udf: Fix deadlock when converting file from in-ICB one to normal one
During BKL removal in 2.6.38, conversion of files from in-ICB format to normal format got broken. We call ->writepage with i_data_sem held but udf_get_block() also acquires i_data_sem thus creating A-A deadlock. We fix the problem by dropping i_data_sem before calling ->writepage() which is safe since i_mutex still protects us against any changes in the file. Also fix pagelock - i_data_sem lock inversion in udf_expand_file_adinicb() by dropping i_data_sem before calling find_or_create_page(). CC: stable@kernel.org Reported-by: Matthias Matiak <netzpython@mail-on.us> Tested-by: Matthias Matiak <netzpython@mail-on.us> Reviewed-by: Namjae Jeon <linkinjeon@gmail.com> Signed-off-by: Jan Kara <jack@suse.cz>
This commit is contained in:
parent
7b0b0933a3
commit
d2eb8c3593
|
@ -125,7 +125,6 @@ static ssize_t udf_file_aio_write(struct kiocb *iocb, const struct iovec *iov,
|
||||||
err = udf_expand_file_adinicb(inode);
|
err = udf_expand_file_adinicb(inode);
|
||||||
if (err) {
|
if (err) {
|
||||||
udf_debug("udf_expand_adinicb: err=%d\n", err);
|
udf_debug("udf_expand_adinicb: err=%d\n", err);
|
||||||
up_write(&iinfo->i_data_sem);
|
|
||||||
return err;
|
return err;
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
|
@ -133,9 +132,10 @@ static ssize_t udf_file_aio_write(struct kiocb *iocb, const struct iovec *iov,
|
||||||
iinfo->i_lenAlloc = pos + count;
|
iinfo->i_lenAlloc = pos + count;
|
||||||
else
|
else
|
||||||
iinfo->i_lenAlloc = inode->i_size;
|
iinfo->i_lenAlloc = inode->i_size;
|
||||||
|
up_write(&iinfo->i_data_sem);
|
||||||
}
|
}
|
||||||
}
|
} else
|
||||||
up_write(&iinfo->i_data_sem);
|
up_write(&iinfo->i_data_sem);
|
||||||
|
|
||||||
retval = generic_file_aio_write(iocb, iov, nr_segs, ppos);
|
retval = generic_file_aio_write(iocb, iov, nr_segs, ppos);
|
||||||
if (retval > 0)
|
if (retval > 0)
|
||||||
|
|
|
@ -150,6 +150,12 @@ const struct address_space_operations udf_aops = {
|
||||||
.bmap = udf_bmap,
|
.bmap = udf_bmap,
|
||||||
};
|
};
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Expand file stored in ICB to a normal one-block-file
|
||||||
|
*
|
||||||
|
* This function requires i_data_sem for writing and releases it.
|
||||||
|
* This function requires i_mutex held
|
||||||
|
*/
|
||||||
int udf_expand_file_adinicb(struct inode *inode)
|
int udf_expand_file_adinicb(struct inode *inode)
|
||||||
{
|
{
|
||||||
struct page *page;
|
struct page *page;
|
||||||
|
@ -168,9 +174,15 @@ int udf_expand_file_adinicb(struct inode *inode)
|
||||||
iinfo->i_alloc_type = ICBTAG_FLAG_AD_LONG;
|
iinfo->i_alloc_type = ICBTAG_FLAG_AD_LONG;
|
||||||
/* from now on we have normal address_space methods */
|
/* from now on we have normal address_space methods */
|
||||||
inode->i_data.a_ops = &udf_aops;
|
inode->i_data.a_ops = &udf_aops;
|
||||||
|
up_write(&iinfo->i_data_sem);
|
||||||
mark_inode_dirty(inode);
|
mark_inode_dirty(inode);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
/*
|
||||||
|
* Release i_data_sem so that we can lock a page - page lock ranks
|
||||||
|
* above i_data_sem. i_mutex still protects us against file changes.
