mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2025-01-14 17:35:42 +00:00
c278531d39
BUG #1) All places where we call ext4_flush_completed_IO are broken because buffered io and DIO/AIO goes through three stages 1) submitted io, 2) completed io (in i_completed_io_list) conversion pended 3) finished io (conversion done) And by calling ext4_flush_completed_IO we will flush only requests which were in (2) stage, which is wrong because: 1) punch_hole and truncate _must_ wait for all outstanding unwritten io regardless to it's state. 2) fsync and nolock_dio_read should also wait because there is a time window between end_page_writeback() and ext4_add_complete_io() As result integrity fsync is broken in case of buffered write to fallocated region: fsync blkdev_completion ->filemap_write_and_wait_range ->ext4_end_bio ->end_page_writeback <-- filemap_write_and_wait_range return ->ext4_flush_completed_IO sees empty i_completed_io_list but pended conversion still exist ->ext4_add_complete_io BUG #2) Race window becomes wider due to the 'ext4: completed_io locking cleanup V4' patch series This patch make following changes: 1) ext4_flush_completed_io() now first try to flush completed io and when wait for any outstanding unwritten io via ext4_unwritten_wait() 2) Rename function to more appropriate name. 3) Assert that all callers of ext4_flush_unwritten_io should hold i_mutex to prevent endless wait Signed-off-by: Dmitry Monakhov <dmonakhov@openvz.org> Signed-off-by: "Theodore Ts'o" <tytso@mit.edu> Reviewed-by: Jan Kara <jack@suse.cz>
187 lines
5.2 KiB
C
187 lines
5.2 KiB
C
/*
|
|
* linux/fs/ext4/fsync.c
|
|
*
|
|
* Copyright (C) 1993 Stephen Tweedie (sct@redhat.com)
|
|
* from
|
|
* Copyright (C) 1992 Remy Card (card@masi.ibp.fr)
|
|
* Laboratoire MASI - Institut Blaise Pascal
|
|
* Universite Pierre et Marie Curie (Paris VI)
|
|
* from
|
|
* linux/fs/minix/truncate.c Copyright (C) 1991, 1992 Linus Torvalds
|
|
*
|
|
* ext4fs fsync primitive
|
|
*
|
|
* Big-endian to little-endian byte-swapping/bitmaps by
|
|
* David S. Miller (davem@caip.rutgers.edu), 1995
|
|
*
|
|
* Removed unnecessary code duplication for little endian machines
|
|
* and excessive __inline__s.
|
|
* Andi Kleen, 1997
|
|
*
|
|
* Major simplications and cleanup - we only need to do the metadata, because
|
|
* we can depend on generic_block_fdatasync() to sync the data blocks.
|
|
*/
|
|
|
|
#include <linux/time.h>
|
|
#include <linux/fs.h>
|
|
#include <linux/sched.h>
|
|
#include <linux/writeback.h>
|
|
#include <linux/jbd2.h>
|
|
#include <linux/blkdev.h>
|
|
|
|
#include "ext4.h"
|
|
#include "ext4_jbd2.h"
|
|
|
|
#include <trace/events/ext4.h>
|
|
|
|
/*
|
|
* If we're not journaling and this is a just-created file, we have to
|
|
* sync our parent directory (if it was freshly created) since
|
|
* otherwise it will only be written by writeback, leaving a huge
|
|
* window during which a crash may lose the file. This may apply for
|
|
* the parent directory's parent as well, and so on recursively, if
|
|
* they are also freshly created.
|
|
*/
|
|
static int ext4_sync_parent(struct inode *inode)
|
|
{
|
|
struct writeback_control wbc;
|
|
struct dentry *dentry = NULL;
|
|
struct inode *next;
|
|
int ret = 0;
|
|
|
|
if (!ext4_test_inode_state(inode, EXT4_STATE_NEWENTRY))
|
|
return 0;
|
|
inode = igrab(inode);
|
|
while (ext4_test_inode_state(inode, EXT4_STATE_NEWENTRY)) {
|
|
ext4_clear_inode_state(inode, EXT4_STATE_NEWENTRY);
|
|
dentry = d_find_any_alias(inode);
|
|
if (!dentry)
|
|
break;
|
|
next = igrab(dentry->d_parent->d_inode);
|
|
dput(dentry);
|
|
if (!next)
|
|
break;
|
|
iput(inode);
|
|
inode = next;
|
|
ret = sync_mapping_buffers(inode->i_mapping);
|
|
if (ret)
|
|
break;
|
|
memset(&wbc, 0, sizeof(wbc));
|
|
wbc.sync_mode = WB_SYNC_ALL;
|
|
wbc.nr_to_write = 0; /* only write out the inode */
|
|
ret = sync_inode(inode, &wbc);
|
|
if (ret)
|
|
break;
|
|
}
|
|
iput(inode);
|
|
return ret;
|
|
}
|
|
|
|
/**
|
|
* __sync_file - generic_file_fsync without the locking and filemap_write
|
|
* @inode: inode to sync
|
|
* @datasync: only sync essential metadata if true
|
|
*
|
|
* This is just generic_file_fsync without the locking. This is needed for
|
|
* nojournal mode to make sure this inodes data/metadata makes it to disk
|
|
* properly. The i_mutex should be held already.
