mirror of
https://github.com/followmsi/android_kernel_google_msm.git
synced 2024-11-06 23:17:41 +00:00
GFS2: Clean up stuffed file copying
If the inode size was corrupt for stuffed files, it was possible for the copying of data to overrun the block and/or page. This patch checks for that condition so that this is no longer possible. This is also preparation for the new truncate sequence patch which requires the ability to have stuffed files with larger sizes than (disk block size - sizeof(on disk inode)) with the restriction that only the initial part of the file may be non-zero. Signed-off-by: Steven Whitehouse <swhiteho@redhat.com>
This commit is contained in:
parent
4cb947b59c
commit
602c89d2e3
2 changed files with 15 additions and 10 deletions
|
@ -418,6 +418,7 @@ static int gfs2_jdata_writepages(struct address_space *mapping,
|
||||||
static int stuffed_readpage(struct gfs2_inode *ip, struct page *page)
|
static int stuffed_readpage(struct gfs2_inode *ip, struct page *page)
|
||||||
{
|
{
|
||||||
struct buffer_head *dibh;
|
struct buffer_head *dibh;
|
||||||
|
u64 dsize = i_size_read(&ip->i_inode);
|
||||||
void *kaddr;
|
void *kaddr;
|
||||||
int error;
|
int error;
|
||||||
|
|
||||||
|
@ -437,9 +438,10 @@ static int stuffed_readpage(struct gfs2_inode *ip, struct page *page)
|
||||||
return error;
|
return error;
|
||||||
|
|
||||||
kaddr = kmap_atomic(page, KM_USER0);
|
kaddr = kmap_atomic(page, KM_USER0);
|
||||||
memcpy(kaddr, dibh->b_data + sizeof(struct gfs2_dinode),
|
if (dsize > (dibh->b_size - sizeof(struct gfs2_dinode)))
|
||||||
ip->i_disksize);
|
dsize = (dibh->b_size - sizeof(struct gfs2_dinode));
|
||||||
memset(kaddr + ip->i_disksize, 0, PAGE_CACHE_SIZE - ip->i_disksize);
|
memcpy(kaddr, dibh->b_data + sizeof(struct gfs2_dinode), dsize);
|
||||||
|
memset(kaddr + dsize, 0, PAGE_CACHE_SIZE - dsize);
|
||||||
kunmap_atomic(kaddr, KM_USER0);
|
kunmap_atomic(kaddr, KM_USER0);
|
||||||
flush_dcache_page(page);
|
flush_dcache_page(page);
|
||||||
brelse(dibh);
|
brelse(dibh);
|
||||||
|
|
|
@ -72,11 +72,13 @@ static int gfs2_unstuffer_page(struct gfs2_inode *ip, struct buffer_head *dibh,
|
||||||
|
|
||||||
if (!PageUptodate(page)) {
|
if (!PageUptodate(page)) {
|
||||||
void *kaddr = kmap(page);
|
void *kaddr = kmap(page);
|
||||||
|
u64 dsize = i_size_read(inode);
|
||||||
|
|
||||||
|
if (dsize > (dibh->b_size - sizeof(struct gfs2_dinode)))
|
||||||
|
dsize = dibh->b_size - sizeof(struct gfs2_dinode);
|
||||||
|
|
||||||
memcpy(kaddr, dibh->b_data + sizeof(struct gfs2_dinode),
|
memcpy(kaddr, dibh->b_data + sizeof(struct gfs2_dinode), dsize);
|
||||||
ip->i_disksize);
|
memset(kaddr + dsize, 0, PAGE_CACHE_SIZE - dsize);
|
||||||
memset(kaddr + ip->i_disksize, 0,
|
|
||||||
PAGE_CACHE_SIZE - ip->i_disksize);
|
|
||||||
kunmap(page);
|
kunmap(page);
|
||||||
|
|
||||||
SetPageUptodate(page);
|
SetPageUptodate(page);
|
||||||
|
@ -1039,13 +1041,14 @@ static int trunc_start(struct gfs2_inode *ip, u64 size)
|
||||||
goto out;
|
goto out;
|
||||||
|
|
||||||
if (gfs2_is_stuffed(ip)) {
|
if (gfs2_is_stuffed(ip)) {
|
||||||
ip->i_disksize = size;
|
u64 dsize = size + sizeof(struct gfs2_inode);
|
||||||
ip->i_inode.i_mtime = ip->i_inode.i_ctime = CURRENT_TIME;
|
ip->i_inode.i_mtime = ip->i_inode.i_ctime = CURRENT_TIME;
|
||||||
gfs2_trans_add_bh(ip->i_gl, dibh, 1);
|
gfs2_trans_add_bh(ip->i_gl, dibh, 1);
|
||||||
gfs2_dinode_out(ip, dibh->b_data);
|
gfs2_dinode_out(ip, dibh->b_data);
|
||||||
gfs2_buffer_clear_tail(dibh, sizeof(struct gfs2_dinode) + size);
|
if (dsize > dibh->b_size)
|
||||||
|
dsize = dibh->b_size;
|
||||||
|
gfs2_buffer_clear_tail(dibh, dsize);
|
||||||
error = 1;
|
error = 1;
|
||||||
|
|
||||||
} else {
|
} else {
|
||||||
if (size & (u64)(sdp->sd_sb.sb_bsize - 1))
|
if (size & (u64)(sdp->sd_sb.sb_bsize - 1))
|
||||||
error = gfs2_block_truncate_page(ip->i_inode.i_mapping);
|
error = gfs2_block_truncate_page(ip->i_inode.i_mapping);
|
||||||
|
|
Loading…
Reference in a new issue