| Message ID | 1405459757-8335-1-git-send-email-kamal@canonical.com |
|---|---|
| State | New |
| Headers | show |
diff --git a/fs/reiserfs/inode.c b/fs/reiserfs/inode.c index ad62bdb..1e4cf9d 100644 --- a/fs/reiserfs/inode.c +++ b/fs/reiserfs/inode.c @@ -3220,8 +3220,14 @@ int reiserfs_setattr(struct dentry *dentry, struct iattr *attr) attr->ia_size != i_size_read(inode)) { error = inode_newsize_ok(inode, attr->ia_size); if (!error) { + /* + * Could race against reiserfs_file_release + * if called from NFS, so take tailpack mutex. + */ + mutex_lock(&REISERFS_I(inode)->tailpack); truncate_setsize(inode, attr->ia_size); - reiserfs_vfs_truncate_file(inode); + reiserfs_truncate_file(inode, 1); + mutex_unlock(&REISERFS_I(inode)->tailpack); } }
This is a note to let you know that I have just added a patch titled reiserfs: call truncate_setsize under tailpack mutex to the linux-3.13.y-queue branch of the 3.13.y.z extended stable tree which can be found at: http://kernel.ubuntu.com/git?p=ubuntu/linux.git;a=shortlog;h=refs/heads/linux-3.13.y-queue This patch is scheduled to be released in version 3.13.11.5. If you, or anyone else, feels it should not be added to this tree, please reply to this email. For more information about the 3.13.y.z tree, see https://wiki.ubuntu.com/Kernel/Dev/ExtendedStable Thanks. -Kamal ------ From 3c7e766b907add8a940349c063d2afc50f382861 Mon Sep 17 00:00:00 2001 From: Jeff Mahoney <jeffm@suse.com> Date: Wed, 21 May 2014 13:28:07 -0400 Subject: reiserfs: call truncate_setsize under tailpack mutex commit 22e7478ddbcb670e33fab72d0bbe7c394c3a2c84 upstream. Prior to commit 0e4f6a791b1e (Fix reiserfs_file_release()), reiserfs truncates serialized on i_mutex. They mostly still do, with the exception of reiserfs_file_release. That blocks out other writers via the tailpack mutex and the inode openers counter adjusted in reiserfs_file_open. However, NFS will call reiserfs_setattr without having called ->open, so we end up with a race when nfs is calling ->setattr while another process is releasing the file. Ultimately, it triggers the BUG_ON(inode->i_size != new_file_size) check in maybe_indirect_to_direct. The solution is to pull the lock into reiserfs_setattr to encompass the truncate_setsize call as well. Signed-off-by: Jeff Mahoney <jeffm@suse.com> Signed-off-by: Jan Kara <jack@suse.cz> Signed-off-by: Kamal Mostafa <kamal@canonical.com> --- fs/reiserfs/inode.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) -- 1.9.1