linux/fs
Aneesh Kumar K.V c364b22c95 ext4: Fix mmap/truncate race when blocksize < pagesize && delayed allocation
It is possible to see buffer_heads which are not mapped in the
writepage callback in the following scneario (where the fs blocksize
is 1k and the page size is 4k):

1) truncate(f, 1024)
2) mmap(f, 0, 4096)
3) a[0] = 'a'
4) truncate(f, 4096)
5) writepage(...)

Now if we get a writepage callback immediately after (4) and before an
attempt to write at any other offset via mmap address (which implies we
are yet to get a pagefault and do a get_block) what we would have is the
page which is dirty have first block allocated and the other three
buffer_heads unmapped.

In the above case the writepage should go ahead and try to write the
first blocks and clear the page_dirty flag. Further attempts to write
to the page will again create a fault and result in allocating blocks
and marking page dirty.  If we don't write any other offset via mmap
address we would still have written the first block to the disk and
rest of the space will be considered as a hole.

So to address this, we change all of the places where we look for
delayed, unmapped, or unwritten buffer heads, and only check for
delayed or unwritten buffer heads instead.

Signed-off-by: Aneesh Kumar K.V <aneesh.kumar@linux.vnet.ibm.com>
Acked-by: Jan Kara <jack@suse.cz>
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
2009-06-14 17:57:10 -04:00
..
9p 9P doesn't need BKL in ->umount_begin() 2009-06-17 00:36:36 -04:00
adfs Cleanup of adfs headers 2009-06-17 00:36:36 -04:00
affs affs: add ->sync_fs 2009-06-11 21:36:14 -04:00
afs AFS: Fix lock imbalance 2009-06-30 13:30:44 -07:00
autofs switch follow_down() 2009-06-11 21:36:01 -04:00
autofs4 switch follow_down() 2009-06-11 21:36:01 -04:00
befs Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6 2009-06-17 08:46:57 -07:00
bfs bfs: add ->sync_fs 2009-06-11 21:36:14 -04:00
btrfs Merge git://git.kernel.org/pub/scm/linux/kernel/git/mason/btrfs-unstable 2009-07-02 16:52:38 -07:00
cachefiles enforce ->sync_fs is only called for rw superblock 2009-06-11 21:36:06 -04:00
cifs cifs: fix fh_mutex locking in cifs_reopen_file 2009-06-27 23:46:43 +00:00
coda splice: implement default splice_read method 2009-05-11 14:13:10 +02:00
configfs configfs: Rework configfs_depend_item() locking and make lockdep happy 2009-04-30 10:48:26 -07:00
cramfs fs/cramfs: return f_fsid for statfs(2) 2009-04-02 19:05:08 -07:00
debugfs debugfs: use specified mode to possibly mark files read/write only 2009-06-15 21:30:28 -07:00
devpts devpts: remove module-related code 2009-06-24 08:15:24 -04:00
dlm dlm: use more NOFS allocation 2009-05-15 11:24:59 -05:00
ecryptfs push BKL down into ->put_super 2009-06-11 21:36:07 -04:00
efs get rid of BKL in fs/efs 2009-06-17 00:36:36 -04:00
exofs [SCSI] Merge branch 'linus' 2009-06-12 10:02:03 -05:00
exportfs
ext2 ext2: return -EIO not -ESTALE on directory traversal through deleted inode 2009-06-30 18:56:00 -07:00
ext3 helpers for acl caching + switch to those 2009-06-24 08:17:07 -04:00
ext4 ext4: Fix mmap/truncate race when blocksize < pagesize && delayed allocation 2009-06-14 17:57:10 -04:00
fat fat: Fix the removal of opts->fs_dmask 2009-06-20 21:50:47 +09:00
freevxfs push BKL down into ->put_super 2009-06-11 21:36:07 -04:00
fscache FS-Cache: Fixup renamed filenames in comments in internal.h 2009-05-27 10:20:13 -07:00
fuse fuse: invalidation reverse calls 2009-06-30 20:12:24 +02:00
gfs2 block: rename CONFIG_LBD to CONFIG_LBDAF 2009-06-19 08:08:50 +02:00
hfs hfs: add ->sync_fs 2009-06-11 21:36:15 -04:00
hfsplus hfsplus: add ->sync_fs 2009-06-11 21:36:16 -04:00
hostfs hostfs: set maximum filesize in superblock for proper LFS support 2009-06-30 18:56:03 -07:00
