ext4: fix data corruption for mmap writes
commit a056bdaa upstream. mpage_submit_page() can race with another process growing i_size and writing data via mmap to the written-back page. As mpage_submit_page() samples i_size too early, it may happen that ext4_bio_write_page() zeroes out too large tail of the page and thus corrupts user data. Fix the problem by sampling i_size only after the page has been write-protected in page tables by clear_page_dirty_for_io() call. Reported-by: Michael Zimmer <michael@swarm64.com> Fixes: cb20d518Signed-off-by: Jan Kara <jack@suse.cz> Signed-off-by: Theodore Ts'o <tytso@mit.edu> [bwh: Backported to 3.2: The writeback path is very different here and it needs to read i_size long before calling clear_page_dirty_for_io(). So read it twice and skip the page if it changed.] Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Showing
Please register or sign in to comment