[PATCH] fix race in __block_prepare_write
Fix a race where __block_prepare_write can leak out an in-flight read against a bh if get_block returns an error. This can lead to the page becoming unlocked while the buffer is locked and the read still in flight. __mpage_writepage BUGs on this condition. BUG sighted on a 2-way Itanium2 system with 16K PAGE_SIZE running fsstress -v -d $DIR/tmp -n 1000 -p 1000 -l 2 where $DIR is a new ext2 filesystem with 4K blocks that is quite small (causing get_block to fail often with -ENOSPC). Signed-off-by: Nick Piggin <nickpiggin@yahoo.com.au> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
This commit is contained in:
parent
3c8fad1829
commit
f3ddbdc626
10
fs/buffer.c
10
fs/buffer.c
@ -1953,7 +1953,7 @@ static int __block_prepare_write(struct inode *inode, struct page *page,
|
||||
if (!buffer_mapped(bh)) {
|
||||
err = get_block(inode, block, bh, 1);
|
||||
if (err)
|
||||
goto out;
|
||||
break;
|
||||
if (buffer_new(bh)) {
|
||||
clear_buffer_new(bh);
|
||||
unmap_underlying_metadata(bh->b_bdev,
|
||||
@ -1995,10 +1995,12 @@ static int __block_prepare_write(struct inode *inode, struct page *page,
|
||||
while(wait_bh > wait) {
|
||||
wait_on_buffer(*--wait_bh);
|
||||
if (!buffer_uptodate(*wait_bh))
|
||||
return -EIO;
|
||||
err = -EIO;
|
||||
}
|
||||
return 0;
|
||||
out:
|
||||
if (!err)
|
||||
return err;
|
||||
|
||||
/* Error case: */
|
||||
/*
|
||||
* Zero out any newly allocated blocks to avoid exposing stale
|
||||
* data. If BH_New is set, we know that the block was newly
|
||||
|
Loading…
Reference in New Issue
Block a user