[patch] fix race in __block_prepare_write (again)

From: Nick Piggin
Date: Thu Apr 21 2005 - 01:22:50 EST

Next message: Davy Durham: "Dell D810 Laptop Suspend/Resume"
Previous message: EnislEd: "Tired of waiting for the software to be delivered to you? Buy and download.For PC and Macintosh"
Next in thread: Anton Altaparmakov: "Re: [patch] fix race in __block_prepare_write (again)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

... I somehow didn't send it to Andrew last time.

--
SUSE Labs, Novell Inc.

Fix a race where __block_prepare_write can leak out an in-flight
read against a bh if get_block returns an error. This can lead to
the page becoming unlocked while the buffer is locked and the read
still in flight. __mpage_writepage BUGs on this condition.

BUG sighted on a 2-way Itanium2 system with 16K PAGE_SIZE running

fsstress -v -d $DIR/tmp -n 1000 -p 1000 -l 2

where $DIR is a new ext2 filesystem with 4K blocks that is quite
small (causing get_block to fail often with -ENOSPC).

Signed-off-by: Nick Piggin <nickpiggin@xxxxxxxxxxxx>

Index: linux-2.6/fs/buffer.c
===================================================================
--- linux-2.6.orig/fs/buffer.c 2005-04-21 11:55:17.549614278 +1000
+++ linux-2.6/fs/buffer.c 2005-04-21 15:55:41.483826075 +1000
@@ -1988,6 +1988,7 @@
*wait_bh++=bh;
}
}
+out:
/*
* If we issued read requests - let them complete.
*/
@@ -1996,8 +1997,9 @@
if (!buffer_uptodate(*wait_bh))
return -EIO;
}
- return 0;
-out:
+ if (!err)
+ return err;
+
/*
* Zero out any newly allocated blocks to avoid exposing stale
* data. If BH_New is set, we know that the block was newly

Next message: Davy Durham: "Dell D810 Laptop Suspend/Resume"
Previous message: EnislEd: "Tired of waiting for the software to be delivered to you? Buy and download.For PC and Macintosh"
Next in thread: Anton Altaparmakov: "Re: [patch] fix race in __block_prepare_write (again)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]