lk/linux-kernel-test
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

[PATCH] fs: fix nobh data leak

Browse Source 
nobh_prepare_write leaks data similarly to how simple_prepare_write did. Fix
by not marking the page uptodate until nobh_commit_write time. Again, this
could break weird use-cases, but none appear to exist in the tree.

We can safely remove the set_page_dirty, because as the comment says,
nobh_commit_write does set_page_dirty. If a filesystem wants to allocate
backing store for a page dirtied via mmap, page_mkwrite is the suggested
approach.

Signed-off-by: Nick Piggin <npiggin@suse.de>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
This commit is contained in:
Nick Piggin
2007-02-20 13:58:09 -08:00
committed by Linus Torvalds
parent 955eff5acc
commit 22c8ca78f2
1 changed files with 3 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
fs/buffer.c
View File

@@ -2248,7 +2248,6 @@ int nobh_prepare_write(struct page *page, unsigned from, unsigned to,
int i; int i;
int ret = 0; int ret = 0;
int is_mapped_to_disk = 1; int is_mapped_to_disk = 1;
int dirtied_it = 0;
if (PageMappedToDisk(page)) if (PageMappedToDisk(page))
return 0; return 0;
@@ -2285,14 +2284,10 @@ int nobh_prepare_write(struct page *page, unsigned from, unsigned to,
continue; continue;
if (buffer_new(&map_bh) || !buffer_mapped(&map_bh)) { if (buffer_new(&map_bh) || !buffer_mapped(&map_bh)) {
kaddr = kmap_atomic(page, KM_USER0); kaddr = kmap_atomic(page, KM_USER0);
if (block_start < from) { if (block_start < from)
memset(kaddr+block_start, 0, from-block_start); memset(kaddr+block_start, 0, from-block_start);
dirtied_it = 1; if (block_end > to)
}
if (block_end > to) {
memset(kaddr + to, 0, block_end - to); memset(kaddr + to, 0, block_end - to);
dirtied_it = 1;
}
flush_dcache_page(page); flush_dcache_page(page);
kunmap_atomic(kaddr, KM_USER0); kunmap_atomic(kaddr, KM_USER0);
continue; continue;
@@ -2347,17 +2342,6 @@ int nobh_prepare_write(struct page *page, unsigned from, unsigned to,
if (is_mapped_to_disk) if (is_mapped_to_disk)
SetPageMappedToDisk(page); SetPageMappedToDisk(page);
SetPageUptodate(page);
/*
* Setting the page dirty here isn't necessary for the prepare_write
* function - commit_write will do that. But if/when this function is
* used within the pagefault handler to ensure that all mmapped pages
* have backing space in the filesystem, we will need to dirty the page
* if its contents were altered.
*/
if (dirtied_it)
set_page_dirty(page);
return 0; return 0;
@@ -2387,6 +2371,7 @@ int nobh_commit_write(struct file *file, struct page *page,
struct inode *inode = page->mapping->host; struct inode *inode = page->mapping->host;
loff_t pos = ((loff_t)page->index << PAGE_CACHE_SHIFT) + to; loff_t pos = ((loff_t)page->index << PAGE_CACHE_SHIFT) + to;
SetPageUptodate(page);
set_page_dirty(page); set_page_dirty(page);
if (pos > inode->i_size) { if (pos > inode->i_size) {
i_size_write(inode, pos); i_size_write(inode, pos);