1 From: Lachlan McIlroy <lachlan@sgi.com>
2 Subject: [XFS] Wait for all I/O on truncate to zero file size
6 It's possible to have outstanding xfs_ioend_t's queued when the file size
7 is zero. This can happen in the direct I/O path when a direct I/O write
8 fails due to ENOSPC. In this case the xfs_ioend_t will still be queued (ie
9 xfs_end_io_direct() does not know that the I/O failed so can't force the
10 xfs_ioend_t to be flushed synchronously).
12 When we truncate a file on unlink we don't know to wait for these
13 xfs_ioend_ts and we can have a use-after-free situation if the inode is
14 reclaimed before the xfs_ioend_t is finally processed.
16 As was suggested by Dave Chinner lets wait for all I/Os to complete when
17 truncating the file size to zero.
21 SGI-Modid: xfs-linux-melb:xfs-kern:32216a
23 Signed-off-by: Lachlan McIlroy <lachlan@sgi.com>
24 Signed-off-by: Christoph Hellwig <hch@infradead.org>
25 Acked-by: Jan Kara <jack@suse.cz>
27 Index: linux-2.6.27.5-2/fs/xfs/xfs_inode.c
28 ===================================================================
29 --- linux-2.6.27.5-2.orig/fs/xfs/xfs_inode.c 2008-12-03 11:58:00.992733026 +1100
30 +++ linux-2.6.27.5-2/fs/xfs/xfs_inode.c 2008-12-03 11:59:17.542975042 +1100
31 @@ -1414,7 +1414,7 @@ xfs_itruncate_start(
34 /* wait for the completion of any pending DIOs */
35 - if (new_size < ip->i_size)
36 + if (new_size == 0 || new_size < ip->i_size)