diff options
| author | Jan Kara <jack@suse.cz> | 2021-04-22 17:52:32 +0300 |
|---|---|---|
| committer | Jan Kara <jack@suse.cz> | 2021-07-13 15:29:01 +0300 |
| commit | b092b3efc7cb239b6f33bb97da0f8812680e1046 (patch) | |
| tree | d61a3007db3005aae514814d3d67721432418fda /fs/cifs | |
| parent | 057ba5b24532aca202cb1ae8c246bde27de12763 (diff) | |
| download | linux-b092b3efc7cb239b6f33bb97da0f8812680e1046.tar.xz | |
cifs: Fix race between hole punch and page fault
Cifs has a following race between hole punching and page fault:
CPU1 CPU2
smb3_fallocate()
smb3_punch_hole()
truncate_pagecache_range()
filemap_fault()
- loads old data into the
page cache
SMB2_ioctl(..., FSCTL_SET_ZERO_DATA, ...)
And now we have stale data in the page cache. Fix the problem by locking
out faults (as well as reads) using mapping->invalidate_lock while hole
punch is running.
CC: Steve French <sfrench@samba.org>
CC: linux-cifs@vger.kernel.org
Signed-off-by: Jan Kara <jack@suse.cz>
Diffstat (limited to 'fs/cifs')
| -rw-r--r-- | fs/cifs/smb2ops.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/fs/cifs/smb2ops.c b/fs/cifs/smb2ops.c index e4c8f603dd58..458c546ce8cd 100644 --- a/fs/cifs/smb2ops.c +++ b/fs/cifs/smb2ops.c @@ -3588,6 +3588,7 @@ static long smb3_punch_hole(struct file *file, struct cifs_tcon *tcon, return rc; } + filemap_invalidate_lock(inode->i_mapping); /* * We implement the punch hole through ioctl, so we need remove the page * caches first, otherwise the data may be inconsistent with the server. @@ -3605,6 +3606,7 @@ static long smb3_punch_hole(struct file *file, struct cifs_tcon *tcon, sizeof(struct file_zero_data_information), CIFSMaxBufSize, NULL, NULL); free_xid(xid); + filemap_invalidate_unlock(inode->i_mapping); return rc; } |