• Jan Kara's avatar
    ext4: fix lost truncate due to race with writeback · 90e775b7
    Jan Kara authored
    The following race can lead to a loss of i_disksize update from truncate
    thus resulting in a wrong inode size if the inode size isn't updated
    again before inode is reclaimed:
    
    ext4_setattr()				mpage_map_and_submit_extent()
      EXT4_I(inode)->i_disksize = attr->ia_size;
      ...					  ...
    					  disksize = ((loff_t)mpd->first_page) << PAGE_CACHE_SHIFT
    					  /* False because i_size isn't
    					   * updated yet */
    					  if (disksize > i_size_read(inode))
    					  /* True, because i_disksize is
    					   * already truncated */
    					  if (disksize > EXT4_I(inode)->i_disksize)
    					    /* Overwrite i_disksize
    					     * update from truncate */
    					    ext4_update_i_disksize()
      i_size_write(inode, attr->ia_size);
    
    For other places updating i_disksize such race cannot happen because
    i_mutex prevents these races. Writeback is the only place where we do
    not hold i_mutex and we cannot grab it there because of lock ordering.
    
    We fix the race by doing both i_disksize and i_size update in truncate
    atomically under i_data_sem and in mpage_map_and_submit_extent() we move
    the check against i_size under i_data_sem as well.
    Signed-off-by: default avatarJan Kara <jack@suse.cz>
    Signed-off-by: default avatar"Theodore Ts'o" <tytso@mit.edu>
    Cc: stable@vger.kernel.org
    90e775b7
ext4.h 99.8 KB