aboutsummaryrefslogtreecommitdiffstats
path: root/fs
diff options
context:
space:
mode:
authorJan Kara <jack@suse.cz>2011-12-09 20:30:48 -0500
committerJan Kara <jack@suse.cz>2012-01-09 07:52:08 -0500
commitd2eb8c359309ec45d6bf5b147303ab8e13be86ea (patch)
tree4725da2f9f5728b41960cff7b628d0997812504c /fs
parent7b0b0933a3ff6052addf4d49ea99f75ab27df2d0 (diff)
udf: Fix deadlock when converting file from in-ICB one to normal one
During BKL removal in 2.6.38, conversion of files from in-ICB format to normal format got broken. We call ->writepage with i_data_sem held but udf_get_block() also acquires i_data_sem thus creating A-A deadlock. We fix the problem by dropping i_data_sem before calling ->writepage() which is safe since i_mutex still protects us against any changes in the file. Also fix pagelock - i_data_sem lock inversion in udf_expand_file_adinicb() by dropping i_data_sem before calling find_or_create_page(). CC: stable@kernel.org Reported-by: Matthias Matiak <netzpython@mail-on.us> Tested-by: Matthias Matiak <netzpython@mail-on.us> Reviewed-by: Namjae Jeon <linkinjeon@gmail.com> Signed-off-by: Jan Kara <jack@suse.cz>
Diffstat (limited to 'fs')
-rw-r--r--fs/udf/file.c6
-rw-r--r--fs/udf/inode.c21
2 files changed, 21 insertions, 6 deletions
diff --git a/fs/udf/file.c b/fs/udf/file.c
index d8ffa7cc661d..dca0c3881e82 100644
--- a/fs/udf/file.c
+++ b/fs/udf/file.c
@@ -125,7 +125,6 @@ static ssize_t udf_file_aio_write(struct kiocb *iocb, const struct iovec *iov,
125 err = udf_expand_file_adinicb(inode); 125 err = udf_expand_file_adinicb(inode);
126 if (err) { 126 if (err) {
127 udf_debug("udf_expand_adinicb: err=%d\n", err); 127 udf_debug("udf_expand_adinicb: err=%d\n", err);
128 up_write(&iinfo->i_data_sem);
129 return err; 128 return err;
130 } 129 }
131 } else { 130 } else {
@@ -133,9 +132,10 @@ static ssize_t udf_file_aio_write(struct kiocb *iocb, const struct iovec *iov,
133 iinfo->i_lenAlloc = pos + count; 132 iinfo->i_lenAlloc = pos + count;
134 else 133 else
135 iinfo->i_lenAlloc = inode->i_size; 134 iinfo->i_lenAlloc = inode->i_size;
135 up_write(&iinfo->i_data_sem);
136 } 136 }
137 } 137 } else
138 up_write(&iinfo->i_data_sem); 138 up_write(&iinfo->i_data_sem);
139 139
140 retval = generic_file_aio_write(iocb, iov, nr_segs, ppos); 140 retval = generic_file_aio_write(iocb, iov, nr_segs, ppos);
141 if (retval > 0) 141 if (retval > 0)
diff --git a/fs/udf/inode.c b/fs/udf/inode.c
index 1bd2c42f3b48..4f7b1ffd9e37 100644
--- a/fs/udf/inode.c
+++ b/fs/udf/inode.c
@@ -150,6 +150,12 @@ const struct address_space_operations udf_aops = {
150 .bmap = udf_bmap, 150 .bmap = udf_bmap,
151}; 151};
152 152
153/*
154 * Expand file stored in ICB to a normal one-block-file
155 *
156 * This function requires i_data_sem for writing and releases it.