|
||||||
|
*/
|
||||||
|
up_write(&iinfo->i_data_sem);
|
||||||
|
|
||||||
page = find_or_create_page(inode->i_mapping, 0, GFP_NOFS);
|
page = find_or_create_page(inode->i_mapping, 0, GFP_NOFS);
|
||||||
if (!page)
|
if (!page)
|
||||||
|
@ -186,6 +198,7 @@ int udf_expand_file_adinicb(struct inode *inode)
|
||||||
SetPageUptodate(page);
|
SetPageUptodate(page);
|
||||||
kunmap(page);
|
kunmap(page);
|
||||||
}
|
}
|
||||||
|
down_write(&iinfo->i_data_sem);
|
||||||
memset(iinfo->i_ext.i_data + iinfo->i_lenEAttr, 0x00,
|
memset(iinfo->i_ext.i_data + iinfo->i_lenEAttr, 0x00,
|
||||||
iinfo->i_lenAlloc);
|
iinfo->i_lenAlloc);
|
||||||
iinfo->i_lenAlloc = 0;
|
iinfo->i_lenAlloc = 0;
|
||||||
|
@ -195,17 +208,20 @@ int udf_expand_file_adinicb(struct inode *inode)
|
||||||
iinfo->i_alloc_type = ICBTAG_FLAG_AD_LONG;
|
iinfo->i_alloc_type = ICBTAG_FLAG_AD_LONG;
|
||||||
/* from now on we have normal address_space methods */
|
/* from now on we have normal address_space methods */
|
||||||
inode->i_data.a_ops = &udf_aops;
|
inode->i_data.a_ops = &udf_aops;
|
||||||
|
up_write(&iinfo->i_data_sem);
|
||||||
err = inode->i_data.a_ops->writepage(page, &udf_wbc);
|
err = inode->i_data.a_ops->writepage(page, &udf_wbc);
|
||||||
if (err) {
|
if (err) {
|
||||||
/* Restore everything back so that we don't lose data... */
|
/* Restore everything back so that we don't lose data... */
|
||||||
lock_page(page);
|
lock_page(page);
|
||||||
kaddr = kmap(page);
|
kaddr = kmap(page);
|
||||||
|
down_write(&iinfo->i_data_sem);
|
||||||
memcpy(iinfo->i_ext.i_data + iinfo->i_lenEAttr, kaddr,
|
memcpy(iinfo->i_ext.i_data + iinfo->i_lenEAttr, kaddr,
|
||||||
inode->i_size);
|
inode->i_size);
|
||||||
kunmap(page);
|
kunmap(page);
|
||||||
unlock_page(page);
|
unlock_page(page);
|
||||||
iinfo->i_alloc_type = ICBTAG_FLAG_AD_IN_ICB;
|
iinfo->i_alloc_type = ICBTAG_FLAG_AD_IN_ICB;
|
||||||
inode->i_data.a_ops = &udf_adinicb_aops;
|
inode->i_data.a_ops = &udf_adinicb_aops;
|
||||||
|
up_write(&iinfo->i_data_sem);
|
||||||
}
|
}
|
||||||
page_cache_release(page);
|
page_cache_release(page);
|
||||||
mark_inode_dirty(inode);
|
mark_inode_dirty(inode);
|
||||||
|
@ -1105,10 +1121,9 @@ int udf_setsize(struct inode *inode, loff_t newsize)
|
||||||
if (bsize <
|
if (bsize <
|
||||||
(udf_file_entry_alloc_offset(inode) + newsize)) {
|
(udf_file_entry_alloc_offset(inode) + newsize)) {
|
||||||
err = udf_expand_file_adinicb(inode);
|
err = udf_expand_file_adinicb(inode);
|
||||||
if (err) {
|
if (err)
|
||||||
up_write(&iinfo->i_data_sem);
|
|
||||||
return err;
|
return err;
|
||||||
}
|
down_write(&iinfo->i_data_sem);
|
||||||
} else
|
} else
|
||||||
iinfo->i_lenAlloc = newsize;
|
iinfo->i_lenAlloc = newsize;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue