diff options
author | Trond Myklebust <Trond.Myklebust@netapp.com> | 2007-01-11 02:15:39 -0500 |
---|---|---|
committer | Linus Torvalds <torvalds@woody.osdl.org> | 2007-01-11 21:18:21 -0500 |
commit | e3db7691e9f3dff3289f64e3d98583e28afe03db (patch) | |
tree | e05542d8d8bb545545c5b535381a8c1fcb369a03 /fs/nfs | |
parent | 07031e14c1127fc7e1a5b98dfcc59f434e025104 (diff) |
[PATCH] NFS: Fix race in nfs_release_page()
NFS: Fix race in nfs_release_page()
invalidate_inode_pages2() may find the dirty bit has been set on a page
owing to the fact that the page may still be mapped after it was locked.
Only after the call to unmap_mapping_range() are we sure that the page
can no longer be dirtied.
In order to fix this, NFS has hooked the releasepage() method and tries
to write the page out between the call to unmap_mapping_range() and the
call to remove_mapping(). This, however leads to deadlocks in the page
reclaim code, where the page may be locked without holding a reference
to the inode or dentry.
Fix is to add a new address_space_operation, launder_page(), which will
attempt to write out a dirty page without releasing the page lock.
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Also, the bare SetPageDirty() can skew all sort of accounting leading to
other nasties.
[akpm@osdl.org: cleanup]
Signed-off-by: Peter Zijlstra <a.p.zijlstra@chello.nl>
Cc: Trond Myklebust <Trond.Myklebust@netapp.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Diffstat (limited to 'fs/nfs')
-rw-r--r-- | fs/nfs/file.c | 16 |
1 files changed, 8 insertions, 8 deletions
diff --git a/fs/nfs/file.c b/fs/nfs/file.c index 0dd6be346aa7..fab20d06d936 100644 --- a/fs/nfs/file.c +++ b/fs/nfs/file.c | |||
@@ -315,14 +315,13 @@ static void nfs_invalidate_page(struct page *page, unsigned long offset) | |||
315 | 315 | ||
316 | static int nfs_release_page(struct page *page, gfp_t gfp) | 316 | static int nfs_release_page(struct page *page, gfp_t gfp) |
317 | { | 317 | { |
318 | /* | 318 | /* If PagePrivate() is set, then the page is not freeable */ |
319 | * Avoid deadlock on nfs_wait_on_request(). | 319 | return 0; |
320 | */ | 320 | } |
321 | if (!(gfp & __GFP_FS)) | 321 | |
322 | return 0; | 322 | static int nfs_launder_page(struct page *page) |
323 | /* Hack... Force nfs_wb_page() to write out the page */ | 323 | { |
324 | SetPageDirty(page); | 324 | return nfs_wb_page(page->mapping->host, page); |
325 | return !nfs_wb_page(page->mapping->host, page); | ||
326 | } | 325 | } |
327 | 326 | ||
328 | const struct address_space_operations nfs_file_aops = { | 327 | const struct address_space_operations nfs_file_aops = { |
@@ -338,6 +337,7 @@ const struct address_space_operations nfs_file_aops = { | |||
338 | #ifdef CONFIG_NFS_DIRECTIO | 337 | #ifdef CONFIG_NFS_DIRECTIO |
339 | .direct_IO = nfs_direct_IO, | 338 | .direct_IO = nfs_direct_IO, |
340 | #endif | 339 | #endif |
340 | .launder_page = nfs_launder_page, | ||
341 | }; | 341 | }; |
342 | 342 | ||
343 | static ssize_t nfs_file_write(struct kiocb *iocb, const struct iovec *iov, | 343 | static ssize_t nfs_file_write(struct kiocb *iocb, const struct iovec *iov, |