157 * This function requires i_mutex held
158 */
153int udf_expand_file_adinicb(struct inode *inode) 159int udf_expand_file_adinicb(struct inode *inode)
154{ 160{
155 struct page *page; 161 struct page *page;
@@ -168,9 +174,15 @@ int udf_expand_file_adinicb(struct inode *inode)
168 iinfo->i_alloc_type = ICBTAG_FLAG_AD_LONG; 174 iinfo->i_alloc_type = ICBTAG_FLAG_AD_LONG;
169 /* from now on we have normal address_space methods */ 175 /* from now on we have normal address_space methods */
170 inode->i_data.a_ops = &udf_aops; 176 inode->i_data.a_ops = &udf_aops;
177 up_write(&iinfo->i_data_sem);
171 mark_inode_dirty(inode); 178 mark_inode_dirty(inode);
172 return 0; 179 return 0;
173 } 180 }
181 /*
182 * Release i_data_sem so that we can lock a page - page lock ranks
183 * above i_data_sem. i_mutex still protects us against file changes.
184 */
185 up_write(&iinfo->i_data_sem);
174 186
175 page = find_or_create_page(inode->i_mapping, 0, GFP_NOFS); 187 page = find_or_create_page(inode->i_mapping, 0, GFP_NOFS);
176 if (!page) 188 if (!page)
@@ -186,6 +198,7 @@ int udf_expand_file_adinicb(struct inode *inode)
186 SetPageUptodate(page); 198 SetPageUptodate(page);
187 kunmap(page); 199 kunmap(page);
188 } 200 }
201 down_write(&iinfo->i_data_sem);
189 memset(iinfo->i_ext.i_data + iinfo->i_lenEAttr, 0x00, 202 memset(iinfo->i_ext.i_data + iinfo->i_lenEAttr, 0x00,
190 iinfo->i_lenAlloc); 203 iinfo->i_lenAlloc);
191 iinfo->i_lenAlloc = 0; 204 iinfo->i_lenAlloc = 0;
@@ -195,17 +208,20 @@ int udf_expand_file_adinicb(struct inode *inode)
195 iinfo->i_alloc_type = ICBTAG_FLAG_AD_LONG; 208 iinfo->i_alloc_type = ICBTAG_FLAG_AD_LONG;
196 /* from now on we have normal address_space methods */ 209 /* from now on we have normal address_space methods */
197 inode->i_data.a_ops = &udf_aops; 210 inode->i_data.a_ops = &udf_aops;
211 up_write(&iinfo->i_data_sem);
198 err = inode->i_data.a_ops->writepage(page, &udf_wbc); 212 err = inode->i_data.a_ops->writepage(page, &udf_wbc);
199 if (err) { 213 if (err) {
200 /* Restore everything back so that we don't lose data... */ 214 /* Restore everything back so that we don't lose data... */
201 lock_page(page); 215 lock_page(page);
202 kaddr = kmap(page); 216 kaddr = kmap(page);
217 down_write(&iinfo->i_data_sem);
203 memcpy(iinfo->i_ext.i_data + iinfo->i_lenEAttr, kaddr, 218 memcpy(iinfo->i_ext.i_data + iinfo->i_lenEAttr, kaddr,
204 inode->i_size); 219 inode->i_size);
205 kunmap(page); 220 kunmap(page);
206 unlock_page(page); 221 unlock_page(page);
207 iinfo->i_alloc_type = ICBTAG_FLAG_AD_IN_ICB; 222 iinfo->i_alloc_type = ICBTAG_FLAG_AD_IN_ICB;
208 inode->i_data.a_ops = &udf_adinicb_aops; 223 inode->i_data.a_ops = &udf_adinicb_aops;
224 up_write(&iinfo->i_data_sem);
209 } 225 }
210 page_cache_release(page); 226 page_cache_release(page);
211 mark_inode_dirty(inode); 227 mark_inode_dirty(inode);
@@ -1105,10 +1121,9 @@ int udf_setsize(struct inode *inode, loff_t newsize)
1105 if (bsize < 1121 if (bsize <
1106 (udf_file_entry_alloc_offset(inode) + newsize)) { 1122 (udf_file_entry_alloc_offset(inode) + newsize)) {
1107 err = udf_expand_file_adinicb(inode); 1123 err = udf_expand_file_adinicb(inode);
1108 if (err) { 1124 if (err)
1109 up_write(&iinfo->i_data_sem);
1110 return err; 1125 return err;
1111 } 1126 down_write(&iinfo->i_data_sem);
1112 } else 1127 } else
1113 iinfo->i_lenAlloc = newsize; 1128 iinfo->i_lenAlloc = newsize;
1114 } 1129 }