linux/mm
NeilBrown a32ea1e1f9 Fix read/truncate race
do_generic_mapping_read currently samples the i_size at the start and doesn't
do so again unless it needs to call ->readpage to load a page.  After
->readpage it has to re-sample i_size as a truncate may have caused that page
to be filled with zeros, and the read() call should not see these.

However there are other activities that might cause ->readpage to be called on
a page between the time that do_generic_mapping_read samples i_size and when
it finds that it has an uptodate page.  These include at least read-ahead and
possibly another thread performing a read.

So do_generic_mapping_read must sample i_size *after* it has an uptodate page.
 Thus the current sampling at the start and after a read can be replaced with
a sampling before the copy-out.

The same change applied to __generic_file_splice_read.

Note that this fixes any race with truncate_complete_page, but does not fix a
possible race with truncate_partial_page.  If a partial truncate happens after
do_generic_mapping_read samples i_size and before the copy_out, the nuls that
truncate_partial_page place in the page could be copied out incorrectly.

I think the best fix for that is to *not* zero out parts of the page in
truncate_partial_page, but rather to zero out the tail of a page when
increasing i_size.

Signed-off-by: Neil Brown <neilb@suse.de>
Cc: Jens Axboe <jens.axboe@oracle.com>
Acked-by: Nick Piggin <npiggin@suse.de>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2007-07-17 10:22:59 -07:00
..
allocpercpu.c
backing-dev.c remove mm/backing-dev.c:congestion_wait_interruptible() 2007-07-16 09:05:52 -07:00
bootmem.c
bounce.c block: blk_max_pfn is somtimes wrong 2007-03-27 08:52:47 +02:00
fadvise.c
filemap_xip.c xip sendfile removal 2007-07-10 08:04:15 +02:00
filemap.c Fix read/truncate race 2007-07-17 10:22:59 -07:00
filemap.h
fremap.c
highmem.c [PATCH] i386: PARAVIRT: add kmap_atomic_pte for mapping highpte pages 2007-05-02 19:27:15 +02:00
hugetlb.c hugetlb: fix race in alloc_fresh_huge_page() 2007-07-16 09:05:35 -07:00
internal.h Make page->private usable in compound pages 2007-05-07 12:12:53 -07:00
Kconfig Merge master.kernel.org:/pub/scm/linux/kernel/git/lethal/sh-2.6 2007-07-16 10:32:02 -07:00
madvise.c speed up madvise_need_mmap_write() usage 2007-07-16 09:05:36 -07:00
Makefile Quicklists for page table pages 2007-05-07 12:12:54 -07:00
memory_hotplug.c memory hotplug: fix unnecessary calling of init_currenty_empty_zone() 2007-06-01 08:18:29 -07:00
memory.c kill vmalloc_earlyreserve 2007-07-16 09:05:36 -07:00
mempolicy.c numa: mempolicy: trivial debug fixes. 2007-07-16 09:05:36 -07:00
mempool.c permit mempool_free(NULL) 2007-07-16 09:05:52 -07:00
migrate.c page migration: fix NR_FILE_PAGES accounting 2007-04-24 08:23:08 -07:00
mincore.c
mlock.c do not limit locked memory when RLIMIT_MEMLOCK is RLIM_INFINITY 2007-07-16 09:05:37 -07:00
mmap.c split mmap 2007-07-16 09:05:37 -07:00
mmzone.c
mprotect.c
mremap.c security: Protection for exploiting null dereference using mmap 2007-07-11 22:52:29 -04:00
msync.c Detach sched.h from mm.h 2007-05-21 09:18:19 -07:00
nommu.c nommu: stub expand_stack() for nommu case 2007-07-16 09:05:37 -07:00
oom_kill.c oom: fix constraint deadlock 2007-05-07 12:12:55 -07:00
page_alloc.c fault-injection: add min-order parameter to fail_page_alloc 2007-07-16 09:05:45 -07:00
page_io.c
page-writeback.c dirty_writeback_centisecs_handler() cleanup 2007-07-16 09:05:47 -07:00
pdflush.c
prio_tree.c
quicklist.c Quicklists for page table pages 2007-05-07 12:12:54 -07:00
readahead.c readahead: code cleanup 2007-05-07 12:12:52 -07:00
rmap.c mm: kill validate_anon_vma to avoid mapcount BUG 2007-06-28 11:34:53 -07:00
shmem_acl.c
shmem.c shmem: convert to using splice instead of sendfile() 2007-07-10 08:04:15 +02:00
slab.c mm/slab.c: start_cpu_timer() should be __cpuinit 2007-07-16 09:05:36 -07:00
slob.c slob: sparsemem support 2007-07-16 09:05:36 -07:00
slub.c SLUB: support slub_debug on by default 2007-07-16 09:05:36 -07:00
sparse.c Move three functions that are only needed for CONFIG_MEMORY_HOTPLUG 2007-06-08 17:23:33 -07:00
swap_state.c vmscan: fix comments related to shrink_list() 2007-07-16 09:05:35 -07:00
swap.c Add suspend-related notifications for CPU hotplug 2007-05-09 12:30:56 -07:00
swapfile.c vmscan: fix comments related to shrink_list() 2007-07-16 09:05:35 -07:00
thrash.c Bug in mm/thrash.c function grab_swap_token() 2007-05-11 08:29:32 -07:00
tiny-shmem.c [PATCH] mm/{,tiny-}shmem.c cleanups 2007-03-01 14:53:35 -08:00
truncate.c invalidate_mapping_pages(): add cond_resched 2007-07-16 09:05:36 -07:00
util.c
vmalloc.c [POWERPC] unmap_vm_area becomes unmap_kernel_range for the public 2007-06-14 22:29:56 +10:00
vmscan.c Add suspend-related notifications for CPU hotplug 2007-05-09 12:30:56 -07:00
vmstat.c mm: fixup /proc/vmstat output 2007-07-06 10:26:50 -07:00