• Jan Kara's avatar
    vfs: fix data corruption when blocksize < pagesize for mmaped data · cf1e28c9
    Jan Kara authored
    commit 90a80202 upstream.
    
    ->page_mkwrite() is used by filesystems to allocate blocks under a page
    which is becoming writeably mmapped in some process' address space. This
    allows a filesystem to return a page fault if there is not enough space
    available, user exceeds quota or similar problem happens, rather than
    silently discarding data later when writepage is called.
    
    However VFS fails to call ->page_mkwrite() in all the cases where
    filesystems need it when blocksize < pagesize. For example when
    blocksize = 1024, pagesize = 4096 the following is problematic:
      ftruncate(fd, 0);
      pwrite(fd, buf, 1024, 0);
      map = mmap(NULL, 1024, PROT_WRITE, MAP_SHARED, fd, 0);
      map[0] = 'a';       ----> page_mkwrite() for index 0 is called
      ftruncate(fd, 10000); /* or even pwrite(fd, buf, 1, 10000) */
      mremap(map, 1024, 10000, 0);
      map[4095] = 'a';    ----> no page_mkwrite() called
    
    At the moment ->page_mkwrite() is called, filesystem can allocate only
    one block for the page because i_size == 1024. Otherwise it would create
    blocks beyond i_size which is generally undesirable. But later at
    ->writepage() time, we also need to store data at offset 4095 but we
    don't have block allocated for it.
    
    This patch introduces a helper function filesystems can use to have
    ->page_mkwrite() called at all the necessary moments.
    Signed-off-by: default avatarJan Kara <jack@suse.cz>
    Signed-off-by: default avatarTheodore Ts'o <tytso@mit.edu>
    [bwh: Backported to 3.2:
     - Adjust context
     - truncate_setsize() already has an oldsize variable]
    Signed-off-by: default avatarBen Hutchings <ben@decadent.org.uk>
    cf1e28c9
truncate.c 19.1 KB