• hujianyang's avatar
    UBIFS: fix an mmap and fsync race condition · 691a7c6f
    hujianyang authored
    There is a race condition in UBIFS:
    
    Thread A (mmap)                        Thread B (fsync)
    
    ->__do_fault                           ->write_cache_pages
       -> ubifs_vm_page_mkwrite
           -> budget_space
           -> lock_page
           -> release/convert_page_budget
           -> SetPagePrivate
           -> TestSetPageDirty
           -> unlock_page
                                           -> lock_page
                                               -> TestClearPageDirty
                                               -> ubifs_writepage
                                                   -> do_writepage
                                                       -> release_budget
                                                       -> ClearPagePrivate
                                                       -> unlock_page
       -> !(ret & VM_FAULT_LOCKED)
       -> lock_page
       -> set_page_dirty
           -> ubifs_set_page_dirty
               -> TestSetPageDirty (set page dirty without budgeting)
       -> unlock_page
    
    This leads to situation where we have a diry page but no budget allocated for
    this page, so further write-back may fail with -ENOSPC.
    
    In this fix we return from page_mkwrite without performing unlock_page. We
    return VM_FAULT_LOCKED instead. After doing this, the race above will not
    happen.
    Signed-off-by: default avatarhujianyang <hujianyang@huawei.com>
    Tested-by: default avatarLaurence Withers <lwithers@guralp.com>
    Cc: stable@vger.kernel.org
    Signed-off-by: default avatarArtem Bityutskiy <artem.bityutskiy@linux.intel.com>
    691a7c6f
file.c 45.2 KB