Fix the update of the zero point[*] by netfs_release_folio() when there is
uncommitted data in the pagecache beyond the folio being released but the
on-server EOF is in this folio (ie. i_size > remote_i_size).  The update
needs to limit zero_point to remote_i_size, not i_size as i_size is a local
phenomenon reflecting updates made locally to the pagecache, not stuff
written to the server.  remote_i_size tracks the server's i_size.

[*] The zero point is the file position from which we can assume that the
    server will just return zeros, so we can avoid generating reads.

Note that netfs_invalidate_folio() probably doesn't need fixing as
zero_point should be updated by setattr after truncation or fallocate.

Found with:

    fsx -q -N 1000000 -p 10000 -o 128000 -l 600000 \
        /xfstest.test/junk --replay-ops=junk.fsxops

using the following as junk.fsxops:

    truncate 0x0 0x1bbae 0x82864
    write 0x3ef2e 0xf9c8 0x1bbae
    write 0x67e05 0xcb5a 0x4e8f6
    mapread 0x57781 0x85b6 0x7495f
    copy_range 0x5d3d 0x10329 0x54fac 0x7495f
    write 0x64710 0x1c2b 0x7495f
    mapread 0x64000 0x1000 0x7495f

on cifs with the default cache option.

It shows read-gaps on folio 0x64 failing with a short read (ie. it hits
EOF) if the FMODE_READ check is commented out in netfs_perform_write():

                if (//(file->f_mode & FMODE_READ) ||
                    netfs_is_cache_enabled(ctx)) {

and no fscache.  This was initially found with the generic/522 xfstest.

Fixes: cce6bfa6ca0e ("netfs: Fix trimming of streaming-write folios in netfs_inval_folio()")
Signed-off-by: David Howells <dhowells@redhat.com>
cc: Paulo Alcantara <pc@manguebit.org>
cc: Matthew Wilcox <willy@infradead.org>
cc: netfs@lists.linux.dev
cc: linux-fsdevel@vger.kernel.org
---
 fs/netfs/misc.c       |  4 ++--
 include/linux/netfs.h | 35 +++++++++++++++++++++++++++--------
 2 files changed, 29 insertions(+), 10 deletions(-)

diff --git a/fs/netfs/misc.c b/fs/netfs/misc.c
index 9d92d068f1da..37d9651078e6 100644
--- a/fs/netfs/misc.c
+++ b/fs/netfs/misc.c
@@ -299,9 +299,9 @@ bool netfs_release_folio(struct folio *folio, gfp_t gfp)
 		return false;
 
 	netfs_read_sizes(ctx, &i_size, &remote_i_size, &zero_point);
-	end = umin(folio_next_pos(folio), i_size);
+	end = folio_next_pos(folio);
 	if (end > zero_point)
-		netfs_write_zero_point(ctx, end);
+		netfs_push_back_zero_point(ctx, umin(end, remote_i_size));
 
 	if (folio_test_private(folio))
 		return false;
diff --git a/include/linux/netfs.h b/include/linux/netfs.h
index 90e061e444ce..59f35d2eeb2e 100644
--- a/include/linux/netfs.h
+++ b/include/linux/netfs.h
@@ -530,11 +530,11 @@ static inline void netfs_write_remote_i_size(struct netfs_inode *ictx,
 #if BITS_PER_LONG==32 && defined(CONFIG_SMP)
 	struct inode *inode = &ictx->inode;
 
-	preempt_disable();
+	spin_lock(&inode->i_lock);
 	write_seqcount_begin(&inode->i_size_seqcount);
 	ictx->_remote_i_size = remote_i_size;
 	write_seqcount_end(&inode->i_size_seqcount);
-	preempt_enable();
+	spin_unlock(&inode->i_lock);
 #elif BITS_PER_LONG==32 && defined(CONFIG_PREEMPTION)
 	preempt_disable();
 	ictx->_remote_i_size = remote_i_size;
@@ -605,11 +605,11 @@ static inline void netfs_write_zero_point(struct netfs_inode *ictx,
 #if BITS_PER_LONG==32 && defined(CONFIG_SMP)
 	struct inode *inode = &ictx->inode;
 
-	preempt_disable();
+	spin_lock(&inode->i_lock);
 	write_seqcount_begin(&inode->i_size_seqcount);
 	ictx->_zero_point = zero_point;
 	write_seqcount_end(&inode->i_size_seqcount);
-	preempt_enable();
+	spin_unlock(&inode->i_lock);
 #elif BITS_PER_LONG==32 && defined(CONFIG_PREEMPTION)
 	preempt_disable();
 	ictx->_zero_point = zero_point;
@@ -635,8 +635,27 @@ static inline void netfs_write_zero_point(struct netfs_inode *ictx,
 static inline void netfs_push_back_zero_point(struct netfs_inode *ictx,
 					      unsigned long long to)
 {
-	if (to > netfs_read_zero_point(ictx))
-		netfs_write_zero_point(ictx, to);
+#if BITS_PER_LONG==32 && defined(CONFIG_SMP)
+	struct inode *inode = &ictx->inode;
+
+	spin_lock(&inode->i_lock);
+	write_seqcount_begin(&inode->i_size_seqcount);
+	if (to > ictx->_zero_point)
+		ictx->_zero_point = to;
+	write_seqcount_end(&inode->i_size_seqcount);
+	spin_unlock(&inode->i_lock);
+#elif BITS_PER_LONG==32 && defined(CONFIG_PREEMPTION)
+	preempt_disable();
+	if (to > ictx->_zero_point)
+		ictx->_zero_point = to;
+	preempt_enable();
+#else
+	unsigned long long old = ictx->_zero_point;
+
+	while (to > old) {
+		old = cmpxchg_release(&ictx->_zero_point, old, to);
+	}
+#endif
 }
 
 /**
@@ -709,12 +728,12 @@ static inline void netfs_write_sizes(struct netfs_inode *ictx,
 #if BITS_PER_LONG==32 && defined(CONFIG_SMP)
 	struct inode *inode = &ictx->inode;
 
-	preempt_disable();
+	spin_lock(&inode->i_lock);
 	write_seqcount_begin(&inode->i_size_seqcount);
 	ictx->_remote_i_size = remote_i_size;
 	ictx->_zero_point = zero_point;
 	write_seqcount_end(&inode->i_size_seqcount);
-	preempt_enable();
+	spin_unlock(&inode->i_lock);
 #elif BITS_PER_LONG==32 && defined(CONFIG_PREEMPTION)
 	preempt_disable();
 	ictx->_remote_i_size = remote_i_size;