Wait for all I/O on truncate to zero file size
It's possible to have outstanding xfs_ioend_t's queued when the file
size is zero. This can happen in the direct I/O path when a direct
I/O write fails due to ENOSPC. In this case the xfs_ioend_t will still
be queued (ie xfs_end_io_direct() does not know that the I/O failed so
can't force the xfs_ioend_t to be flushed synchronously).
When we truncate a file on unlink we don't know to wait for these
xfs_ioend_ts and we can have a use-after-free situation if the inode
is reclaimed before the xfs_ioend_t is finally processed.
As was suggested by Dave Chinner lets wait for all I/Os to complete
when truncating the file size to zero.
Date: Fri Sep 26 14:41:42 AEST 2008
Inspected by: hch
The following file(s) were checked into:
fs/xfs/xfs_inode.c - 1.524 - changed
- Wait for all I/O on truncate to zero file size