[RFC] what's going on with file->f_pos uses in orangefs_file_write_iter()?

[Al Viro <viro@ZenIV.linux.org.uk>]

I'd missed that back then, but...

        if (file->f_pos > i_size_read(file->f_mapping->host))
                orangefs_i_size_write(file->f_mapping->host, file->f_pos);

        rc = generic_write_checks(iocb, iter);

        if (rc <= 0) {
                gossip_err("%s: generic_write_checks failed, rc:%zd:.\n",
                           __func__, rc);
                goto out;
        }

        /*
         * if we are appending, generic_write_checks would have updated
         * pos to the end of the file, so we will wait till now to set
         * pos...
         */
        pos = *(&iocb->ki_pos);

looks suspicious as hell.  What's going on there?  Not to mention anything
else file->f_pos might be completely unrelated to any IO going on -
consider e.g. pwrite(2), where the position (in iocb->ki_pos) has nothing
to do with file->f_pos.  Then there's the question of WTF is write()
(or pwrite()) past the current EOF doing bumping the file size, before
it even gets a chance to decide whether it'll be trying to do any IO at
all.

_Then_ there's the deadlock on 32bit SMP in that code.  Look: several
lines prior we'd done
        inode_lock(file->f_mapping->host);
and hadn't unlocked the sucker since then.  And
static inline void orangefs_i_size_write(struct inode *inode, loff_t i_size)
{
#if BITS_PER_LONG == 32 && defined(CONFIG_SMP)
        inode_lock(inode);
#endif
        i_size_write(inode, i_size);
#if BITS_PER_LONG == 32 && defined(CONFIG_SMP)
        inode_unlock(inode);
#endif
}
means that if we get around to calling it there in SMP/32bit case, we'll
get as plain a deadlock as possible.  And AFAICS it had been that way
since the initial merge.

What the hell is that code about and what is it trying to do?

PS: While we are at it, what's the point of that *(&...) in there?