Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit d62b1b87 authored by Chris Mason's avatar Chris Mason Committed by Linus Torvalds
Browse files

[PATCH] resierfs: fix reiserfs_invalidatepage race against data=ordered 



After a transaction has closed but before it has finished commit, there is
a window where data=ordered mode requires invalidatepage to pin pages
instead of freeing them.  This patch fixes a race between the
invalidatepage checks and data=ordered writeback, and it also adds a check
to the reiserfs write_ordered_buffers routines to write any anonymous
buffers that were dirtied after its first writeback loop.

That bug works like this:

proc1: transaction closes and a new one starts
proc1: write_ordered_buffers starts processing data=ordered list
proc1: buffer A is cleaned and written
proc2: buffer A is dirtied by another process
proc2: File is truncated to zero, page A goes through invalidatepage
proc2: reiserfs_invalidatepage sees dirty buffer A with reiserfs
       journal head, pins it
proc1: write_ordered_buffers frees the journal head on buffer A

At this point, buffer A stays dirty forever

Signed-off-by: default avatarChris Mason <mason@suse.com>
Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
parent ec191574

fs/reiserfs/inode.c

+3 −1
Original line number Diff line number Diff line
@@ -2743,6 +2743,7 @@ static int invalidatepage_can_drop(struct inode *inode, struct buffer_head *bh) 
	int ret = 1;

	struct reiserfs_journal *j = SB_JOURNAL(inode->i_sb);



	lock_buffer(bh);

	spin_lock(&j->j_dirty_buffers_lock);

	if (!buffer_mapped(bh)) {

		goto free_jh;
@@ -2758,7 +2759,7 @@ static int invalidatepage_can_drop(struct inode *inode, struct buffer_head *bh) 
		if (buffer_journaled(bh) || buffer_journal_dirty(bh)) {

			ret = 0;

		}

	} else if (buffer_dirty(bh) || buffer_locked(bh)) {

	} else  if (buffer_dirty(bh)) {

		struct reiserfs_journal_list *jl;

		struct reiserfs_jh *jh = bh->b_private;
@@ -2784,6 +2785,7 @@ static int invalidatepage_can_drop(struct inode *inode, struct buffer_head *bh) 
		reiserfs_free_jh(bh);

	}

	spin_unlock(&j->j_dirty_buffers_lock);

	unlock_buffer(bh);

	return ret;

}

fs/reiserfs/journal.c

+13 −0
Original line number Diff line number Diff line
@@ -877,6 +877,19 @@ static int write_ordered_buffers(spinlock_t * lock, 
		if (!buffer_uptodate(bh)) {

			ret = -EIO;

		}

		/* ugly interaction with invalidatepage here.

		 * reiserfs_invalidate_page will pin any buffer that has a valid

		 * journal head from an older transaction.  If someone else sets

		 * our buffer dirty after we write it in the first loop, and

		 * then someone truncates the page away, nobody will ever write

		 * the buffer. We're safe if we write the page one last time

		 * after freeing the journal header.

		 */

		if (buffer_dirty(bh) && unlikely(bh->b_page->mapping == NULL)) {

			spin_unlock(lock);

			ll_rw_block(WRITE, 1, &bh);

			spin_lock(lock);

		}

		put_bh(bh);

		cond_resched_lock(lock);

	}