exfat: serialize truncate against in-flight DIO

exfat_setattr() did not call inode_dio_wait() before performing a size
change, leaving a window where a concurrent in-flight DIO write could be
operating on clusters that the truncate is about to free.

Add inode_dio_wait() before the truncate_setsize()/exfat_truncate()
sequence so that any in-flight DIO completes before cluster freeing
begins.

Signed-off-by: Namjae Jeon <linkinjeon@kernel.org>

diff --git a/fs/exfat/file.c b/fs/exfat/file.c
index c5ff2a97a465804f2669b1ceffdecfe63a23e1ca..5fc13378d35f720064e75b0596599399681cf802 100644 (file)
--- a/fs/exfat/file.c
+++ b/fs/exfat/file.c
@@ -406,6 +406,12 @@ int exfat_setattr(struct mnt_idmap *idmap, struct dentry *dentry,
        exfat_truncate_inode_atime(inode);
 
        if (attr->ia_valid & ATTR_SIZE) {
+               /*
+                * Wait for any in-flight DIO to finish before truncating to
+                * prevent a concurrent DIO from writing to clusters that are
+                * about to be freed.
+                */
+               inode_dio_wait(inode);
                down_write(&EXFAT_I(inode)->truncate_lock);
                truncate_setsize(inode, attr->ia_size);