mirror of
https://github.com/freebsd/freebsd-src
synced 2024-09-29 13:15:05 +00:00
Avoid a data-consistency race between write() and mmap()
by ensuring that newly allocated blocks are zerod. The race can occur even in the case where the write covers the entire block. Reported by: Sven Berkvens <sven@berkvens.net>, Marc Olzheim <zlo@zlo.nu>
This commit is contained in:
parent
6fce744ee3
commit
6ddaf0f45e
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=70131
|
@ -238,10 +238,19 @@ WRITE(ap)
|
|||
if (uio->uio_offset + xfersize > ip->i_size)
|
||||
vnode_pager_setsize(vp, uio->uio_offset + xfersize);
|
||||
|
||||
/*
|
||||
* Avoid a data-consistency race between write() and mmap()
|
||||
* by ensuring that newly allocated blocks are zerod. The
|
||||
* race can occur even in the case where the write covers
|
||||
* the entire block.
|
||||
*/
|
||||
flags |= B_CLRBUF;
|
||||
#if 0
|
||||
if (fs->s_frag_size > xfersize)
|
||||
flags |= B_CLRBUF;
|
||||
else
|
||||
flags &= ~B_CLRBUF;
|
||||
#endif
|
||||
|
||||
error = ext2_balloc(ip,
|
||||
lbn, blkoffset + xfersize, ap->a_cred, &bp, flags);
|
||||
|
|
|
@ -238,10 +238,19 @@ WRITE(ap)
|
|||
if (uio->uio_offset + xfersize > ip->i_size)
|
||||
vnode_pager_setsize(vp, uio->uio_offset + xfersize);
|
||||
|
||||
/*
|
||||
* Avoid a data-consistency race between write() and mmap()
|
||||
* by ensuring that newly allocated blocks are zerod. The
|
||||
* race can occur even in the case where the write covers
|
||||
* the entire block.
|
||||
*/
|
||||
flags |= B_CLRBUF;
|
||||
#if 0
|
||||
if (fs->s_frag_size > xfersize)
|
||||
flags |= B_CLRBUF;
|
||||
else
|
||||
flags &= ~B_CLRBUF;
|
||||
#endif
|
||||
|
||||
error = ext2_balloc(ip,
|
||||
lbn, blkoffset + xfersize, ap->a_cred, &bp, flags);
|
||||
|
|
|
@ -468,10 +468,19 @@ WRITE(ap)
|
|||
if (uio->uio_offset + xfersize > ip->i_size)
|
||||
vnode_pager_setsize(vp, uio->uio_offset + xfersize);
|
||||
|
||||
/*
|
||||
* Avoid a data-consistency race between write() and mmap()
|
||||
* by ensuring that newly allocated blocks are zerod. The
|
||||
* race can occur even in the case where the write covers
|
||||
* the entire block.
|
||||
*/
|
||||
flags |= B_CLRBUF;
|
||||
#if 0
|
||||
if (fs->fs_bsize > xfersize)
|
||||
flags |= B_CLRBUF;
|
||||
else
|
||||
flags &= ~B_CLRBUF;
|
||||
#endif
|
||||
/* XXX is uio->uio_offset the right thing here? */
|
||||
error = VOP_BALLOC(vp, uio->uio_offset, xfersize,
|
||||
ap->a_cred, flags, &bp);
|
||||
|
|
Loading…
Reference in a new issue