On Thu, May 25, 2017 at 01:46:22PM +0200, Jan Kara wrote: > mpage_submit_page() can race with another process growing i_size and > writing data via mmap to the written-back page. As mpage_submit_page() > samples i_size too early, it may happen that ext4_bio_write_page() > zeroes out too large tail of the page and thus corrupts user data. > > Fix the problem by sampling i_size only after the page has been > write-protected in page tables by clear_page_dirty_for_io() call. > > Reported-by: Michael Zimmer <michael@xxxxxxxxxxx> > CC: stable@xxxxxxxxxxxxxxx > Fixes: cb20d5188366f04d96d2e07b1240cc92170ade40 > Signed-off-by: Jan Kara <jack@xxxxxxx> Thanks, applied. - Ted