On 07/27, Chao Yu wrote:
> Thread A Background GC
> - f2fs_setattr isize to 0
> - truncate_setsize
> - gc_data_segment
> - f2fs_get_read_data_page page #0
> - set_page_dirty
> - set_cold_data
> - f2fs_truncate
>
> - f2fs_setattr isize to 4k
> - read 4k <--- hit data in cached page #0
>
> Above race condition can cause read out invalid data in a truncated
> page, fix it by i_gc_rwsem[WRITE] lock.
We can truncate pages again after f2fs_truncate()?
>
> Signed-off-by: Chao Yu <yuch...@huawei.com>
> ---
> fs/f2fs/data.c | 4 ++++
> fs/f2fs/file.c | 33 +++++++++++++++++++--------------
> 2 files changed, 23 insertions(+), 14 deletions(-)
>
> diff --git a/fs/f2fs/data.c b/fs/f2fs/data.c
> index 071224ded5f4..a29f3162b887 100644
> --- a/fs/f2fs/data.c
> +++ b/fs/f2fs/data.c
> @@ -2214,10 +2214,14 @@ static void f2fs_write_failed(struct address_space
> *mapping, loff_t to)
> loff_t i_size = i_size_read(inode);
>
> if (to > i_size) {
> + down_write(&F2FS_I(inode)->i_gc_rwsem[WRITE]);
> down_write(&F2FS_I(inode)->i_mmap_sem);
> +
> truncate_pagecache(inode, i_size);
> f2fs_truncate_blocks(inode, i_size, true);
> +
> up_write(&F2FS_I(inode)->i_mmap_sem);
> + up_write(&F2FS_I(inode)->i_gc_rwsem[WRITE]);
> }
> }
>
> diff --git a/fs/f2fs/file.c b/fs/f2fs/file.c
> index 7bd2412a8c37..ed5c9b0e0d0c 100644
> --- a/fs/f2fs/file.c
> +++ b/fs/f2fs/file.c
> @@ -796,22 +796,25 @@ int f2fs_setattr(struct dentry *dentry, struct iattr
> *attr)
> }
>
> if (attr->ia_valid & ATTR_SIZE) {
> - if (attr->ia_size <= i_size_read(inode)) {
> - down_write(&F2FS_I(inode)->i_mmap_sem);
> - truncate_setsize(inode, attr->ia_size);
> + bool to_smaller = (attr->ia_size <= i_size_read(inode));
> +
> + down_write(&F2FS_I(inode)->i_gc_rwsem[WRITE]);
> + down_write(&F2FS_I(inode)->i_mmap_sem);
> +
> + truncate_setsize(inode, attr->ia_size);
> +
> + if (to_smaller)
> err = f2fs_truncate(inode);
> - up_write(&F2FS_I(inode)->i_mmap_sem);
> - if (err)
> - return err;
> - } else {
> - /*
> - * do not trim all blocks after i_size if target size is
> - * larger than i_size.
> - */
> - down_write(&F2FS_I(inode)->i_mmap_sem);
> - truncate_setsize(inode, attr->ia_size);
> - up_write(&F2FS_I(inode)->i_mmap_sem);
> + /*
> + * do not trim all blocks after i_size if target size is
> + * larger than i_size.
> + */
> + up_write(&F2FS_I(inode)->i_mmap_sem);
> + up_write(&F2FS_I(inode)->i_gc_rwsem[WRITE]);
> + if (err)
> + return err;
>
> + if (!to_smaller) {
> /* should convert inline inode here */
> if (!f2fs_may_inline_data(inode)) {
> err = f2fs_convert_inline_inode(inode);
> @@ -958,6 +961,7 @@ static int punch_hole(struct inode *inode, loff_t offset,
> loff_t len)
>
> blk_start = (loff_t)pg_start << PAGE_SHIFT;
> blk_end = (loff_t)pg_end << PAGE_SHIFT;
> + down_write(&F2FS_I(inode)->i_gc_rwsem[WRITE]);
> down_write(&F2FS_I(inode)->i_mmap_sem);
> truncate_inode_pages_range(mapping, blk_start,
> blk_end - 1);
> @@ -966,6 +970,7 @@ static int punch_hole(struct inode *inode, loff_t offset,
> loff_t len)
> ret = f2fs_truncate_hole(inode, pg_start, pg_end);
> f2fs_unlock_op(sbi);
> up_write(&F2FS_I(inode)->i_mmap_sem);
> + up_write(&F2FS_I(inode)->i_gc_rwsem[WRITE]);
> }
> }
>
> --
> 2.18.0.rc1
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Linux-f2fs-devel mailing list
Linux-f2fs-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/linux-f2fs-devel
