From 6fb1ca92a6409a9d5b0696447cd4997bc9aaf5a2 Mon Sep 17 00:00:00 2001 From: Jan Kara Date: Tue, 9 Sep 2014 13:03:03 +0200 Subject: [PATCH] udf: Fix race between write(2) and close(2) Currently write(2) updating i_size and close(2) of the file can race in such a way that udf_truncate_tail_extent() called from udf_file_release() sees old i_size but already new extents added by the running write call. This results in complaints like: UDF-fs: warning (device vdb2): udf_truncate_tail_extent: Too long extent after EOF in inode 877: i_size: 0 lbcount: 1073739776 extent 0+1073739776 UDF-fs: error (device vdb2): udf_truncate_tail_extent: Extent after EOF in inode 877 Fix the problem by grabbing i_mutex in udf_file_release() to be sure i_size is consistent with current state of extent list. Also avoid truncating tail extent unnecessarily when the file is still open for writing. Signed-off-by: Jan Kara --- fs/udf/file.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/fs/udf/file.c b/fs/udf/file.c index 86c6743ec1fe..bb15771b92ae 100644 --- a/fs/udf/file.c +++ b/fs/udf/file.c @@ -223,11 +223,18 @@ out: static int udf_release_file(struct inode *inode, struct file *filp) { - if (filp->f_mode & FMODE_WRITE) { + if (filp->f_mode & FMODE_WRITE && + atomic_read(&inode->i_writecount) > 1) { + /* + * Grab i_mutex to avoid races with writes changing i_size + * while we are running. + */ + mutex_lock(&inode->i_mutex); down_write(&UDF_I(inode)->i_data_sem); udf_discard_prealloc(inode); udf_truncate_tail_extent(inode); up_write(&UDF_I(inode)->i_data_sem); + mutex_unlock(&inode->i_mutex); } return 0; } -- 2.34.1