diff options
author | david m. richter <richterd@citi.umich.edu> | 2007-07-31 00:39:12 -0700 |
---|---|---|
committer | Linus Torvalds <torvalds@woody.linux-foundation.org> | 2007-07-31 15:39:42 -0700 |
commit | 9700382c3c9ff3e673e587084d76eedb3ba88668 (patch) | |
tree | 57ed58d87e765323692e463c8b7ee64f702dff0d | |
parent | 937472b00b666ecbf1464502f857ec63b024af72 (diff) | |
download | linux-9700382c3c9ff3e673e587084d76eedb3ba88668.tar.gz linux-9700382c3c9ff3e673e587084d76eedb3ba88668.tar.bz2 linux-9700382c3c9ff3e673e587084d76eedb3ba88668.zip |
VFS: fix a race in lease-breaking during truncate
It is possible that another process could acquire a new file lease right
after break_lease() is called during a truncate, but before lease-granting
is disabled by the subsequent get_write_access(). Merely switching the
order of the break_lease() and get_write_access() calls prevents this race.
Signed-off-by: David M. Richter <richterd@citi.umich.edu>
Signed-off-by: "J. Bruce Fields" <bfields@citi.umich.edu>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
-rw-r--r-- | fs/open.c | 16 |
1 files changed, 9 insertions, 7 deletions
diff --git a/fs/open.c b/fs/open.c index e27c205364d3..1d9e5e98bf4e 100644 --- a/fs/open.c +++ b/fs/open.c @@ -256,24 +256,26 @@ static long do_sys_truncate(const char __user * path, loff_t length) if (IS_IMMUTABLE(inode) || IS_APPEND(inode)) goto dput_and_out; - /* - * Make sure that there are no leases. - */ - error = break_lease(inode, FMODE_WRITE); + error = get_write_access(inode); if (error) goto dput_and_out; - error = get_write_access(inode); + /* + * Make sure that there are no leases. get_write_access() protects + * against the truncate racing with a lease-granting setlease(). + */ + error = break_lease(inode, FMODE_WRITE); if (error) - goto dput_and_out; + goto put_write_and_out; error = locks_verify_truncate(inode, NULL, length); if (!error) { DQUOT_INIT(inode); error = do_truncate(nd.dentry, length, 0, NULL); } - put_write_access(inode); +put_write_and_out: + put_write_access(inode); dput_and_out: path_release(&nd); out: |