Skip to content

Commit

Permalink
[XFS] Wait for all I/O on truncate to zero file size
Browse files Browse the repository at this point in the history 
It's possible to have outstanding xfs_ioend_t's queued when the file size
is zero. This can happen in the direct I/O path when a direct I/O write
fails due to ENOSPC. In this case the xfs_ioend_t will still be queued (ie
xfs_end_io_direct() does not know that the I/O failed so can't force the
xfs_ioend_t to be flushed synchronously).

When we truncate a file on unlink we don't know to wait for these
xfs_ioend_ts and we can have a use-after-free situation if the inode is
reclaimed before the xfs_ioend_t is finally processed.

As was suggested by Dave Chinner lets wait for all I/Os to complete when
truncating the file size to zero.

SGI-PV: 981668

SGI-Modid: xfs-linux-melb:xfs-kern:32216a

Signed-off-by: Lachlan McIlroy <lachlan@sgi.com>
Signed-off-by: Christoph Hellwig <hch@infradead.org>
  • Loading branch information
Lachlan McIlroy authored and Lachlan McIlroy committed Nov 10, 2008
1 parent 9ccbece commit 2cf7f0d
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion fs/xfs/xfs_inode.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1414,7 +1414,7 @@ xfs_itruncate_start(
mp = ip->i_mount;

/* wait for the completion of any pending DIOs */
if (new_size < ip->i_size)
if (new_size == 0 || new_size < ip->i_size)
vn_iowait(ip);

/*
Expand Down

0 comments on commit 2cf7f0d

Please sign in to comment.