hpfs Push BKL down into ->remount_fs() 2009-06-11 21:36:11 -04:00
hppfs hppfs: hppfs_read_file() may return -ERROR 2009-04-02 19:04:53 -07:00
hugetlbfs Merge branch 'master' into next 2009-05-22 18:40:59 +10:00
isofs isofs: cleanup mount option processing 2009-06-18 13:03:45 -07:00
jbd jbd: clean up journal_try_to_free_buffers() 2009-06-18 13:03:45 -07:00
jbd2 jbd2: Fix a race between checkpointing code and journal_get_write_access() 2009-07-13 16:16:20 -04:00
jffs2 Merge git://git.infradead.org/mtd-2.6 2009-07-01 11:25:46 -07:00
jfs another race fix in jfs_check_acl() 2009-06-24 17:02:42 -04:00
lockd Merge branch 'for-2.6.31' of git://fieldses.org/git/linux-nfsd 2009-06-22 12:55:50 -07:00
minix Making fs/minix/minix.h double including safe 2009-06-22 11:34:42 -07:00
ncpfs NLS: update handling of Unicode 2009-06-15 21:44:43 -07:00
nfs NFS: Correct the NFS mount path when following a referral 2009-06-22 21:28:25 -07:00
nfs_common
nfsd NFSD: Don't hold unrefcounted creds over call to nfsd_setuser() 2009-07-03 10:21:10 -04:00
nilfs2 switch nilfs2 to inode->i_acl 2009-06-24 08:17:05 -04:00
nls NLS: update handling of Unicode 2009-06-15 21:44:43 -07:00
notify fs/notify/inotify: decrement user inotify count on close 2009-07-02 08:23:00 -04:00
ntfs ntfs: use is_power_of_2() function for clarity. 2009-06-16 19:47:48 -07:00
ocfs2 Merge branch 'upstream-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jlbec/ocfs2 2009-06-23 19:36:02 -07:00
omfs switch omfs to simple_fsync() 2009-06-11 21:36:13 -04:00
openpromfs
partitions Merge branch 'for-2.6.31' of git://git.kernel.org/pub/scm/linux/kernel/git/bart/ide-2.6 2009-06-12 09:29:42 -07:00
proc proc: vmcore - use kzalloc in get_new_element() 2009-06-18 13:03:41 -07:00
qnx4 fs/qnx4: sanitize includes 2009-06-11 21:36:12 -04:00
quota quota: cleanup dquota sync functions (version 4) 2009-06-11 21:36:04 -04:00
ramfs ramfs: ignore unknown mount options 2009-06-14 17:58:25 -07:00
reiserfs helpers for acl caching + switch to those 2009-06-24 08:17:07 -04:00
romfs ROMFS: romfs_dev_read() error ignored 2009-05-09 10:49:41 -04:00
smbfs push BKL down into ->put_super 2009-06-11 21:36:07 -04:00
squashfs push BKL down into ->put_super 2009-06-11 21:36:07 -04:00
sysfs Sysfs: fix possible memleak in sysfs_follow_link 2009-06-15 21:30:23 -07:00
sysv get rid of BKL in fs/sysv 2009-06-17 00:36:37 -04:00
ubifs helpers for acl caching + switch to those 2009-06-24 08:17:07 -04:00
udf udf: remove redundant tests on unsigned 2009-06-24 13:48:28 +02:00
ufs ufs: sector_t cannot be negative 2009-06-18 13:03:46 -07:00
xfs switch xfs to generic acl caching helpers 2009-06-24 08:17:07 -04:00
aio.c eventfd: revised interface and cleanups 2009-06-30 18:55:58 -07:00
anon_inodes.c fs: Provide empty .set_page_dirty() aop for anon inodes 2009-06-18 14:46:10 +02:00
attr.c vfs: Use lowercase names of quota functions 2009-03-26 02:18:35 +01:00
bad_inode.c
binfmt_aout.c
binfmt_elf_fdpic.c elf_core_dump: use rcu_read_lock() to access ->real_parent 2009-06-18 13:03:52 -07:00
binfmt_elf.c elf: fix one check-after-use 2009-07-01 11:14:28 -07:00
binfmt_em86.c
binfmt_flat.c flat: fix data sections alignment 2009-05-29 08:40:02 -07:00
binfmt_misc.c
binfmt_script.c
binfmt_som.c Don't crap into descriptor table in binfmt_som 2009-03-31 23:00:28 -04:00
bio-integrity.c block: Create bip slabs with embedded integrity vectors 2009-07-01 10:56:25 +02:00
bio.c block: Create bip slabs with embedded integrity vectors 2009-07-01 10:56:25 +02:00
block_dev.c vfs: Rename fsync_super() to sync_filesystem() (version 4) 2009-06-11 21:36:04 -04:00
buffer.c Merge branch 'for-2.6.31' of git://git.kernel.dk/linux-2.6-block 2009-06-11 11:10:35 -07:00
