Commit aaa4059b authored by Jan Kara's avatar Jan Kara Committed by Linus Torvalds

[PATCH] ext3: Fix unmapped buffers in transaction's lists

Fix the problem (BUG 4964) with unmapped buffers in transaction's
t_sync_data list.  The problem is we need to call filesystem's own
invalidatepage() from block_write_full_page().

block_write_full_page() must call filesystem's invalidatepage().  Otherwise
following nasty race can happen:

   proc 1                                        proc 2
   ------                                        ------
- write some new data to 'offset'
  => bh gets to the transactions data list
                                              - starts truncate
                                                => i_size set to new size
- mpage_writepages()
  - ext3_ordered_writepage() to 'offset'
    - block_write_full_page()
      - page->index > end_index+1
        - block_invalidatepage()
          - discard_buffer()
            - clear_buffer_mapped()

- commit triggers and finds unmapped buffer - BOOM!
Signed-off-by: default avatarJan Kara <jack@suse.cz>
Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
parent e812cb52
...@@ -1637,6 +1637,15 @@ int block_invalidatepage(struct page *page, unsigned long offset) ...@@ -1637,6 +1637,15 @@ int block_invalidatepage(struct page *page, unsigned long offset)
} }
EXPORT_SYMBOL(block_invalidatepage); EXPORT_SYMBOL(block_invalidatepage);
int do_invalidatepage(struct page *page, unsigned long offset)
{
int (*invalidatepage)(struct page *, unsigned long);
invalidatepage = page->mapping->a_ops->invalidatepage;
if (invalidatepage == NULL)
invalidatepage = block_invalidatepage;
return (*invalidatepage)(page, offset);
}
/* /*
* We attach and possibly dirty the buffers atomically wrt * We attach and possibly dirty the buffers atomically wrt
* __set_page_dirty_buffers() via private_lock. try_to_free_buffers * __set_page_dirty_buffers() via private_lock. try_to_free_buffers
...@@ -2696,7 +2705,7 @@ int block_write_full_page(struct page *page, get_block_t *get_block, ...@@ -2696,7 +2705,7 @@ int block_write_full_page(struct page *page, get_block_t *get_block,
* they may have been added in ext3_writepage(). Make them * they may have been added in ext3_writepage(). Make them
* freeable here, so the page does not leak. * freeable here, so the page does not leak.
*/ */
block_invalidatepage(page, 0); do_invalidatepage(page, 0);
unlock_page(page); unlock_page(page);
return 0; /* don't care */ return 0; /* don't care */
} }
......
...@@ -190,6 +190,7 @@ extern int buffer_heads_over_limit; ...@@ -190,6 +190,7 @@ extern int buffer_heads_over_limit;
*/ */
int try_to_release_page(struct page * page, gfp_t gfp_mask); int try_to_release_page(struct page * page, gfp_t gfp_mask);
int block_invalidatepage(struct page *page, unsigned long offset); int block_invalidatepage(struct page *page, unsigned long offset);
int do_invalidatepage(struct page *page, unsigned long offset);
int block_write_full_page(struct page *page, get_block_t *get_block, int block_write_full_page(struct page *page, get_block_t *get_block,
struct writeback_control *wbc); struct writeback_control *wbc);
int block_read_full_page(struct page*, get_block_t*); int block_read_full_page(struct page*, get_block_t*);
......
...@@ -13,18 +13,9 @@ ...@@ -13,18 +13,9 @@
#include <linux/pagemap.h> #include <linux/pagemap.h>
#include <linux/pagevec.h> #include <linux/pagevec.h>
#include <linux/buffer_head.h> /* grr. try_to_release_page, #include <linux/buffer_head.h> /* grr. try_to_release_page,
block_invalidatepage */ do_invalidatepage */
static int do_invalidatepage(struct page *page, unsigned long offset)
{
int (*invalidatepage)(struct page *, unsigned long);
invalidatepage = page->mapping->a_ops->invalidatepage;
if (invalidatepage == NULL)
invalidatepage = block_invalidatepage;
return (*invalidatepage)(page, offset);
}
static inline void truncate_partial_page(struct page *page, unsigned partial) static inline void truncate_partial_page(struct page *page, unsigned partial)
{ {
memclear_highpage_flush(page, partial, PAGE_CACHE_SIZE-partial); memclear_highpage_flush(page, partial, PAGE_CACHE_SIZE-partial);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment