aboutsummaryrefslogtreecommitdiffstats
path: root/fs
diff options
context:
space:
mode:
authorNick Piggin <nickpiggin@yahoo.com.au>2005-05-05 19:15:45 -0400
committerLinus Torvalds <torvalds@ppc970.osdl.org>2005-05-05 19:36:40 -0400
commitf3ddbdc6267c32223035ea9bb8456a2d86f65ba1 (patch)
treebc11ca9a8bc1f1ebdc70e59bb28e8e328346f7bb /fs
parent3c8fad1829cc33e903500b41d989fa50ab196378 (diff)
[PATCH] fix race in __block_prepare_write
Fix a race where __block_prepare_write can leak out an in-flight read against a bh if get_block returns an error. This can lead to the page becoming unlocked while the buffer is locked and the read still in flight. __mpage_writepage BUGs on this condition. BUG sighted on a 2-way Itanium2 system with 16K PAGE_SIZE running fsstress -v -d $DIR/tmp -n 1000 -p 1000 -l 2 where $DIR is a new ext2 filesystem with 4K blocks that is quite small (causing get_block to fail often with -ENOSPC). Signed-off-by: Nick Piggin <nickpiggin@yahoo.com.au> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Diffstat (limited to 'fs')
-rw-r--r--fs/buffer.c10
1 files changed, 6 insertions, 4 deletions
diff --git a/fs/buffer.c b/fs/buffer.c
index 6ed59497fd4d..af7c51ded2e1 100644
--- a/fs/buffer.c
+++ b/fs/buffer.c
@@ -1953,7 +1953,7 @@ static int __block_prepare_write(struct inode *inode, struct page *page,
1953 if (!buffer_mapped(bh)) { 1953 if (!buffer_mapped(bh)) {
1954 err = get_block(inode, block, bh, 1); 1954 err = get_block(inode, block, bh, 1);
1955 if (err) 1955 if (err)
1956 goto out; 1956 break;
1957 if (buffer_new(bh)) { 1957 if (buffer_new(bh)) {
1958 clear_buffer_new(bh); 1958 clear_buffer_new(bh);
1959 unmap_underlying_metadata(bh->b_bdev, 1959 unmap_underlying_metadata(bh->b_bdev,
@@ -1995,10 +1995,12 @@ static int __block_prepare_write(struct inode *inode, struct page *page,
1995 while(wait_bh > wait) { 1995 while(wait_bh > wait) {
1996 wait_on_buffer(*--wait_bh); 1996 wait_on_buffer(*--wait_bh);
1997 if (!buffer_uptodate(*wait_bh)) 1997 if (!buffer_uptodate(*wait_bh))
1998 return -EIO; 1998 err = -EIO;
1999 } 1999 }
2000 return 0; 2000 if (!err)
2001out: 2001 return err;
2002
2003 /* Error case: */
2002 /* 2004 /*
2003 * Zero out any newly allocated blocks to avoid exposing stale 2005 * Zero out any newly allocated blocks to avoid exposing stale
2004 * data. If BH_New is set, we know that the block was newly 2006 * data. If BH_New is set, we know that the block was newly