From: Lachlan McIlroy <lachlan@sgi.com>
Date: Thu, 30 Oct 2008 05:59:06 +0000 (+1100)
Subject: [XFS] Wait for all I/O on truncate to zero file size
X-Git-Tag: v2.6.29-rc1~552^2~81^2~66
X-Git-Url: https://git.karo-electronics.de/?a=commitdiff_plain;h=d112f2984592acb774187b3adddc107fb0825500;p=karo-tx-linux.git

[XFS] Wait for all I/O on truncate to zero file size

It's possible to have outstanding xfs_ioend_t's queued when the file size
is zero. This can happen in the direct I/O path when a direct I/O write
fails due to ENOSPC. In this case the xfs_ioend_t will still be queued (ie
xfs_end_io_direct() does not know that the I/O failed so can't force the
xfs_ioend_t to be flushed synchronously).

When we truncate a file on unlink we don't know to wait for these
xfs_ioend_ts and we can have a use-after-free situation if the inode is
reclaimed before the xfs_ioend_t is finally processed.

As was suggested by Dave Chinner lets wait for all I/Os to complete when
truncating the file size to zero.

SGI-PV: 981668

SGI-Modid: xfs-linux-melb:xfs-kern:32216a

Signed-off-by: Lachlan McIlroy <lachlan@sgi.com>
Signed-off-by: Christoph Hellwig <hch@infradead.org>
---

diff --git a/fs/xfs/xfs_inode.c b/fs/xfs/xfs_inode.c
index cc0474ddd2d4..2b1294b8ad79 100644
--- a/fs/xfs/xfs_inode.c
+++ b/fs/xfs/xfs_inode.c
@@ -1450,7 +1450,7 @@ xfs_itruncate_start(
 	mp = ip->i_mount;
 
 	/* wait for the completion of any pending DIOs */
-	if (new_size < ip->i_size)
+	if (new_size == 0 || new_size < ip->i_size)
 		vn_iowait(ip);
 
 	/*