diff options
author | Lukas Czerner <lczerner@redhat.com> | 2014-04-12 09:56:41 -0400 |
---|---|---|
committer | Theodore Ts'o <tytso@mit.edu> | 2014-04-12 09:56:41 -0400 |
commit | 23fffa925ea2c9a2bcb1a4453e2c542635aa3545 (patch) | |
tree | ada18ccc75346035bea8c684344fa2da6eac9f5b /fs | |
parent | 8fc61d92630d1c96057a94c61e1643475045b25b (diff) |
fs: move falloc collapse range check into the filesystem methods
Currently in do_fallocate in collapse range case we're checking
whether offset + len is not bigger than i_size. However there is
nothing which would prevent i_size from changing so the check is
pointless. It should be done in the file system itself and the file
system needs to make sure that i_size is not going to change. The
i_size check for the other fallocate modes are also done in the
filesystems.
As it is now we can easily crash the kernel by having two processes
doing truncate and fallocate collapse range at the same time. This
can be reproduced on ext4 and it is theoretically possible on xfs even
though I was not able to trigger it with this simple test.
This commit removes the check from do_fallocate and adds it to the
file system.
Signed-off-by: Lukas Czerner <lczerner@redhat.com>
Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
Acked-by: Dave Chinner <david@fromorbit.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Diffstat (limited to 'fs')
-rw-r--r-- | fs/ext4/extents.c | 11 | ||||
-rw-r--r-- | fs/open.c | 8 | ||||
-rw-r--r-- | fs/xfs/xfs_file.c | 10 |
3 files changed, 18 insertions, 11 deletions
diff --git a/fs/ext4/extents.c b/fs/ext4/extents.c index ed4ec48239b6..ac5460d0d133 100644 --- a/fs/ext4/extents.c +++ b/fs/ext4/extents.c | |||
@@ -5368,8 +5368,6 @@ int ext4_collapse_range(struct inode *inode, loff_t offset, loff_t len) | |||
5368 | loff_t new_size; | 5368 | loff_t new_size; |
5369 | int ret; | 5369 | int ret; |
5370 | 5370 | ||
5371 | BUG_ON(offset + len > i_size_read(inode)); | ||
5372 | |||
5373 | /* Collapse range works only on fs block size aligned offsets. */ | 5371 | /* Collapse range works only on fs block size aligned offsets. */ |
5374 | if (offset & (EXT4_BLOCK_SIZE(sb) - 1) || | 5372 | if (offset & (EXT4_BLOCK_SIZE(sb) - 1) || |
5375 | len & (EXT4_BLOCK_SIZE(sb) - 1)) | 5373 | len & (EXT4_BLOCK_SIZE(sb) - 1)) |
@@ -5398,6 +5396,15 @@ int ext4_collapse_range(struct inode *inode, loff_t offset, loff_t len) | |||
5398 | /* Take mutex lock */ | 5396 | /* Take mutex lock */ |
5399 | mutex_lock(&inode->i_mutex); | 5397 | mutex_lock(&inode->i_mutex); |
5400 | 5398 | ||
5399 | /* | ||
5400 | * There is no need to overlap collapse range with EOF, in which case | ||
5401 | * it is effectively a truncate operation | ||
5402 | */ | ||
5403 | if (offset + len >= i_size_read(inode)) { | ||
5404 | ret = -EINVAL; | ||
5405 | goto out_mutex; | ||
5406 | } | ||
5407 | |||
5401 | if (IS_SWAPFILE(inode)) { | 5408 | if (IS_SWAPFILE(inode)) { |
5402 | ret = -ETXTBSY; | 5409 | ret = -ETXTBSY; |
5403 | goto out_mutex; | 5410 | goto out_mutex; |
@@ -284,14 +284,6 @@ int do_fallocate(struct file *file, int mode, loff_t offset, loff_t len) | |||
284 | if (((offset + len) > inode->i_sb->s_maxbytes) || ((offset + len) < 0)) | 284 | if (((offset + len) > inode->i_sb->s_maxbytes) || ((offset + len) < 0)) |
285 | return -EFBIG; | 285 | return -EFBIG; |
286 | 286 | ||
287 | /* | ||
288 | * There is no need to overlap collapse range with EOF, in which case | ||
289 | * it is effectively a truncate operation | ||
290 | */ | ||
291 | if ((mode & FALLOC_FL_COLLAPSE_RANGE) && | ||
292 | (offset + len >= i_size_read(inode))) | ||
293 | return -EINVAL; | ||
294 | |||
295 | if (!file->f_op->fallocate) | 287 | if (!file->f_op->fallocate) |
296 | return -EOPNOTSUPP; | 288 | return -EOPNOTSUPP; |
297 | 289 | ||
diff --git a/fs/xfs/xfs_file.c b/fs/xfs/xfs_file.c index f7abff8c16ca..3cb528c4f27c 100644 --- a/fs/xfs/xfs_file.c +++ b/fs/xfs/xfs_file.c | |||
@@ -840,7 +840,15 @@ xfs_file_fallocate( | |||
840 | goto out_unlock; | 840 | goto out_unlock; |
841 | } | 841 | } |
842 | 842 | ||
843 | ASSERT(offset + len < i_size_read(inode)); | 843 | /* |
844 | * There is no need to overlap collapse range with EOF, | ||
845 | * in which case it is effectively a truncate operation | ||
846 | */ | ||
847 | if (offset + len >= i_size_read(inode)) { | ||
848 | error = -EINVAL; | ||
849 | goto out_unlock; | ||
850 | } | ||
851 | |||
844 | new_size = i_size_read(inode) - len; | 852 | new_size = i_size_read(inode) - len; |
845 | 853 | ||
846 | error = xfs_collapse_file_space(ip, offset, len); | 854 | error = xfs_collapse_file_space(ip, offset, len); |