From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754123AbbIZXCV (ORCPT ); Sat, 26 Sep 2015 19:02:21 -0400 Received: from mail-wi0-f170.google.com ([209.85.212.170]:36541 "EHLO mail-wi0-f170.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753867AbbIZXCU (ORCPT ); Sat, 26 Sep 2015 19:02:20 -0400 Message-ID: <560723F8.3010909@gmail.com> Date: Sun, 27 Sep 2015 01:02:16 +0200 From: angelo User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Icedove/31.7.0 MIME-Version: 1.0 To: linux-kernel@vger.kernel.org CC: linux-mm@kvack.org Subject: [PATCH] mm: fix cpu hangs on truncating last page of a 16t sparse file Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi all, running xfstests, generic 308 on whatever 32bit arch is possible to observe cpu to hang near 100% on unlink. The test removes a sparse file of length 16tera where only the last 4096 bytes block is mapped. At line 265 of truncate.c there is a if (index >= end) break; But if index is, as in this case, a 4294967295, it match -1 used as eof. Hence the cpu loops 100% just after. ------------------- On 32bit archs, with CONFIG_LBDAF=y, if truncating last page of a 16tera file, "index" variable is set to 4294967295, and hence matches with -1 used as EOF value. This result in an inifite loop when unlink is executed on this file. Signed-off-by: Angelo Dureghello --- mm/truncate.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/mm/truncate.c b/mm/truncate.c index 76e35ad..3751034 100644 --- a/mm/truncate.c +++ b/mm/truncate.c @@ -283,14 +283,15 @@ void truncate_inode_pages_range(struct address_space *mapping, pagevec_remove_exceptionals(&pvec); pagevec_release(&pvec); cond_resched(); - index++; + if (index < end) + index++; } if (partial_start) { struct page *page = find_lock_page(mapping, start - 1); if (page) { unsigned int top = PAGE_CACHE_SIZE; - if (start > end) { + if (start > end && end != -1) { /* Truncation within a single page */ top = partial_end; partial_end = 0; @@ -322,7 +323,7 @@ void truncate_inode_pages_range(struct address_space *mapping, * If the truncation happened within a single page no pages * will be released, just zeroed, so we can bail out now. */ - if (start >= end) + if (start >= end && end != -1) return; index = start; @@ -337,7 +338,7 @@ void truncate_inode_pages_range(struct address_space *mapping, index = start; continue; } - if (index == start && indices[0] >= end) { + if (index == start && (indices[0] >= end && end != -1)) { /* All gone out of hole to be punched, we're done */ pagevec_remove_exceptionals(&pvec); pagevec_release(&pvec); @@ -348,7 +349,7 @@ void truncate_inode_pages_range(struct address_space *mapping, /* We rely upon deletion not changing page->index */ index = indices[i]; - if (index >= end) { + if (index >= end && (end != -1)) { /* Restart punch to make sure all gone */ index = start - 1; break; -- 2.5.3