From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: stable@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
patches@lists.linux.dev, David Howells <dhowells@redhat.com>,
"Paulo Alcantara (Red Hat)" <pc@manguebit.org>,
Steve French <sfrench@samba.org>,
linux-cifs@vger.kernel.org, netfs@lists.linux.dev,
linux-fsdevel@vger.kernel.org,
Christian Brauner <brauner@kernel.org>,
Sasha Levin <sashal@kernel.org>
Subject: [PATCH 6.15 103/178] netfs: Fix i_size updating
Date: Tue, 8 Jul 2025 18:22:20 +0200 [thread overview]
Message-ID: <20250708162239.336132436@linuxfoundation.org> (raw)
In-Reply-To: <20250708162236.549307806@linuxfoundation.org>
6.15-stable review patch. If anyone has any objections, please let me know.
------------------
From: David Howells <dhowells@redhat.com>
[ Upstream commit 2e0658940d90a3dc130bb3b7f75bae9f4100e01f ]
Fix the updating of i_size, particularly in regard to the completion of DIO
writes and especially async DIO writes by using a lock.
The bug is triggered occasionally by the generic/207 xfstest as it chucks a
bunch of AIO DIO writes at the filesystem and then checks that fstat()
returns a reasonable st_size as each completes.
The problem is that netfs is trying to do "if new_size > inode->i_size,
update inode->i_size" sort of thing but without a lock around it.
This can be seen with cifs, but shouldn't be seen with kafs because kafs
serialises modification ops on the client whereas cifs sends the requests
to the server as they're generated and lets the server order them.
Fixes: 153a9961b551 ("netfs: Implement unbuffered/DIO write support")
Signed-off-by: David Howells <dhowells@redhat.com>
Link: https://lore.kernel.org/20250701163852.2171681-11-dhowells@redhat.com
Reviewed-by: Paulo Alcantara (Red Hat) <pc@manguebit.org>
cc: Steve French <sfrench@samba.org>
cc: Paulo Alcantara <pc@manguebit.org>
cc: linux-cifs@vger.kernel.org
cc: netfs@lists.linux.dev
cc: linux-fsdevel@vger.kernel.org
Signed-off-by: Christian Brauner <brauner@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
fs/netfs/buffered_write.c | 2 ++
fs/netfs/direct_write.c | 8 ++++++--
2 files changed, 8 insertions(+), 2 deletions(-)
diff --git a/fs/netfs/buffered_write.c b/fs/netfs/buffered_write.c
index dbb544e183d13..9f22ff890a8cd 100644
--- a/fs/netfs/buffered_write.c
+++ b/fs/netfs/buffered_write.c
@@ -64,6 +64,7 @@ static void netfs_update_i_size(struct netfs_inode *ctx, struct inode *inode,
return;
}
+ spin_lock(&inode->i_lock);
i_size_write(inode, pos);
#if IS_ENABLED(CONFIG_FSCACHE)
fscache_update_cookie(ctx->cache, NULL, &pos);
@@ -77,6 +78,7 @@ static void netfs_update_i_size(struct netfs_inode *ctx, struct inode *inode,
DIV_ROUND_UP(pos, SECTOR_SIZE),
inode->i_blocks + add);
}
+ spin_unlock(&inode->i_lock);
}
/**
diff --git a/fs/netfs/direct_write.c b/fs/netfs/direct_write.c
index fa9a5bf3c6d51..3efa5894b2c07 100644
--- a/fs/netfs/direct_write.c
+++ b/fs/netfs/direct_write.c
@@ -14,13 +14,17 @@ static void netfs_cleanup_dio_write(struct netfs_io_request *wreq)
struct inode *inode = wreq->inode;
unsigned long long end = wreq->start + wreq->transferred;
- if (!wreq->error &&
- i_size_read(inode) < end) {
+ if (wreq->error || end <= i_size_read(inode))
+ return;
+
+ spin_lock(&inode->i_lock);
+ if (end > i_size_read(inode)) {
if (wreq->netfs_ops->update_i_size)
wreq->netfs_ops->update_i_size(inode, end);
else
i_size_write(inode, end);
}
+ spin_unlock(&inode->i_lock);
}
/*
--
2.39.5
next prev parent reply other threads:[~2025-07-08 16:52 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20250708162236.549307806@linuxfoundation.org>
2025-07-08 16:22 ` [PATCH 6.15 087/178] smb: client: fix warning when reconnecting channel Greg Kroah-Hartman
2025-07-08 16:22 ` [PATCH 6.15 097/178] netfs: Fix hang due to missing case in final DIO read result collection Greg Kroah-Hartman
2025-07-08 16:22 ` [PATCH 6.15 100/178] smb: client: set missing retry flag in smb2_writev_callback() Greg Kroah-Hartman
2025-07-08 16:22 ` [PATCH 6.15 101/178] smb: client: set missing retry flag in cifs_readv_callback() Greg Kroah-Hartman
2025-07-08 16:22 ` [PATCH 6.15 102/178] smb: client: set missing retry flag in cifs_writev_callback() Greg Kroah-Hartman
2025-07-08 16:22 ` Greg Kroah-Hartman [this message]
2025-07-08 16:22 ` [PATCH 6.15 118/178] smb: client: fix native SMB symlink traversal Greg Kroah-Hartman
2025-07-08 16:22 ` [PATCH 6.15 119/178] netfs: Fix double put of request Greg Kroah-Hartman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250708162239.336132436@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=brauner@kernel.org \
--cc=dhowells@redhat.com \
--cc=linux-cifs@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=netfs@lists.linux.dev \
--cc=patches@lists.linux.dev \
--cc=pc@manguebit.org \
--cc=sashal@kernel.org \
--cc=sfrench@samba.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox