udf: Fix race between write(2) and close(2)

Currently write(2) updating i_size and close(2) of the file can race in
such a way that udf_truncate_tail_extent() called from
udf_file_release() sees old i_size but already new extents added by the
running write call. This results in complaints like:
  UDF-fs: warning (device vdb2): udf_truncate_tail_extent: Too long extent
    after EOF in inode 877: i_size: 0 lbcount: 1073739776 extent 0+1073739776
  UDF-fs: error (device vdb2): udf_truncate_tail_extent: Extent after EOF
    in inode 877

Fix the problem by grabbing i_mutex in udf_file_release() to be sure
i_size is consistent with current state of extent list. Also avoid
truncating tail extent unnecessarily when the file is still open for
writing.

Signed-off-by: Jan Kara <jack@suse.cz>
This commit is contained in:
Jan Kara 2014-09-09 13:03:03 +02:00
parent 0b93a92be4
commit 6fb1ca92a6

View file

@ -223,11 +223,18 @@ long udf_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
static int udf_release_file(struct inode *inode, struct file *filp)
{
if (filp->f_mode & FMODE_WRITE) {
if (filp->f_mode & FMODE_WRITE &&
atomic_read(&inode->i_writecount) > 1) {
/*
* Grab i_mutex to avoid races with writes changing i_size
* while we are running.
*/
mutex_lock(&inode->i_mutex);
down_write(&UDF_I(inode)->i_data_sem);
udf_discard_prealloc(inode);
udf_truncate_tail_extent(inode);
up_write(&UDF_I(inode)->i_data_sem);
mutex_unlock(&inode->i_mutex);
}
return 0;
}