aboutsummaryrefslogtreecommitdiffstats
path: root/fs/buffer.c
diff options
context:
space:
mode:
authorJan Kara <jack@suse.cz>2014-10-01 21:49:18 -0400
committerBen Hutchings <ben@decadent.org.uk>2014-12-14 16:23:46 +0000
commitcf1e28c9646eb4f6062b14fdef1317ec856d4274 (patch)
tree0c948bbb706ab64d89d80090a35898a28f9ff001 /fs/buffer.c
parent877189882ca0d22b04c30b008a02296ea80a6164 (diff)
downloadkernel_samsung_smdk4412-cf1e28c9646eb4f6062b14fdef1317ec856d4274.zip
kernel_samsung_smdk4412-cf1e28c9646eb4f6062b14fdef1317ec856d4274.tar.gz
kernel_samsung_smdk4412-cf1e28c9646eb4f6062b14fdef1317ec856d4274.tar.bz2
vfs: fix data corruption when blocksize < pagesize for mmaped data
commit 90a8020278c1598fafd071736a0846b38510309c upstream. ->page_mkwrite() is used by filesystems to allocate blocks under a page which is becoming writeably mmapped in some process' address space. This allows a filesystem to return a page fault if there is not enough space available, user exceeds quota or similar problem happens, rather than silently discarding data later when writepage is called. However VFS fails to call ->page_mkwrite() in all the cases where filesystems need it when blocksize < pagesize. For example when blocksize = 1024, pagesize = 4096 the following is problematic: ftruncate(fd, 0); pwrite(fd, buf, 1024, 0); map = mmap(NULL, 1024, PROT_WRITE, MAP_SHARED, fd, 0); map[0] = 'a'; ----> page_mkwrite() for index 0 is called ftruncate(fd, 10000); /* or even pwrite(fd, buf, 1, 10000) */ mremap(map, 1024, 10000, 0); map[4095] = 'a'; ----> no page_mkwrite() called At the moment ->page_mkwrite() is called, filesystem can allocate only one block for the page because i_size == 1024. Otherwise it would create blocks beyond i_size which is generally undesirable. But later at ->writepage() time, we also need to store data at offset 4095 but we don't have block allocated for it. This patch introduces a helper function filesystems can use to have ->page_mkwrite() called at all the necessary moments. Signed-off-by: Jan Kara <jack@suse.cz> Signed-off-by: Theodore Ts'o <tytso@mit.edu> [bwh: Backported to 3.2: - Adjust context - truncate_setsize() already has an oldsize variable] Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Diffstat (limited to 'fs/buffer.c')
-rw-r--r--fs/buffer.c3
1 files changed, 3 insertions, 0 deletions
diff --git a/fs/buffer.c b/fs/buffer.c
index 59496e7..4d07275 100644
--- a/fs/buffer.c
+++ b/fs/buffer.c
@@ -2019,6 +2019,7 @@ int generic_write_end(struct file *file, struct address_space *mapping,
struct page *page, void *fsdata)
{
struct inode *inode = mapping->host;
+ loff_t old_size = inode->i_size;
int i_size_changed = 0;
copied = block_write_end(file, mapping, pos, len, copied, page, fsdata);
@@ -2038,6 +2039,8 @@ int generic_write_end(struct file *file, struct address_space *mapping,
unlock_page(page);
page_cache_release(page);
+ if (old_size < pos)
+ pagecache_isize_extended(inode, old_size, pos);
/*
* Don't mark the inode dirty under page lock. First, it unnecessarily
* makes the holding time of page lock longer. Second, it forces lock
generated by cgit v1.1 at 2024-05-13 00:36:44 +0000