From: Greg KH <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: torvalds@linux-foundation.org, akpm@linux-foundation.org,
alan@lxorguk.ukuu.org.uk, Anton Blanchard <anton@samba.org>,
David Howells <dhowells@redhat.com>
Subject: [ 2/8] afs: Read of file returns EBADMSG
Date: Wed, 21 Mar 2012 14:14:50 -0700 [thread overview]
Message-ID: <20120321211448.417848299@linuxfoundation.org> (raw)
In-Reply-To: <20120321211522.GA28233@kroah.com>
3.0-stable review patch. If anyone has any objections, please let me know.
------------------
From: Anton Blanchard <anton@samba.org>
commit 2c724fb92732c0b2a5629eb8af74e82eb62ac947 upstream.
A read of a large file on an afs mount failed:
# cat junk.file > /dev/null
cat: junk.file: Bad message
Looking at the trace, call->offset wrapped since it is only an
unsigned short. In afs_extract_data:
_enter("{%u},{%zu},%d,,%zu", call->offset, len, last, count);
...
if (call->offset < count) {
if (last) {
_leave(" = -EBADMSG [%d < %zu]", call->offset, count);
return -EBADMSG;
}
Which matches the trace:
[cat ] ==> afs_extract_data({65132},{524},1,,65536)
[cat ] <== afs_extract_data() = -EBADMSG [0 < 65536]
call->offset went from 65132 to 0. Fix this by making call->offset an
unsigned int.
Signed-off-by: Anton Blanchard <anton@samba.org>
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
fs/afs/internal.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/fs/afs/internal.h
+++ b/fs/afs/internal.h
@@ -109,7 +109,7 @@ struct afs_call {
unsigned reply_size; /* current size of reply */
unsigned first_offset; /* offset into mapping[first] */
unsigned last_to; /* amount of mapping[last] */
- unsigned short offset; /* offset into received data store */
+ unsigned offset; /* offset into received data store */
unsigned char unmarshall; /* unmarshalling phase */
bool incoming; /* T if incoming call */
bool send_pages; /* T if data from mapping should be sent */
next prev parent reply other threads:[~2012-03-21 21:16 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-03-21 21:15 [ 0/8] 3.0.26-stable review Greg KH
2012-03-21 21:14 ` [ 1/8] nilfs2: fix NULL pointer dereference in nilfs_load_super_block() Greg KH
2012-03-21 21:14 ` Greg KH [this message]
2012-03-21 21:14 ` [ 3/8] afs: Remote abort can cause BUG in rxrpc code Greg KH
2012-03-21 21:14 ` [ 4/8] perf tools: Incorrect use of snprintf results in SEGV Greg KH
2012-03-21 21:14 ` [ 5/8] tcp: fix syncookie regression Greg KH
2012-03-21 21:14 ` [ 6/8] ipv6: Dont dev_hold(dev) in ip6_mc_find_dev_rcu Greg KH
2012-03-21 21:14 ` [ 7/8] iwl3945: fix possible il->txq NULL pointer dereference in delayed works Greg KH
2012-03-21 21:14 ` [ 8/8] powerpc/pmac: Fix SMP kernels on pre-core99 UP machines Greg KH
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20120321211448.417848299@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=akpm@linux-foundation.org \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=anton@samba.org \
--cc=dhowells@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.