diff options
author | Dave Chinner <dchinner@redhat.com> | 2012-11-14 17:42:47 +1100 |
---|---|---|
committer | Ben Myers <bpm@sgi.com> | 2012-11-14 15:11:19 -0600 |
commit | f5b8911b67eb4f15d95d5e5324d376d4a49d56e8 (patch) | |
tree | 35c98fdcbefd3c8a52d062f73775cde9aaac75d6 /fs/xfs/xfs_vnodeops.c | |
parent | de497688daaabbab425a8a969528272ec1d962a6 (diff) |
xfs: remove xfs_tosspages
It's a buggy, unnecessary wrapper that is duplicating
truncate_pagecache_range().
When replacing the call in xfs_change_file_space(), also ensure that
the length being allocated/freed is always positive before making
any changes. These checks are done in the lower extent manipulation
functions, too, but we need to do them before any page cache
operations.
Reported-by: Andrew Dahl <adahl@sgi.com>
Signed-off-by: Dave Chinner <dchinner@redhat.com>
Reviewed-By: Andrew Dahl <adahl@sgi.com>
Signed-off-by: Ben Myers <bpm@sgi.com>
Diffstat (limited to 'fs/xfs/xfs_vnodeops.c')
-rw-r--r-- | fs/xfs/xfs_vnodeops.c | 30 |
1 files changed, 25 insertions, 5 deletions
diff --git a/fs/xfs/xfs_vnodeops.c b/fs/xfs/xfs_vnodeops.c index c2ddd7a43942..de3702a57e55 100644 --- a/fs/xfs/xfs_vnodeops.c +++ b/fs/xfs/xfs_vnodeops.c @@ -2118,7 +2118,7 @@ xfs_change_file_space( xfs_fsize_t fsize; int setprealloc; xfs_off_t startoffset; - xfs_off_t llen; + xfs_off_t end; xfs_trans_t *tp; struct iattr iattr; int prealloc_type; @@ -2139,12 +2139,30 @@ xfs_change_file_space( return XFS_ERROR(EINVAL); } - llen = bf->l_len > 0 ? bf->l_len - 1 : bf->l_len; + /* + * length of <= 0 for resv/unresv/zero is invalid. length for + * alloc/free is ignored completely and we have no idea what userspace + * might have set it to, so set it to zero to allow range + * checks to pass. + */ + switch (cmd) { + case XFS_IOC_ZERO_RANGE: + case XFS_IOC_RESVSP: + case XFS_IOC_RESVSP64: + case XFS_IOC_UNRESVSP: + case XFS_IOC_UNRESVSP64: + if (bf->l_len <= 0) + return XFS_ERROR(EINVAL); + break; + default: + bf->l_len = 0; + break; + } if (bf->l_start < 0 || bf->l_start > mp->m_super->s_maxbytes || - bf->l_start + llen < 0 || - bf->l_start + llen > mp->m_super->s_maxbytes) + bf->l_start + bf->l_len < 0 || + bf->l_start + bf->l_len >= mp->m_super->s_maxbytes) return XFS_ERROR(EINVAL); bf->l_whence = 0; @@ -2169,7 +2187,9 @@ xfs_change_file_space( switch (cmd) { case XFS_IOC_ZERO_RANGE: prealloc_type |= XFS_BMAPI_CONVERT; - xfs_tosspages(ip, startoffset, startoffset + bf->l_len, 0); + end = round_down(startoffset + bf->l_len, PAGE_SIZE) - 1; + if (startoffset > end) + truncate_pagecache_range(VFS_I(ip), startoffset, end); /* FALLTHRU */ case XFS_IOC_RESVSP: case XFS_IOC_RESVSP64: |