diff options
| author | Chris Mason <mason@suse.com> | 2006-02-01 03:06:47 -0800 |
|---|---|---|
| committer | Linus Torvalds <torvalds@g5.osdl.org> | 2006-02-01 08:53:26 -0800 |
| commit | d62b1b87a7d1c3a21dddabed4251763090be3182 (patch) | |
| tree | 52d563a2af8bde77c9e4638e3636c8cd3bb0c01e | |
| parent | ec191574b9c3cb7bfb95e4f803b63f7c8dc52690 (diff) | |
| download | linux-3.10-d62b1b87a7d1c3a21dddabed4251763090be3182.tar.gz linux-3.10-d62b1b87a7d1c3a21dddabed4251763090be3182.tar.bz2 linux-3.10-d62b1b87a7d1c3a21dddabed4251763090be3182.zip | |
[PATCH] resierfs: fix reiserfs_invalidatepage race against data=ordered
After a transaction has closed but before it has finished commit, there is
a window where data=ordered mode requires invalidatepage to pin pages
instead of freeing them. This patch fixes a race between the
invalidatepage checks and data=ordered writeback, and it also adds a check
to the reiserfs write_ordered_buffers routines to write any anonymous
buffers that were dirtied after its first writeback loop.
That bug works like this:
proc1: transaction closes and a new one starts
proc1: write_ordered_buffers starts processing data=ordered list
proc1: buffer A is cleaned and written
proc2: buffer A is dirtied by another process
proc2: File is truncated to zero, page A goes through invalidatepage
proc2: reiserfs_invalidatepage sees dirty buffer A with reiserfs
journal head, pins it
proc1: write_ordered_buffers frees the journal head on buffer A
At this point, buffer A stays dirty forever
Signed-off-by: Chris Mason <mason@suse.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
| -rw-r--r-- | fs/reiserfs/inode.c | 4 | ||||
| -rw-r--r-- | fs/reiserfs/journal.c | 13 |
2 files changed, 16 insertions, 1 deletions
diff --git a/fs/reiserfs/inode.c b/fs/reiserfs/inode.c index ffa34b861bd..60e2f234470 100644 --- a/fs/reiserfs/inode.c +++ b/fs/reiserfs/inode.c @@ -2743,6 +2743,7 @@ static int invalidatepage_can_drop(struct inode *inode, struct buffer_head *bh) int ret = 1; struct reiserfs_journal *j = SB_JOURNAL(inode->i_sb); + lock_buffer(bh); spin_lock(&j->j_dirty_buffers_lock); if (!buffer_mapped(bh)) { goto free_jh; @@ -2758,7 +2759,7 @@ static int invalidatepage_can_drop(struct inode *inode, struct buffer_head *bh) if (buffer_journaled(bh) || buffer_journal_dirty(bh)) { ret = 0; } - } else if (buffer_dirty(bh) || buffer_locked(bh)) { + } else if (buffer_dirty(bh)) { struct reiserfs_journal_list *jl; struct reiserfs_jh *jh = bh->b_private; @@ -2784,6 +2785,7 @@ static int invalidatepage_can_drop(struct inode *inode, struct buffer_head *bh) reiserfs_free_jh(bh); } spin_unlock(&j->j_dirty_buffers_lock); + unlock_buffer(bh); return ret; } diff --git a/fs/reiserfs/journal.c b/fs/reiserfs/journal.c index 2d04efb22ee..bc8fe963b3c 100644 --- a/fs/reiserfs/journal.c +++ b/fs/reiserfs/journal.c @@ -877,6 +877,19 @@ static int write_ordered_buffers(spinlock_t * lock, if (!buffer_uptodate(bh)) { ret = -EIO; } + /* ugly interaction with invalidatepage here. + * reiserfs_invalidate_page will pin any buffer that has a valid + * journal head from an older transaction. If someone else sets + * our buffer dirty after we write it in the first loop, and + * then someone truncates the page away, nobody will ever write + * the buffer. We're safe if we write the page one last time + * after freeing the journal header. + */ + if (buffer_dirty(bh) && unlikely(bh->b_page->mapping == NULL)) { + spin_unlock(lock); + ll_rw_block(WRITE, 1, &bh); + spin_lock(lock); + } put_bh(bh); cond_resched_lock(lock); } |