From: Tejun Heo <htejun@gmail.com>
To: zach.brown@oracle.com, pbadari@us.ibm.com, suparna@in.ibm.com,
jmoyer@redhat.com, akpm@osdl.org, cwyang@aratech.co.kr,
linux-kernel@vger.kernel.org, htejun@gmail.com
Cc: Tejun Heo <htejun@gmail.com>
Subject: [PATCH 5/5] direct-io: fix double completion on partially valid async requests
Date: Thu, 9 Nov 2006 10:16:12 +0900 [thread overview]
Message-ID: <1163034972736-git-send-email-htejun@gmail.com> (raw)
In-Reply-To: <11630349713427-git-send-email-htejun@gmail.com>
If a request which is valid in the first half but has the second half
unmapped, the current code issues the first half and returns issue
error. This causes both the caller and completion callback complete
the aio request thus either causing oops immediately or memory
corruption.
This path makes direct_io_worker() wait completion for such request
and return error without aio_complete()'ing it.
This bug has been spotted by Chul-Woong Yang.
Signed-off-by: Tejun Heo <htejun@gmail.com>
Cc: Chul-Woong Yang <cwyang@aratech.co.kr>
---
fs/direct-io.c | 10 ++++------
1 files changed, 4 insertions(+), 6 deletions(-)
diff --git a/fs/direct-io.c b/fs/direct-io.c
index c558aa6..316598b 100644
--- a/fs/direct-io.c
+++ b/fs/direct-io.c
@@ -956,19 +956,17 @@ direct_io_worker(int rw, struct kiocb *i
* If this request can be completed asynchronously, drop the
* extra reference and return.
*/
- if (!is_sync_kiocb(iocb) &&
+ if (!is_sync_kiocb(iocb) && ret == 0 &&
((rw == READ) || (dio->result == dio->size &&
offset + dio->size <= dio->i_size))) {
- if (ret == 0)
- ret = dio->result;
finished_one_bio(dio); /* This can free the dio */
- return ret;
+ return dio->result;
}
/*
* We need to wait for the request to complete if the request
- * is synchronous or an async write which writes to hole or
- * extends the file.
+ * is synchronous, failed to issue in the middle or is an
+ * async write which writes to hole or extends the file.
*
* For file extending writes updating i_size before data
* writeouts complete can expose uninitialized blocks. So even
--
1.4.3.3
prev parent reply other threads:[~2006-11-09 1:17 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-11-09 1:16 [RESEND PATCHSET] direct-io: unify asyn/sync completion paths and fix completion bugs Tejun Heo
2006-11-09 1:16 ` [PATCH 3/5] direct-io: factor out dio_determine_result() Tejun Heo
2006-11-09 1:16 ` [PATCH 4/5] direct-io: unify sync and async completion paths Tejun Heo
2006-11-09 1:16 ` [PATCH 2/5] direct-io: fix dio_complete() errno passing in sync completion path Tejun Heo
2006-11-09 1:16 ` [PATCH 1/5] direct-io: fix page_errors handling Tejun Heo
2006-11-09 1:16 ` Tejun Heo [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1163034972736-git-send-email-htejun@gmail.com \
--to=htejun@gmail.com \
--cc=akpm@osdl.org \
--cc=cwyang@aratech.co.kr \
--cc=jmoyer@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=pbadari@us.ibm.com \
--cc=suparna@in.ibm.com \
--cc=zach.brown@oracle.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.