char_dev.c fs: Remove i_cindex from struct inode 2009-06-11 21:36:09 -04:00
compat_binfmt_elf.c
compat_ioctl.c fs: Add new pre-allocation ioctls to vfs for compatibility with legacy xfs ioctls 2009-06-24 08:15:27 -04:00
compat.c trivial: fix comment typo in fs/compat.c 2009-06-12 18:01:44 +02:00
dcache.c dcache: extrace and use d_unlinked() 2009-06-11 21:36:06 -04:00
dcookies.c [CVE-2009-0029] System call wrapper special cases 2009-01-14 14:15:18 +01:00
direct-io.c block: Do away with the notion of hardsect_size 2009-05-22 23:22:54 +02:00
drop_caches.c mm: remove __invalidate_mapping_pages variant 2009-06-16 19:47:43 -07:00
eventfd.c eventfd: revised interface and cleanups 2009-06-30 18:55:58 -07:00
eventpoll.c epoll: fix nested calls support 2009-06-18 13:03:41 -07:00
exec.c Merge branch 'perfcounters-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/linux-2.6-tip 2009-06-11 14:01:07 -07:00
fcntl.c send_sigio_to_task: sanitize the usage of fown->signum 2009-06-16 15:36:17 -07:00
fifo.c
file_table.c fs: move mark_files_ro into file_table.c 2009-06-11 21:36:02 -04:00
file.c
filesystems.c fs: Mark get_filesystem_list() as __init function. 2009-04-20 23:02:52 -04:00
fs_struct.c Get rid of indirect include of fs_struct.h 2009-03-31 23:00:27 -04:00
fs-writeback.c cleanup __writeback_single_inode 2009-06-24 08:15:26 -04:00
generic_acl.c New helper - current_umask() 2009-03-31 23:00:26 -04:00
inode.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs-2.6 2009-06-24 10:03:12 -07:00
internal.h Trim a bit of crap from fs.h 2009-06-11 21:36:07 -04:00
ioctl.c fs: Add new pre-allocation ioctls to vfs for compatibility with legacy xfs ioctls 2009-06-24 08:15:27 -04:00
ioprio.c [CVE-2009-0029] System call wrappers part 28 2009-01-14 14:15:30 +01:00
Kconfig Merge branch 'for-2.6.31' of git://fieldses.org/git/linux-nfsd 2009-06-22 12:55:50 -07:00
Kconfig.binfmt CORE_DUMP_DEFAULT_ELF_HEADERS depends on ELF_CORE 2009-01-09 16:54:41 -08:00
libfs.c New helper - simple_fsync() 2009-06-11 21:36:11 -04:00
locks.c lockd: call locks_release_private to cleanup per-filesystem state 2009-04-24 16:36:03 -04:00
Makefile nilfs2: update makefile and Kconfig 2009-04-07 08:31:16 -07:00
mbcache.c
mpage.c ext4: Properly initialize the buffer_head state 2009-05-13 15:13:42 -04:00
namei.c integrity: add ima_counts_put (updated) 2009-06-29 08:59:10 +10:00
namespace.c ... and the same for vfsmount id/mount group id 2009-06-24 08:15:26 -04:00
nfsctl.c [CVE-2009-0029] System call wrappers part 27 2009-01-14 14:15:29 +01:00
no-block.c
open.c fs: Add new pre-allocation ioctls to vfs for compatibility with legacy xfs ioctls 2009-06-24 08:15:27 -04:00
pipe.c splice: implement default splice_read method 2009-05-11 14:13:10 +02:00
pnode.c
pnode.h
posix_acl.c
read_write.c splice: implement default splice_read method 2009-05-11 14:13:10 +02:00
read_write.h
readdir.c [CVE-2009-0029] System call wrappers part 32 2009-01-14 14:15:31 +01:00
select.c poll: avoid extra wakeups in select/poll 2009-06-16 19:47:48 -07:00
seq_file.c seq_file: add function to write binary data 2009-06-18 13:03:57 -07:00
signalfd.c [CVE-2009-0029] System call wrappers part 31 2009-01-14 14:15:31 +01:00
splice.c splice: fix kmaps in default_file_splice_write() 2009-05-19 11:37:46 +02:00
stack.c
stat.c kill vfs_stat_fd / vfs_lstat_fd 2009-04-20 23:02:52 -04:00
super.c ... and the same for vfsmount id/mount group id 2009-06-24 08:15:26 -04:00
sync.c remove the call to ->write_super in __sync_filesystem 2009-06-11 21:36:17 -04:00
timerfd.c timerfd: add flags check 2009-02-18 15:37:53 -08:00
utimes.c [CVE-2009-0029] System call wrappers part 30 2009-01-14 14:15:30 +01:00
xattr_acl.c
xattr.c fs: introduce mnt_clone_write 2009-06-11 21:36:02 -04:00