diff options
author | Jeff Moyer <jmoyer@redhat.com> | 2012-02-20 17:59:24 -0500 |
---|---|---|
committer | Theodore Ts'o <tytso@mit.edu> | 2012-02-20 17:59:24 -0500 |
commit | 266991b13890049ee1a6bb95b9817f06339ee3d7 (patch) | |
tree | 55c4f0e3c0b978e563ced079002bcf7ea60d9767 /fs/ext4/ext4.h | |
parent | d4dc462f556afe510d58d3b12b3d66c2cabff539 (diff) | |
download | lwn-266991b13890049ee1a6bb95b9817f06339ee3d7.tar.gz lwn-266991b13890049ee1a6bb95b9817f06339ee3d7.zip |
ext4: fix race between unwritten extent conversion and truncate
The following comment in ext4_end_io_dio caught my attention:
/* XXX: probably should move into the real I/O completion handler */
inode_dio_done(inode);
The truncate code takes i_mutex, then calls inode_dio_wait. Because the
ext4 code path above will end up dropping the mutex before it is
reacquired by the worker thread that does the extent conversion, it
seems to me that the truncate can happen out of order. Jan Kara
mentioned that this might result in error messages in the system logs,
but that should be the extent of the "damage."
The fix is pretty straight-forward: don't call inode_dio_done until the
extent conversion is complete.
Reviewed-by: Jan Kara <jack@suse.cz>
Signed-off-by: Jeff Moyer <jmoyer@redhat.com>
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
Cc: stable@vger.kernel.org
Diffstat (limited to 'fs/ext4/ext4.h')
-rw-r--r-- | fs/ext4/ext4.h | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/fs/ext4/ext4.h b/fs/ext4/ext4.h index c2314dcbe4fb..4076746d721d 100644 --- a/fs/ext4/ext4.h +++ b/fs/ext4/ext4.h @@ -184,6 +184,7 @@ struct mpage_da_data { #define EXT4_IO_END_UNWRITTEN 0x0001 #define EXT4_IO_END_ERROR 0x0002 #define EXT4_IO_END_QUEUED 0x0004 +#define EXT4_IO_END_DIRECT 0x0008 struct ext4_io_page { struct page *p_page; |