diff options
| author | Jan Kara <jack@suse.cz> | 2014-09-09 13:03:03 +0200 |
|---|---|---|
| committer | Jan Kara <jack@suse.cz> | 2014-09-17 11:59:11 +0200 |
| commit | 6fb1ca92a6409a9d5b0696447cd4997bc9aaf5a2 (patch) | |
| tree | b3e110ddf9b2e35e92f586418005a0fc0002f9a4 /fs/udf/file.c | |
| parent | 0b93a92be4cb48f22b78c95dea84089a1e72f860 (diff) | |
| download | linux-6fb1ca92a6409a9d5b0696447cd4997bc9aaf5a2.tar.gz | |
udf: Fix race between write(2) and close(2)
Currently write(2) updating i_size and close(2) of the file can race in
such a way that udf_truncate_tail_extent() called from
udf_file_release() sees old i_size but already new extents added by the
running write call. This results in complaints like:
UDF-fs: warning (device vdb2): udf_truncate_tail_extent: Too long extent
after EOF in inode 877: i_size: 0 lbcount: 1073739776 extent 0+1073739776
UDF-fs: error (device vdb2): udf_truncate_tail_extent: Extent after EOF
in inode 877
Fix the problem by grabbing i_mutex in udf_file_release() to be sure
i_size is consistent with current state of extent list. Also avoid
truncating tail extent unnecessarily when the file is still open for
writing.
Signed-off-by: Jan Kara <jack@suse.cz>
Diffstat (limited to 'fs/udf/file.c')
| -rw-r--r-- | fs/udf/file.c | 9 |
1 files changed, 8 insertions, 1 deletions
diff --git a/fs/udf/file.c b/fs/udf/file.c index 86c6743ec1fe..bb15771b92ae 100644 --- a/fs/udf/file.c +++ b/fs/udf/file.c @@ -223,11 +223,18 @@ out: static int udf_release_file(struct inode *inode, struct file *filp) { - if (filp->f_mode & FMODE_WRITE) { + if (filp->f_mode & FMODE_WRITE && + atomic_read(&inode->i_writecount) > 1) { + /* + * Grab i_mutex to avoid races with writes changing i_size + * while we are running. + */ + mutex_lock(&inode->i_mutex); down_write(&UDF_I(inode)->i_data_sem); udf_discard_prealloc(inode); udf_truncate_tail_extent(inode); up_write(&UDF_I(inode)->i_data_sem); + mutex_unlock(&inode->i_mutex); } return 0; } |