From: Darrick J. Wong <darrick.wong@xxxxxxxxxx> When writing to a delalloc region in the data fork, commit the new allocations (of the da reservation) as unwritten so that the mappings are only marked written once writeback completes successfully. This fixes the problem of stale data exposure if the system goes down during targeted writeback of a specific region of a file, as tested by generic/042. Signed-off-by: Darrick J. Wong <darrick.wong@xxxxxxxxxx> --- fs/xfs/libxfs/xfs_bmap.c | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/fs/xfs/libxfs/xfs_bmap.c b/fs/xfs/libxfs/xfs_bmap.c index 931edfdca22e..dae5f1734297 100644 --- a/fs/xfs/libxfs/xfs_bmap.c +++ b/fs/xfs/libxfs/xfs_bmap.c @@ -4077,16 +4077,18 @@ xfs_bmapi_allocate( bma->got.br_state = XFS_EXT_NORM; /* - * In the data fork, a wasdelay extent has been initialized, so - * shouldn't be flagged as unwritten. + * In the data fork, the pages backed by a delalloc extent have been + * dirtied but not yet written to disk, so the allocation should be + * marked unwritten. Only after writeback completes successfully + * should we convert those mappings to real, so that a crash during + * writeback won't expose stale disk contents. * * For the cow fork, however, we convert delalloc reservations * (extents allocated for speculative preallocation) to * allocated unwritten extents, and only convert the unwritten * extents to real extents when we're about to write the data. */ - if ((!bma->wasdel || (bma->flags & XFS_BMAPI_COWFORK)) && - (bma->flags & XFS_BMAPI_PREALLOC)) + if (bma->flags & XFS_BMAPI_PREALLOC) bma->got.br_state = XFS_EXT_UNWRITTEN; if (bma->wasdel) @@ -4496,8 +4498,9 @@ xfs_bmapi_convert_delalloc( bma.length = max_t(xfs_filblks_t, bma.got.br_blockcount, MAXEXTLEN); bma.total = XFS_EXTENTADD_SPACE_RES(ip->i_mount, XFS_DATA_FORK); bma.minleft = xfs_bmapi_minleft(tp, ip, whichfork); + bma.flags = XFS_BMAPI_PREALLOC; if (whichfork == XFS_COW_FORK) - bma.flags = XFS_BMAPI_COWFORK | XFS_BMAPI_PREALLOC; + bma.flags |= XFS_BMAPI_COWFORK; if (!xfs_iext_peek_prev_extent(ifp, &bma.icur, &bma.prev)) bma.prev.br_startoff = NULLFILEOFF;
