diff options
author | Jan Kara <jack@suse.cz> | 2005-10-30 15:00:16 -0800 |
---|---|---|
committer | Linus Torvalds <torvalds@g5.osdl.org> | 2005-10-30 17:37:17 -0800 |
commit | aaa4059bc2dca7fa816624a28db1958c3a22df9b (patch) | |
tree | 8ae1d5458e2f68f96b033f10dae216847c32d4d2 | |
parent | e812cb5226af32aec91bcbaa8365bd7f921b6ebb (diff) | |
download | kernel_samsung_smdk4412-aaa4059bc2dca7fa816624a28db1958c3a22df9b.zip kernel_samsung_smdk4412-aaa4059bc2dca7fa816624a28db1958c3a22df9b.tar.gz kernel_samsung_smdk4412-aaa4059bc2dca7fa816624a28db1958c3a22df9b.tar.bz2 |
[PATCH] ext3: Fix unmapped buffers in transaction's lists
Fix the problem (BUG 4964) with unmapped buffers in transaction's
t_sync_data list. The problem is we need to call filesystem's own
invalidatepage() from block_write_full_page().
block_write_full_page() must call filesystem's invalidatepage(). Otherwise
following nasty race can happen:
proc 1 proc 2
------ ------
- write some new data to 'offset'
=> bh gets to the transactions data list
- starts truncate
=> i_size set to new size
- mpage_writepages()
- ext3_ordered_writepage() to 'offset'
- block_write_full_page()
- page->index > end_index+1
- block_invalidatepage()
- discard_buffer()
- clear_buffer_mapped()
- commit triggers and finds unmapped buffer - BOOM!
Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
-rw-r--r-- | fs/buffer.c | 11 | ||||
-rw-r--r-- | include/linux/buffer_head.h | 1 | ||||
-rw-r--r-- | mm/truncate.c | 11 |
3 files changed, 12 insertions, 11 deletions
diff --git a/fs/buffer.c b/fs/buffer.c index 2066e4c..75cac9a 100644 --- a/fs/buffer.c +++ b/fs/buffer.c @@ -1637,6 +1637,15 @@ out: } EXPORT_SYMBOL(block_invalidatepage); +int do_invalidatepage(struct page *page, unsigned long offset) +{ + int (*invalidatepage)(struct page *, unsigned long); + invalidatepage = page->mapping->a_ops->invalidatepage; + if (invalidatepage == NULL) + invalidatepage = block_invalidatepage; + return (*invalidatepage)(page, offset); +} + /* * We attach and possibly dirty the buffers atomically wrt * __set_page_dirty_buffers() via private_lock. try_to_free_buffers @@ -2696,7 +2705,7 @@ int block_write_full_page(struct page *page, get_block_t *get_block, * they may have been added in ext3_writepage(). Make them * freeable here, so the page does not leak. */ - block_invalidatepage(page, 0); + do_invalidatepage(page, 0); unlock_page(page); return 0; /* don't care */ } diff --git a/include/linux/buffer_head.h b/include/linux/buffer_head.h index c937d6e..1db061b 100644 --- a/include/linux/buffer_head.h +++ b/include/linux/buffer_head.h @@ -190,6 +190,7 @@ extern int buffer_heads_over_limit; */ int try_to_release_page(struct page * page, gfp_t gfp_mask); int block_invalidatepage(struct page *page, unsigned long offset); +int do_invalidatepage(struct page *page, unsigned long offset); int block_write_full_page(struct page *page, get_block_t *get_block, struct writeback_control *wbc); int block_read_full_page(struct page*, get_block_t*); diff --git a/mm/truncate.c b/mm/truncate.c index 60c8764..29c18f6 100644 --- a/mm/truncate.c +++ b/mm/truncate.c @@ -13,18 +13,9 @@ #include <linux/pagemap.h> #include <linux/pagevec.h> #include <linux/buffer_head.h> /* grr. try_to_release_page, - block_invalidatepage */ + do_invalidatepage */ -static int do_invalidatepage(struct page *page, unsigned long offset) -{ - int (*invalidatepage)(struct page *, unsigned long); - invalidatepage = page->mapping->a_ops->invalidatepage; - if (invalidatepage == NULL) - invalidatepage = block_invalidatepage; - return (*invalidatepage)(page, offset); -} - static inline void truncate_partial_page(struct page *page, unsigned partial) { memclear_highpage_flush(page, partial, PAGE_CACHE_SIZE-partial); |