Btrfs: Fix u32 overflow in dirty_and_release_pages.
authorYan <yanzheng@21cn.com>
Tue, 6 Nov 2007 15:26:26 +0000 (10:26 -0500)
committerChris Mason <chris.mason@oracle.com>
Thu, 25 Sep 2008 15:03:57 +0000 (11:03 -0400)
When calculating the size of inline extent,  inode->i_size should also
be take into consideration, otherwise sys_write may drop some data
silently.  You can test this bug by:

#dd if=/dev/zero bs=4k count=1 of=test_file
#dd if=/dev/zero bs=2k count=1 of=test_file conv=notrunc

Signed-off-by: Chris Mason <chris.mason@oracle.com>
fs/btrfs/file.c

index 4e52f7e..bb98f52 100644 (file)
@@ -239,9 +239,8 @@ static int dirty_and_release_pages(struct btrfs_trans_handle *trans,
        u64 start_pos;
        u64 end_of_last_block;
        u64 end_pos = pos + write_bytes;
-       u32 inline_size;
+       u64 inline_size;
        loff_t isize = i_size_read(inode);
-
        em = alloc_extent_map(GFP_NOFS);
        if (!em)
                return -ENOMEM;
@@ -328,9 +327,11 @@ static int dirty_and_release_pages(struct btrfs_trans_handle *trans,
                                         aligned_end, aligned_end, &hint_byte);
                if (err)
                        goto failed;
+               if (isize > inline_size)
+                       inline_size = min_t(u64, isize, aligned_end);
+               inline_size -= start_pos;
                err = insert_inline_extent(trans, root, inode, start_pos,
-                                          end_pos - start_pos, pages, 0,
-                                          num_pages);
+                                          inline_size, pages, 0, num_pages);
                BUG_ON(err);
        }
        if (end_pos > isize) {