diff options
| author | Dmitry Monakhov <dmonakhov@openvz.org> | 2012-09-30 23:03:42 -0400 |
|---|---|---|
| committer | Theodore Ts'o <tytso@mit.edu> | 2012-09-30 23:03:42 -0400 |
| commit | 02d262dffcf4c74e5c4612ee736bdb94f18ed5b9 (patch) | |
| tree | 1afa479ec99369e739f789ff020df4fba9a4aab8 /Documentation/kmemcheck.txt | |
| parent | 1f555cfa29e8f787d675e8390f88ce517a37271a (diff) | |
ext4: punch_hole should wait for DIO writers
punch_hole is the place where we have to wait for all existing writers
(writeback, aio, dio), but currently we simply flush pended end_io request
which is not sufficient. Other issue is that punch_hole performed w/o i_mutex
held which obviously result in dangerous data corruption due to
write-after-free.
This patch performs following changes:
- Guard punch_hole with i_mutex
- Recheck inode flags under i_mutex
- Block all new dio readers in order to prevent information leak caused by
read-after-free pattern.
- punch_hole now wait for all writers in flight
NOTE: XXX write-after-free race is still possible because new dirty pages
may appear due to mmap(), and currently there is no easy way to stop
writeback while punch_hole is in progress.
[ Fixed error return from ext4_ext_punch_hole() to make sure that we
release i_mutex before returning EPERM or ETXTBUSY -- Ted ]
Signed-off-by: Dmitry Monakhov <dmonakhov@openvz.org>
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
Diffstat (limited to 'Documentation/kmemcheck.txt')
0 files changed, 0 insertions, 0 deletions