首頁 探索 說明
註冊 登入
phyus
/
linux-vybrid_public
8
0
複刻 0
檔案 問題管理 0 合併請求 0 Wiki
瀏覽代碼

NFS: Fix a hang/infinite loop in nfs_wb_page()

When one of the two waits in nfs_commit_inode() is interrupted, it
returns a non-negative value, which causes nfs_wb_page() to think
that the operation was successful causing it to busy-loop rather
than exiting.
It also causes nfs_file_fsync() to incorrectly report the file as
being successfully committed to disk.

This patch fixes both problems by ensuring that we return an error
if the attempts to wait fail.

Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Cc: stable@kernel.org
Trond Myklebust 14 年之前
父節點
b31268ac79
當前提交
b8413f98f9
共有 1 個文件被更改,包括 19 次插入12 次删除
統一視圖 顯示文件統計
  1. 19 12
      fs/nfs/write.c

+ 19 - 12
fs/nfs/write.c
查看文件 

@@ -1261,13 +1261,17 @@ void nfs_writeback_done(struct rpc_task *task, struct nfs_write_data *data)
 
 #if defined(CONFIG_NFS_V3) || defined(CONFIG_NFS_V4)
 
 #if defined(CONFIG_NFS_V3) || defined(CONFIG_NFS_V4)
 
 static int nfs_commit_set_lock(struct nfs_inode *nfsi, int may_wait)
 
 static int nfs_commit_set_lock(struct nfs_inode *nfsi, int may_wait)
 
 {
 
 {
 
+	int ret;
 
+
 
 	if (!test_and_set_bit(NFS_INO_COMMIT, &nfsi->flags))
 
 	if (!test_and_set_bit(NFS_INO_COMMIT, &nfsi->flags))
 
 		return 1;
 
 		return 1;
 
-	if (may_wait && !out_of_line_wait_on_bit_lock(&nfsi->flags,
 
-				NFS_INO_COMMIT, nfs_wait_bit_killable,
 
-				TASK_KILLABLE))
 
-		return 1;
 
-	return 0;
 
+	if (!may_wait)
 
+		return 0;
 
+	ret = out_of_line_wait_on_bit_lock(&nfsi->flags,
 
+				NFS_INO_COMMIT,
 
+				nfs_wait_bit_killable,
 
+				TASK_KILLABLE);
 
+	return (ret < 0) ? ret : 1;
 
 }
 
 }
 
 
 
 static void nfs_commit_clear_lock(struct nfs_inode *nfsi)
 
 static void nfs_commit_clear_lock(struct nfs_inode *nfsi)
 
@@ -1443,9 +1447,10 @@ int nfs_commit_inode(struct inode *inode, int how)
 
 {
 
 {
 
 	LIST_HEAD(head);
 
 	LIST_HEAD(head);
 
 	int may_wait = how & FLUSH_SYNC;
 
 	int may_wait = how & FLUSH_SYNC;
 
-	int res = 0;
 
+	int res;
 
 
 
-	if (!nfs_commit_set_lock(NFS_I(inode), may_wait))
 
+	res = nfs_commit_set_lock(NFS_I(inode), may_wait);
 
+	if (res <= 0)
 
 		goto out_mark_dirty;
 
 		goto out_mark_dirty;
 
 	spin_lock(&inode->i_lock);
 
 	spin_lock(&inode->i_lock);
 
 	res = nfs_scan_commit(inode, &head, 0, 0);
 
 	res = nfs_scan_commit(inode, &head, 0, 0);
 
@@ -1454,12 +1459,14 @@ int nfs_commit_inode(struct inode *inode, int how)
 
 		int error = nfs_commit_list(inode, &head, how);
 
 		int error = nfs_commit_list(inode, &head, how);
 
 		if (error < 0)
 
 		if (error < 0)
 
 			return error;
 
 			return error;
 
-		if (may_wait)
 
-			wait_on_bit(&NFS_I(inode)->flags, NFS_INO_COMMIT,
 
-					nfs_wait_bit_killable,
 
-					TASK_KILLABLE);
 
-		else
 
+		if (!may_wait)
 
 			goto out_mark_dirty;
 
 			goto out_mark_dirty;
 
+		error = wait_on_bit(&NFS_I(inode)->flags,
 
+				NFS_INO_COMMIT,
 
+				nfs_wait_bit_killable,
 
+				TASK_KILLABLE);
 
+		if (error < 0)
 
+			return error;
 
 	} else
 
 	} else
 
 		nfs_commit_clear_lock(NFS_I(inode));
 
 		nfs_commit_clear_lock(NFS_I(inode));
 
 	return res;
 
 	return res;