truncate_setsize() > even for XFS. I doubt that, especially in the light of the WARN_ON() that prompted all this: [<ffffffff810053fa>] dump_trace+0x7a/0x350 [<ffffffff810050de>] show_stack_log_lvl+0xee/0x150 [<ffffffff810064fc>] show_stack+0x1c/0x50 [<ffffffff8138e4e3>] dump_stack+0x68/0x7d [<ffffffff81042c82>] warn_slowpath_common+0x82/0xb0 [<ffffffff810d3831>] pagecache_isize_extended+0x121/0x130 [<ffffffff810d4689>] truncate_setsize+0x29/0x50 [<ffffffffa056705f>] xfs_setattr_size+0x12f/0x440 [xfs] [<ffffffffa055cbf7>] xfs_file_fallocate+0x297/0x310 [xfs] [<ffffffff81111b59>] do_fallocate+0x169/0x190 [<ffffffff8111206e>] SyS_fallocate+0x4e/0x90 [<ffffffff81392712>] system_call_fastpath+0x12/0x17 [<00007f0e6bdddf45>] 0x7f0e6bdddf45 I.e. truncate_setsize() is being called here without the mutex held (or else the WARN_ON() wouldn't have got triggered in the first place). Jan -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@xxxxxxxxx. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: <a href