diff options
author | Lachlan McIlroy <lachlan@sgi.com> | 2008-10-30 01:59:06 -0400 |
---|---|---|
committer | Lachlan McIlroy <lachlan@redback.melbourne.sgi.com> | 2008-11-10 01:51:00 -0500 |
commit | 2cf7f0da3ae225848a2ee10d4e216448a770fd00 (patch) | |
tree | 1cfbb7ca0b9a6742c8c35150f21d6ba91b153b36 /fs | |
parent | 9ccbece546cf836f67f6d9bb4bf2f70f7476cb2c (diff) |
[XFS] Wait for all I/O on truncate to zero file size
It's possible to have outstanding xfs_ioend_t's queued when the file size
is zero. This can happen in the direct I/O path when a direct I/O write
fails due to ENOSPC. In this case the xfs_ioend_t will still be queued (ie
xfs_end_io_direct() does not know that the I/O failed so can't force the
xfs_ioend_t to be flushed synchronously).
When we truncate a file on unlink we don't know to wait for these
xfs_ioend_ts and we can have a use-after-free situation if the inode is
reclaimed before the xfs_ioend_t is finally processed.
As was suggested by Dave Chinner lets wait for all I/Os to complete when
truncating the file size to zero.
SGI-PV: 981668
SGI-Modid: xfs-linux-melb:xfs-kern:32216a
Signed-off-by: Lachlan McIlroy <lachlan@sgi.com>
Signed-off-by: Christoph Hellwig <hch@infradead.org>
Diffstat (limited to 'fs')
-rw-r--r-- | fs/xfs/xfs_inode.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/fs/xfs/xfs_inode.c b/fs/xfs/xfs_inode.c index dbd9cef852ec..a391b955df01 100644 --- a/fs/xfs/xfs_inode.c +++ b/fs/xfs/xfs_inode.c | |||
@@ -1414,7 +1414,7 @@ xfs_itruncate_start( | |||
1414 | mp = ip->i_mount; | 1414 | mp = ip->i_mount; |
1415 | 1415 | ||
1416 | /* wait for the completion of any pending DIOs */ | 1416 | /* wait for the completion of any pending DIOs */ |
1417 | if (new_size < ip->i_size) | 1417 | if (new_size == 0 || new_size < ip->i_size) |
1418 | vn_iowait(ip); | 1418 | vn_iowait(ip); |
1419 | 1419 | ||
1420 | /* | 1420 | /* |