diff options
| author | Lachlan McIlroy <lachlan@sgi.com> | 2008-10-30 16:59:06 +1100 |
|---|---|---|
| committer | Lachlan McIlroy <lachlan@sgi.com> | 2008-10-30 16:59:06 +1100 |
| commit | d112f2984592acb774187b3adddc107fb0825500 (patch) | |
| tree | 8857ca1206d7c386cdc821566f71fa6f03233c69 /fs | |
| parent | 7f7c39ccb6045cf1fd5e7684a484c445291b44d4 (diff) | |
| download | kernel_samsung_espresso10-d112f2984592acb774187b3adddc107fb0825500.zip kernel_samsung_espresso10-d112f2984592acb774187b3adddc107fb0825500.tar.gz kernel_samsung_espresso10-d112f2984592acb774187b3adddc107fb0825500.tar.bz2 | |
[XFS] Wait for all I/O on truncate to zero file size
It's possible to have outstanding xfs_ioend_t's queued when the file size
is zero. This can happen in the direct I/O path when a direct I/O write
fails due to ENOSPC. In this case the xfs_ioend_t will still be queued (ie
xfs_end_io_direct() does not know that the I/O failed so can't force the
xfs_ioend_t to be flushed synchronously).
When we truncate a file on unlink we don't know to wait for these
xfs_ioend_ts and we can have a use-after-free situation if the inode is
reclaimed before the xfs_ioend_t is finally processed.
As was suggested by Dave Chinner lets wait for all I/Os to complete when
truncating the file size to zero.
SGI-PV: 981668
SGI-Modid: xfs-linux-melb:xfs-kern:32216a
Signed-off-by: Lachlan McIlroy <lachlan@sgi.com>
Signed-off-by: Christoph Hellwig <hch@infradead.org>
Diffstat (limited to 'fs')
| -rw-r--r-- | fs/xfs/xfs_inode.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/fs/xfs/xfs_inode.c b/fs/xfs/xfs_inode.c index cc0474d..2b1294b 100644 --- a/fs/xfs/xfs_inode.c +++ b/fs/xfs/xfs_inode.c @@ -1450,7 +1450,7 @@ xfs_itruncate_start( mp = ip->i_mount; /* wait for the completion of any pending DIOs */ - if (new_size < ip->i_size) + if (new_size == 0 || new_size < ip->i_size) vn_iowait(ip); /* |