aboutsummaryrefslogtreecommitdiffstats
path: root/fs/btrfs
diff options
context:
space:
mode:
authorYan <yanzheng@21cn.com>2007-11-06 10:26:26 -0500
committerChris Mason <chris.mason@oracle.com>2008-09-25 11:03:57 -0400
commitdcfec0dcb1b1a037fb26177789e8f108bc429cb3 (patch)
treeab052a4aa666d6453e26d32ba509e46c0ef3d85f /fs/btrfs
parent081e95736d9118a96e9f6dcc5cec02dc75c9e1cb (diff)
Btrfs: Fix u32 overflow in dirty_and_release_pages.
When calculating the size of inline extent, inode->i_size should also be take into consideration, otherwise sys_write may drop some data silently. You can test this bug by: #dd if=/dev/zero bs=4k count=1 of=test_file #dd if=/dev/zero bs=2k count=1 of=test_file conv=notrunc Signed-off-by: Chris Mason <chris.mason@oracle.com>
Diffstat (limited to 'fs/btrfs')
-rw-r--r--fs/btrfs/file.c9
1 files changed, 5 insertions, 4 deletions
diff --git a/fs/btrfs/file.c b/fs/btrfs/file.c
index 4e52f7ec1cbe..bb98f52f4ea4 100644
--- a/fs/btrfs/file.c
+++ b/fs/btrfs/file.c
@@ -239,9 +239,8 @@ static int dirty_and_release_pages(struct btrfs_trans_handle *trans,
239 u64 start_pos; 239 u64 start_pos;
240 u64 end_of_last_block; 240 u64 end_of_last_block;
241 u64 end_pos = pos + write_bytes; 241 u64 end_pos = pos + write_bytes;
242 u32 inline_size; 242 u64 inline_size;
243 loff_t isize = i_size_read(inode); 243 loff_t isize = i_size_read(inode);
244
245 em = alloc_extent_map(GFP_NOFS); 244 em = alloc_extent_map(GFP_NOFS);
246 if (!em) 245 if (!em)
247 return -ENOMEM; 246 return -ENOMEM;
@@ -328,9 +327,11 @@ static int dirty_and_release_pages(struct btrfs_trans_handle *trans,
328 aligned_end, aligned_end, &hint_byte); 327 aligned_end, aligned_end, &hint_byte);
329 if (err) 328 if (err)
330 goto failed; 329 goto failed;
330 if (isize > inline_size)
331 inline_size = min_t(u64, isize, aligned_end);
332 inline_size -= start_pos;
331 err = insert_inline_extent(trans, root, inode, start_pos, 333 err = insert_inline_extent(trans, root, inode, start_pos,
332 end_pos - start_pos, pages, 0, 334 inline_size, pages, 0, num_pages);
333 num_pages);
334 BUG_ON(err); 335 BUG_ON(err);
335 } 336 }
336 if (end_pos > isize) { 337 if (end_pos > isize) {