ext4: Fix lock inversion in ext4_ext_truncate() We cannot call ext4_orphan_add() from under i_data_sem because that causes lock inversion between i_data_sem and superblock lock: -> #1 (&type->s_lock_key#7){--..}: [] __lock_acquire+0xc3c/0xe20 [] lock_acquire+0x53/0x6d [] mutex_lock_nested+0xd6/0x27d [] lock_super+0x22/0x24 [] ext4_orphan_add+0x29/0x17d [] ext4_ext_truncate+0x91/0x19c [] ext4_truncate+0xbb/0x568 [] vmtruncate+0xc2/0xe0 [] inode_setattr+0x28/0x123 [] ext4_setattr+0x226/0x284 [] notify_change+0x169/0x27b [] do_truncate+0x60/0x7e [] sys_truncate+0x172/0x1a8 [] sys32_truncate64+0x16/0x18 -> #0 (&ei->i_data_sem){----}: [] __lock_acquire+0xb24/0xe20 [] lock_acquire+0x53/0x6d [] down_read+0x25/0x31 [] ext4_get_blocks_wrap+0x36/0x15c [] ext4_get_block+0xb5/0xf3 [] generic_block_bmap+0x3a/0x40 [] ext4_bmap+0x70/0x79 [] bmap+0x1f/0x27 [] jbd2_journal_bmap+0x2c/0x8a [] jbd2_journal_next_log_block+0x76/0x7e [] jbd2_journal_get_descriptor_buffer+0x17/0x80 [] jbd2_journal_commit_transaction+0x56e/0x1045 [] jbd2_journal_destroy+0xfc/0x250 [] ext4_put_super+0x3e/0x213 [] generic_shutdown_super+0x63/0xf8 [] kill_block_super+0x12/0x27 [] deactivate_super+0x4c/0x61 [] mntput_no_expire+0xed/0x120 [] sys_umount+0x312/0x327 Signed-off-by: Jan Kara Index: linux-2.6-linus/fs/ext4/extents.c =================================================================== --- linux-2.6-linus.orig/fs/ext4/extents.c +++ linux-2.6-linus/fs/ext4/extents.c @@ -2943,6 +2943,9 @@ void ext4_ext_truncate(struct inode *ino if (inode->i_size & (sb->s_blocksize - 1)) ext4_block_truncate_page(handle, mapping, inode->i_size); + if (ext4_orphan_add(handle, inode)) + goto out_stop; + down_write(&EXT4_I(inode)->i_data_sem); ext4_ext_invalidate_cache(inode); @@ -2953,8 +2956,6 @@ void ext4_ext_truncate(struct inode *ino * Probably we need not scan at all, * because page truncation is enough. */ - if (ext4_orphan_add(handle, inode)) - goto out_stop; /* we have to know where to truncate from in crash case */ EXT4_I(inode)->i_disksize = inode->i_size;