|
|
*/
|
|
static int __sync_inode(struct inode *inode, int datasync)
|
|
{
|
|
int err;
|
|
int ret;
|
|
|
|
ret = sync_mapping_buffers(inode->i_mapping);
|
|
if (!(inode->i_state & I_DIRTY))
|
|
return ret;
|
|
if (datasync && !(inode->i_state & I_DIRTY_DATASYNC))
|
|
return ret;
|
|
|
|
err = sync_inode_metadata(inode, 1);
|
|
if (ret == 0)
|
|
ret = err;
|
|
return ret;
|
|
}
|
|
|
|
/*
|
|
* akpm: A new design for ext4_sync_file().
|
|
*
|
|
* This is only called from sys_fsync(), sys_fdatasync() and sys_msync().
|
|
* There cannot be a transaction open by this task.
|
|
* Another task could have dirtied this inode. Its data can be in any
|
|
* state in the journalling system.
|
|
*
|
|
* What we do is just kick off a commit and wait on it. This will snapshot the
|
|
* inode to disk.
|
|
*
|
|
* i_mutex lock is held when entering and exiting this function
|
|
*/
|
|
|
|
int ext4_sync_file(struct file *file, loff_t start, loff_t end, int datasync)
|
|
{
|
|
struct inode *inode = file->f_mapping->host;
|
|
struct ext4_inode_info *ei = EXT4_I(inode);
|
|
journal_t *journal = EXT4_SB(inode->i_sb)->s_journal;
|
|
int ret, err;
|
|
tid_t commit_tid;
|
|
bool needs_barrier = false;
|
|
|
|
J_ASSERT(ext4_journal_current_handle() == NULL);
|
|
|
|
trace_ext4_sync_file_enter(file, datasync);
|
|
|
|
ret = filemap_write_and_wait_range(inode->i_mapping, start, end);
|
|
if (ret)
|
|
return ret;
|
|
mutex_lock(&inode->i_mutex);
|
|
|
|
if (inode->i_sb->s_flags & MS_RDONLY)
|
|
goto out;
|
|
|
|
ret = ext4_flush_unwritten_io(inode);
|
|
if (ret < 0)
|
|
goto out;
|
|
|
|
if (!journal) {
|
|
ret = __sync_inode(inode, datasync);
|
|
if (!ret && !hlist_empty(&inode->i_dentry))
|
|
ret = ext4_sync_parent(inode);
|
|
goto out;
|
|
}
|
|
|
|
/*
|
|
* data=writeback,ordered:
|
|
* The caller's filemap_fdatawrite()/wait will sync the data.
|
|
* Metadata is in the journal, we wait for proper transaction to
|
|
* commit here.
|
|
*
|
|
* data=journal:
|
|
* filemap_fdatawrite won't do anything (the buffers are clean).
|
|
* ext4_force_commit will write the file data into the journal and
|
|
* will wait on that.
|
|
* filemap_fdatawait() will encounter a ton of newly-dirtied pages
|
|
* (they were dirtied by commit). But that's OK - the blocks are
|
|
* safe in-journal, which is all fsync() needs to ensure.
|
|
*/
|
|
if (ext4_should_journal_data(inode)) {
|
|
ret = ext4_force_commit(inode->i_sb);
|
|
goto out;
|
|
}
|
|
|
|
commit_tid = datasync ? ei->i_datasync_tid : ei->i_sync_tid;
|
|
if (journal->j_flags & JBD2_BARRIER &&
|
|
!jbd2_trans_will_send_data_barrier(journal, commit_tid))
|
|
needs_barrier = true;
|
|
jbd2_log_start_commit(journal, commit_tid);
|
|
ret = jbd2_log_wait_commit(journal, commit_tid);
|
|
if (needs_barrier) {
|
|
err = blkdev_issue_flush(inode->i_sb->s_bdev, GFP_KERNEL, NULL);
|
|
if (!ret)
|
|
ret = err;
|
|
}
|
|
out:
|
|
mutex_unlock(&inode->i_mutex);
|
|
trace_ext4_sync_file_exit(inode, ret);
|
|
return ret;
|
|
}
|