From: Jan Kara Fix the problem (BUG 4964) with unmapped buffers in transaction's t_sync_data list. The problem is we need to call filesystem's own invalidatepage() from block_write_full_page(). block_write_full_page() must call filesystem's invalidatepage(). Otherwise following nasty race can happen: proc 1 proc 2 ------ ------ - write some new data to 'offset' => bh gets to the transactions data list - starts truncate => i_size set to new size - mpage_writepages() - ext3_ordered_writepage() to 'offset' - block_write_full_page() - page->index > end_index+1 - block_invalidatepage() - discard_buffer() - clear_buffer_mapped() - commit triggers and finds unmapped buffer - BOOM! Signed-off-by: Jan Kara Signed-off-by: Andrew Morton --- fs/buffer.c | 11 ++++++++++- include/linux/buffer_head.h | 1 + mm/truncate.c | 11 +---------- 3 files changed, 12 insertions(+), 11 deletions(-) diff -puN fs/buffer.c~fix-unmapped-buffers-in-transactions-lists fs/buffer.c --- devel/fs/buffer.c~fix-unmapped-buffers-in-transactions-lists 2005-09-13 18:23:44.000000000 -0700 +++ devel-akpm/fs/buffer.c 2005-09-13 18:23:44.000000000 -0700 @@ -1637,6 +1637,15 @@ out: } EXPORT_SYMBOL(block_invalidatepage); +int do_invalidatepage(struct page *page, unsigned long offset) +{ + int (*invalidatepage)(struct page *, unsigned long); + invalidatepage = page->mapping->a_ops->invalidatepage; + if (invalidatepage == NULL) + invalidatepage = block_invalidatepage; + return (*invalidatepage)(page, offset); +} + /* * We attach and possibly dirty the buffers atomically wrt * __set_page_dirty_buffers() via private_lock. try_to_free_buffers @@ -2696,7 +2705,7 @@ int block_write_full_page(struct page *p * they may have been added in ext3_writepage(). Make them * freeable here, so the page does not leak. */ - block_invalidatepage(page, 0); + do_invalidatepage(page, 0); unlock_page(page); return 0; /* don't care */ } diff -puN include/linux/buffer_head.h~fix-unmapped-buffers-in-transactions-lists include/linux/buffer_head.h --- devel/include/linux/buffer_head.h~fix-unmapped-buffers-in-transactions-lists 2005-09-13 18:23:44.000000000 -0700 +++ devel-akpm/include/linux/buffer_head.h 2005-09-13 18:23:44.000000000 -0700 @@ -190,6 +190,7 @@ extern int buffer_heads_over_limit; */ int try_to_release_page(struct page * page, int gfp_mask); int block_invalidatepage(struct page *page, unsigned long offset); +int do_invalidatepage(struct page *page, unsigned long offset); int block_write_full_page(struct page *page, get_block_t *get_block, struct writeback_control *wbc); int block_read_full_page(struct page*, get_block_t*); diff -puN mm/truncate.c~fix-unmapped-buffers-in-transactions-lists mm/truncate.c --- devel/mm/truncate.c~fix-unmapped-buffers-in-transactions-lists 2005-09-13 18:23:44.000000000 -0700 +++ devel-akpm/mm/truncate.c 2005-09-13 18:23:44.000000000 -0700 @@ -13,18 +13,9 @@ #include #include #include /* grr. try_to_release_page, - block_invalidatepage */ + do_invalidatepage */ -static int do_invalidatepage(struct page *page, unsigned long offset) -{ - int (*invalidatepage)(struct page *, unsigned long); - invalidatepage = page->mapping->a_ops->invalidatepage; - if (invalidatepage == NULL) - invalidatepage = block_invalidatepage; - return (*invalidatepage)(page, offset); -} - static inline void truncate_partial_page(struct page *page, unsigned partial) { memclear_highpage_flush(page, partial, PAGE_CACHE_SIZE-partial); _