diff options
author | Yan <yanzheng@21cn.com> | 2007-11-06 10:26:26 -0500 |
---|---|---|
committer | Chris Mason <chris.mason@oracle.com> | 2008-09-25 11:03:57 -0400 |
commit | dcfec0dcb1b1a037fb26177789e8f108bc429cb3 (patch) | |
tree | ab052a4aa666d6453e26d32ba509e46c0ef3d85f /fs/btrfs | |
parent | 081e95736d9118a96e9f6dcc5cec02dc75c9e1cb (diff) |
Btrfs: Fix u32 overflow in dirty_and_release_pages.
When calculating the size of inline extent, inode->i_size should also
be take into consideration, otherwise sys_write may drop some data
silently. You can test this bug by:
#dd if=/dev/zero bs=4k count=1 of=test_file
#dd if=/dev/zero bs=2k count=1 of=test_file conv=notrunc
Signed-off-by: Chris Mason <chris.mason@oracle.com>
Diffstat (limited to 'fs/btrfs')
-rw-r--r-- | fs/btrfs/file.c | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/fs/btrfs/file.c b/fs/btrfs/file.c index 4e52f7ec1cbe..bb98f52f4ea4 100644 --- a/fs/btrfs/file.c +++ b/fs/btrfs/file.c | |||
@@ -239,9 +239,8 @@ static int dirty_and_release_pages(struct btrfs_trans_handle *trans, | |||
239 | u64 start_pos; | 239 | u64 start_pos; |
240 | u64 end_of_last_block; | 240 | u64 end_of_last_block; |
241 | u64 end_pos = pos + write_bytes; | 241 | u64 end_pos = pos + write_bytes; |
242 | u32 inline_size; | 242 | u64 inline_size; |
243 | loff_t isize = i_size_read(inode); | 243 | loff_t isize = i_size_read(inode); |
244 | |||
245 | em = alloc_extent_map(GFP_NOFS); | 244 | em = alloc_extent_map(GFP_NOFS); |
246 | if (!em) | 245 | if (!em) |
247 | return -ENOMEM; | 246 | return -ENOMEM; |
@@ -328,9 +327,11 @@ static int dirty_and_release_pages(struct btrfs_trans_handle *trans, | |||
328 | aligned_end, aligned_end, &hint_byte); | 327 | aligned_end, aligned_end, &hint_byte); |
329 | if (err) | 328 | if (err) |
330 | goto failed; | 329 | goto failed; |
330 | if (isize > inline_size) | ||
331 | inline_size = min_t(u64, isize, aligned_end); | ||
332 | inline_size -= start_pos; | ||
331 | err = insert_inline_extent(trans, root, inode, start_pos, | 333 | err = insert_inline_extent(trans, root, inode, start_pos, |
332 | end_pos - start_pos, pages, 0, | 334 | inline_size, pages, 0, num_pages); |
333 | num_pages); | ||
334 | BUG_ON(err); | 335 | BUG_ON(err); |
335 | } | 336 | } |
336 | if (end_pos > isize) { | 337 | if (end_pos > isize) { |