linux/fs/ubifs
hujianyang 691a7c6f28 UBIFS: fix an mmap and fsync race condition
There is a race condition in UBIFS:

Thread A (mmap)                        Thread B (fsync)

->__do_fault                           ->write_cache_pages
   -> ubifs_vm_page_mkwrite
       -> budget_space
       -> lock_page
       -> release/convert_page_budget
       -> SetPagePrivate
       -> TestSetPageDirty
       -> unlock_page
                                       -> lock_page
                                           -> TestClearPageDirty
                                           -> ubifs_writepage
                                               -> do_writepage
                                                   -> release_budget
                                                   -> ClearPagePrivate
                                                   -> unlock_page
   -> !(ret & VM_FAULT_LOCKED)
   -> lock_page
   -> set_page_dirty
       -> ubifs_set_page_dirty
           -> TestSetPageDirty (set page dirty without budgeting)
   -> unlock_page

This leads to situation where we have a diry page but no budget allocated for
this page, so further write-back may fail with -ENOSPC.

In this fix we return from page_mkwrite without performing unlock_page. We
return VM_FAULT_LOCKED instead. After doing this, the race above will not
happen.

Signed-off-by: hujianyang <hujianyang@huawei.com>
Tested-by: Laurence Withers <lwithers@guralp.com>
Cc: stable@vger.kernel.org
Signed-off-by: Artem Bityutskiy <artem.bityutskiy@linux.intel.com>
2014-05-13 13:45:15 +03:00
..
budget.c No big changes for 3.7 in UBIFS: 2012-10-02 20:47:48 -07:00
commit.c UBIFS: print less 2012-08-31 17:32:58 +03:00
compress.c UBIFS: comply with coding style 2012-08-31 17:32:57 +03:00
debug.c fs/ubifs: use rbtree postorder iteration helper instead of opencoding 2014-01-23 16:37:03 -08:00
debug.h UBIFS: print less 2012-08-31 17:32:58 +03:00
dir.c ubifs: switch to %pd 2013-10-24 23:34:51 -04:00
file.c UBIFS: fix an mmap and fsync race condition 2014-05-13 13:45:15 +03:00
find.c UBIFS: fix mounting problems after power cuts 2012-10-26 16:26:44 +03:00
gc.c UBIFS: remove unnecessary code in ubifs_garbage_collect 2013-10-22 13:34:27 +01:00
io.c UBI: Kill data type hint 2012-05-20 20:25:59 +03:00
ioctl.c new helper: file_inode(file) 2013-02-22 23:31:31 -05:00
journal.c ubifs: switch to %pd 2013-10-24 23:34:51 -04:00
Kconfig UBIFS: remove Kconfig debugging option 2012-05-16 19:53:46 +03:00
key.h
log.c fs/ubifs: use rbtree postorder iteration helper instead of opencoding 2014-01-23 16:37:03 -08:00
lprops.c UBIFS: introduce categorized lprops counter 2012-10-26 16:00:26 +03:00
lpt_commit.c UBIFS: rename random32() to prandom_u32() 2013-01-15 15:45:27 +02:00
lpt.c UBIFS: print less 2012-08-31 17:32:58 +03:00
Makefile UBIFS: remove Kconfig debugging option 2012-05-16 19:53:46 +03:00
master.c UBI: Kill data type hint 2012-05-20 20:25:59 +03:00
misc.h UBIFS: introduce more I/O helpers 2011-07-04 10:54:33 +03:00
orphan.c fs/ubifs: use rbtree postorder iteration helper instead of opencoding 2014-01-23 16:37:03 -08:00
recovery.c fs/ubifs: use rbtree postorder iteration helper instead of opencoding 2014-01-23 16:37:03 -08:00
replay.c UBIFS: print less 2012-08-31 17:32:58 +03:00
sb.c No big changes for 3.7 in UBIFS: 2012-10-02 20:47:48 -07:00
scan.c UBIFS: comply with coding style 2012-08-31 17:32:57 +03:00
shrinker.c fs: convert fs shrinkers to new scan/count API 2013-09-10 18:56:31 -04:00
super.c UBIFS: fix remount error path 2014-05-05 09:31:33 +03:00
tnc_commit.c UBIFS: rename random32() to prandom_u32() 2013-01-15 15:45:27 +02:00
tnc_misc.c UBIFS: print less 2012-08-31 17:32:58 +03:00
tnc.c fs/ubifs: use rbtree postorder iteration helper instead of opencoding 2014-01-23 16:37:03 -08:00
ubifs-media.h UBIFS: add a superblock flag for free space fix-up 2011-05-16 14:12:14 +03:00
ubifs.h fs: convert fs shrinkers to new scan/count API 2013-09-10 18:56:31 -04:00
xattr.c ubifs: switch to %pd 2013-10-24 23:34:51 -04:00