VFS: fix a race in lease-breaking during truncate
david m. richter [Tue, 31 Jul 2007 07:39:12 +0000 (00:39 -0700)]
It is possible that another process could acquire a new file lease right
after break_lease() is called during a truncate, but before lease-granting
is disabled by the subsequent get_write_access().  Merely switching the
order of the break_lease() and get_write_access() calls prevents this race.

Signed-off-by: David M. Richter <richterd@citi.umich.edu>
Signed-off-by: "J. Bruce Fields" <bfields@citi.umich.edu>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

fs/open.c

index e27c205..1d9e5e9 100644 (file)
--- a/fs/open.c
+++ b/fs/open.c
@@ -256,24 +256,26 @@ static long do_sys_truncate(const char __user * path, loff_t length)
        if (IS_IMMUTABLE(inode) || IS_APPEND(inode))
                goto dput_and_out;
 
-       /*
-        * Make sure that there are no leases.
-        */
-       error = break_lease(inode, FMODE_WRITE);
+       error = get_write_access(inode);
        if (error)
                goto dput_and_out;
 
-       error = get_write_access(inode);
+       /*
+        * Make sure that there are no leases.  get_write_access() protects
+        * against the truncate racing with a lease-granting setlease().
+        */
+       error = break_lease(inode, FMODE_WRITE);
        if (error)
-               goto dput_and_out;
+               goto put_write_and_out;
 
        error = locks_verify_truncate(inode, NULL, length);
        if (!error) {
                DQUOT_INIT(inode);
                error = do_truncate(nd.dentry, length, 0, NULL);
        }
-       put_write_access(inode);
 
+put_write_and_out:
+       put_write_access(inode);
 dput_and_out:
        path_release(&nd);
 out: