projects / GitHub / moto-9609 / android_kernel_motorola_exynos9610.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 5446429)
ceph: fix pending vmtruncate race
authorYan, Zheng <zheng.z.yan@intel.com>
Tue, 2 Jul 2013 04:40:19 +0000 (12:40 +0800)
committerSage Weil <sage@inktank.com>
Wed, 3 Jul 2013 22:32:56 +0000 (15:32 -0700)
The locking order for pending vmtruncate is wrong, it can lead to
following race:

        write                  wmtruncate work
------------------------    ----------------------
lock i_mutex
check i_truncate_pending   check i_truncate_pending
truncate_inode_pages()     lock i_mutex (blocked)
copy data to page cache
unlock i_mutex
                           truncate_inode_pages()

The fix is take i_mutex before calling __ceph_do_pending_vmtruncate()

Fixes: http://tracker.ceph.com/issues/5453
Signed-off-by: Yan, Zheng <zheng.z.yan@intel.com>
Reviewed-by: Sage Weil <sage@inktank.com>
fs/ceph/caps.c patch | blob | blame | history
fs/ceph/file.c patch | blob | blame | history
fs/ceph/inode.c patch | blob | blame | history
fs/ceph/super.h patch | blob | blame | history

diff --git a/fs/ceph/caps.c b/fs/ceph/caps.c
index 8ec27b130cc9eacb39129e8efca6b5fa24389d6e..16266f3e9a332fbfc9d3fc9d9203491b1ab99003 100644 (file)
--- a/fs/ceph/caps.c
+++ b/fs/ceph/caps.c
@@ -2057,7 +2057,11 @@ static int try_get_cap_refs(struct ceph_inode_info *ci, int need, int want,
        /* finish pending truncate */
        while (ci->i_truncate_pending) {
                spin_unlock(&ci->i_ceph_lock);
-               __ceph_do_pending_vmtruncate(inode, !(need & CEPH_CAP_FILE_WR));
+               if (!(need & CEPH_CAP_FILE_WR))
+                       mutex_lock(&inode->i_mutex);
+               __ceph_do_pending_vmtruncate(inode);
+               if (!(need & CEPH_CAP_FILE_WR))
+                       mutex_unlock(&inode->i_mutex);
                spin_lock(&ci->i_ceph_lock);
        }
 
diff --git a/fs/ceph/file.c b/fs/ceph/file.c
index 7c69f4f0dee6a89ccfe39a073c77549405f8f352..a44d5153179b7253a193ae2fc3a8f6974eb5e18c 100644 (file)
--- a/fs/ceph/file.c
+++ b/fs/ceph/file.c
@@ -822,7 +822,7 @@ static loff_t ceph_llseek(struct file *file, loff_t offset, int whence)
        int ret;
 
        mutex_lock(&inode->i_mutex);
-       __ceph_do_pending_vmtruncate(inode, false);
+       __ceph_do_pending_vmtruncate(inode);
 
        if (whence == SEEK_END || whence == SEEK_DATA || whence == SEEK_HOLE) {
                ret = ceph_do_getattr(inode, CEPH_STAT_CAP_SIZE);
diff --git a/fs/ceph/inode.c b/fs/ceph/inode.c
index be0f7e20d62ed230186019d65297e8f45f2f4ab2..4906ada4a97c6be9f00ce45245911dbb6efa98c2 100644 (file)
--- a/fs/ceph/inode.c
+++ b/fs/ceph/inode.c
@@ -1465,7 +1465,9 @@ static void ceph_vmtruncate_work(struct work_struct *work)
        struct inode *inode = &ci->vfs_inode;
 
        dout("vmtruncate_work %p\n", inode);
-       __ceph_do_pending_vmtruncate(inode, true);
+       mutex_lock(&inode->i_mutex);
+       __ceph_do_pending_vmtruncate(inode);
+       mutex_unlock(&inode->i_mutex);
        iput(inode);
 }
 
@@ -1492,7 +1494,7 @@ void ceph_queue_vmtruncate(struct inode *inode)
  * Make sure any pending truncation is applied before doing anything
  * that may depend on it.
  */
-void __ceph_do_pending_vmtruncate(struct inode *inode, bool needlock)
+void __ceph_do_pending_vmtruncate(struct inode *inode)
 {
        struct ceph_inode_info *ci = ceph_inode(inode);
        u64 to;
@@ -1525,11 +1527,7 @@ retry:
             ci->i_truncate_pending, to);
        spin_unlock(&ci->i_ceph_lock);
 
-       if (needlock)
-               mutex_lock(&inode->i_mutex);
        truncate_inode_pages(inode->i_mapping, to);
-       if (needlock)
-               mutex_unlock(&inode->i_mutex);
 
        spin_lock(&ci->i_ceph_lock);
        if (to == ci->i_truncate_size) {
@@ -1588,7 +1586,7 @@ int ceph_setattr(struct dentry *dentry, struct iattr *attr)
        if (ceph_snap(inode) != CEPH_NOSNAP)
                return -EROFS;
 
-       __ceph_do_pending_vmtruncate(inode, false);
+       __ceph_do_pending_vmtruncate(inode);
 
        err = inode_change_ok(inode, attr);
        if (err != 0)
@@ -1770,7 +1768,7 @@ int ceph_setattr(struct dentry *dentry, struct iattr *attr)
             ceph_cap_string(dirtied), mask);
 
        ceph_mdsc_put_request(req);
-       __ceph_do_pending_vmtruncate(inode, false);
+       __ceph_do_pending_vmtruncate(inode);
        return err;
 out:
        spin_unlock(&ci->i_ceph_lock);
diff --git a/fs/ceph/super.h b/fs/ceph/super.h
index dfbb729b31303f65a966e29568a352bf2eaa7b33..cbded572345e77a107e539aa4e433d6f6f7964c0 100644 (file)
--- a/fs/ceph/super.h
+++ b/fs/ceph/super.h
@@ -692,7 +692,7 @@ extern int ceph_readdir_prepopulate(struct ceph_mds_request *req,
 extern int ceph_inode_holds_cap(struct inode *inode, int mask);
 
 extern int ceph_inode_set_size(struct inode *inode, loff_t size);
-extern void __ceph_do_pending_vmtruncate(struct inode *inode, bool needlock);
+extern void __ceph_do_pending_vmtruncate(struct inode *inode);
 extern void ceph_queue_vmtruncate(struct inode *inode);
 
 extern void ceph_queue_invalidate(struct inode *inode);