diff mbox

fs: Do to trim high file position bits in iomap_page_mkwrite_actor

Message ID 1476963342-26989-1-git-send-email-jack@suse.cz (mailing list archive)
State New, archived
Headers show

Commit Message

Jan Kara Oct. 20, 2016, 11:35 a.m. UTC 
iomap_page_mkwrite_actor() calls __block_write_begin_int() with position
masked as pos & ~PAGE_MASK which is equivalent to pos & (PAGE_SIZE-1).
Thus it masks off high bits of file position. However
__block_write_begin_int() expects full file position on input. This does
not cause any visible issues because all __block_write_begin_int()
really cares about are low file position bits but still it is a bug
waiting to happen.

Signed-off-by: Jan Kara <jack@suse.cz>
---
 fs/iomap.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

Comments

Christoph Hellwig Oct. 21, 2016, 12:06 p.m. UTC | #1 
Looks fine,

Reviewed-by: Christoph Hellwig <hch@lst.de>

--
To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Dave Chinner Oct. 24, 2016, 3:23 a.m. UTC | #2 
On Thu, Oct 20, 2016 at 01:35:42PM +0200, Jan Kara wrote:
> iomap_page_mkwrite_actor() calls __block_write_begin_int() with position
> masked as pos & ~PAGE_MASK which is equivalent to pos & (PAGE_SIZE-1).
> Thus it masks off high bits of file position. However
> __block_write_begin_int() expects full file position on input. This does
> not cause any visible issues because all __block_write_begin_int()
> really cares about are low file position bits but still it is a bug
> waiting to happen.
> 
> Signed-off-by: Jan Kara <jack@suse.cz>
> ---
>  fs/iomap.c | 3 +--
>  1 file changed, 1 insertion(+), 2 deletions(-)
> 
> diff --git a/fs/iomap.c b/fs/iomap.c
> index 013d1d36fbbf..3341907eefc7 100644
> --- a/fs/iomap.c
> +++ b/fs/iomap.c
> @@ -433,8 +433,7 @@ iomap_page_mkwrite_actor(struct inode *inode, loff_t pos, loff_t length,
>  	struct page *page = data;
>  	int ret;
>  
> -	ret = __block_write_begin_int(page, pos & ~PAGE_MASK, length,
> -			NULL, iomap);
> +	ret = __block_write_begin_int(page, pos, length, NULL, iomap);
>  	if (ret)
>  		return ret;

Looks good. I've added it to my -rc3 fixes series.

Cheers,

Dave.
diff mbox

Patch

diff --git a/fs/iomap.c b/fs/iomap.c
index 013d1d36fbbf..3341907eefc7 100644
--- a/fs/iomap.c
+++ b/fs/iomap.c
@@ -433,8 +433,7 @@  iomap_page_mkwrite_actor(struct inode *inode, loff_t pos, loff_t length,
 	struct page *page = data;
 	int ret;
 
-	ret = __block_write_begin_int(page, pos & ~PAGE_MASK, length,
-			NULL, iomap);
+	ret = __block_write_begin_int(page, pos, length, NULL, iomap);
 	if (ret)
 		return ret;