Commit b1f38217 authored by Ross Zwisler's avatar Ross Zwisler Committed by Theodore Ts'o

ext4: close race between direct IO and ext4_break_layouts()

If the refcount of a page is lowered between the time that it is returned
by dax_busy_page() and when the refcount is again checked in
ext4_break_layouts() => ___wait_var_event(), the waiting function
ext4_wait_dax_page() will never be called.  This means that
ext4_break_layouts() will still have 'retry' set to false, so we'll stop
looping and never check the refcount of other pages in this inode.

Instead, always continue looping as long as dax_layout_busy_page() gives us
a page which it found with an elevated refcount.
Signed-off-by: default avatarRoss Zwisler <ross.zwisler@linux.intel.com>
Reviewed-by: default avatarJan Kara <jack@suse.cz>
Signed-off-by: default avatarJan Kara <jack@suse.cz>
Signed-off-by: default avatarTheodore Ts'o <tytso@mit.edu>
Cc: stable@vger.kernel.org
parent 5f8c1093
...@@ -4195,9 +4195,8 @@ int ext4_update_disksize_before_punch(struct inode *inode, loff_t offset, ...@@ -4195,9 +4195,8 @@ int ext4_update_disksize_before_punch(struct inode *inode, loff_t offset,
return 0; return 0;
} }
static void ext4_wait_dax_page(struct ext4_inode_info *ei, bool *did_unlock) static void ext4_wait_dax_page(struct ext4_inode_info *ei)
{ {
*did_unlock = true;
up_write(&ei->i_mmap_sem); up_write(&ei->i_mmap_sem);
schedule(); schedule();
down_write(&ei->i_mmap_sem); down_write(&ei->i_mmap_sem);
...@@ -4207,14 +4206,12 @@ int ext4_break_layouts(struct inode *inode) ...@@ -4207,14 +4206,12 @@ int ext4_break_layouts(struct inode *inode)
{ {
struct ext4_inode_info *ei = EXT4_I(inode); struct ext4_inode_info *ei = EXT4_I(inode);
struct page *page; struct page *page;
bool retry;
int error; int error;
if (WARN_ON_ONCE(!rwsem_is_locked(&ei->i_mmap_sem))) if (WARN_ON_ONCE(!rwsem_is_locked(&ei->i_mmap_sem)))
return -EINVAL; return -EINVAL;
do { do {
retry = false;
page = dax_layout_busy_page(inode->i_mapping); page = dax_layout_busy_page(inode->i_mapping);
if (!page) if (!page)
return 0; return 0;
...@@ -4222,8 +4219,8 @@ int ext4_break_layouts(struct inode *inode) ...@@ -4222,8 +4219,8 @@ int ext4_break_layouts(struct inode *inode)
error = ___wait_var_event(&page->_refcount, error = ___wait_var_event(&page->_refcount,
atomic_read(&page->_refcount) == 1, atomic_read(&page->_refcount) == 1,
TASK_INTERRUPTIBLE, 0, 0, TASK_INTERRUPTIBLE, 0, 0,
ext4_wait_dax_page(ei, &retry)); ext4_wait_dax_page(ei));
} while (error == 0 && retry); } while (error == 0);
return error; return error;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment