[PATCH] resierfs: fix reiserfs_invalidatepage race against data=ordered
After a transaction has closed but before it has finished commit, there is
a window where data=ordered mode requires invalidatepage to pin pages
instead of freeing them. This patch fixes a race between the
invalidatepage checks and data=ordered writeback, and it also adds a check
to the reiserfs write_ordered_buffers routines to write any anonymous
buffers that were dirtied after its first writeback loop.
That bug works like this:
proc1: transaction closes and a new one starts
proc1: write_ordered_buffers starts processing data=ordered list
proc1: buffer A is cleaned and written
proc2: buffer A is dirtied by another process
proc2: File is truncated to zero, page A goes through invalidatepage
proc2: reiserfs_invalidatepage sees dirty buffer A with reiserfs
journal head, pins it
proc1: write_ordered_buffers frees the journal head on buffer A
At this point, buffer A stays dirty forever
Signed-off-by: Chris Mason <mason@suse.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
diff --git a/fs/reiserfs/inode.c b/fs/reiserfs/inode.c
index ffa34b8..60e2f23 100644
--- a/fs/reiserfs/inode.c
+++ b/fs/reiserfs/inode.c
@@ -2743,6 +2743,7 @@
int ret = 1;
struct reiserfs_journal *j = SB_JOURNAL(inode->i_sb);
+ lock_buffer(bh);
spin_lock(&j->j_dirty_buffers_lock);
if (!buffer_mapped(bh)) {
goto free_jh;
@@ -2758,7 +2759,7 @@
if (buffer_journaled(bh) || buffer_journal_dirty(bh)) {
ret = 0;
}
- } else if (buffer_dirty(bh) || buffer_locked(bh)) {
+ } else if (buffer_dirty(bh)) {
struct reiserfs_journal_list *jl;
struct reiserfs_jh *jh = bh->b_private;
@@ -2784,6 +2785,7 @@
reiserfs_free_jh(bh);
}
spin_unlock(&j->j_dirty_buffers_lock);
+ unlock_buffer(bh);
return ret;
}