[PATCH] ext4: avoid clearing beyond i_blocks when truncating an inline data file

linux-ext4.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH] ext4: avoid clearing beyond i_blocks when truncating an inline data file
@ 2014-01-07 17:57 Theodore Ts'o
  2014-01-07 17:58 ` Theodore Ts'o
  2014-01-08 21:46 ` Jan Kara
  0 siblings, 2 replies; 3+ messages in thread
From: Theodore Ts'o @ 2014-01-07 17:57 UTC (permalink / raw)
  To: Ext4 Developers List; +Cc: Theodore Ts'o, stable

A missing cast means that when we are truncating a file which is less
than 60 bytes, we don't trunate the wrong area of memory, and in fact
we can end up truncating the next inode in the inode table, or worse
yet, some other kernel data structure.

Addresses-Coverity-Id: #751987

Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
Cc: stable@vger.kernel.org
---
 fs/ext4/inline.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/fs/ext4/inline.c b/fs/ext4/inline.c
index c417e52..ed29e72 100644
--- a/fs/ext4/inline.c
+++ b/fs/ext4/inline.c
@@ -1928,9 +1928,11 @@ void ext4_inline_data_truncate(struct inode *inode, int *has_inline)
 		}
 
 		/* Clear the content within i_blocks. */
-		if (i_size < EXT4_MIN_INLINE_DATA_SIZE)
-			memset(ext4_raw_inode(&is.iloc)->i_block + i_size, 0,
-					EXT4_MIN_INLINE_DATA_SIZE - i_size);
+		if (i_size < EXT4_MIN_INLINE_DATA_SIZE) {
+			void *p = (void *) ext4_raw_inode(&is.iloc)->i_block;
+			memset(p + i_size, 0,
+			       EXT4_MIN_INLINE_DATA_SIZE - i_size);
+		}
 
 		EXT4_I(inode)->i_inline_size = i_size <
 					EXT4_MIN_INLINE_DATA_SIZE ?
-- 
1.8.5.rc3.362.gdf10213


^ permalink raw reply related	[flat|nested] 3+ messages in thread

* Re: [PATCH] ext4: avoid clearing beyond i_blocks when truncating an inline data file
  2014-01-07 17:57 [PATCH] ext4: avoid clearing beyond i_blocks when truncating an inline data file Theodore Ts'o
@ 2014-01-07 17:58 ` Theodore Ts'o
  2014-01-08 21:46 ` Jan Kara
  1 sibling, 0 replies; 3+ messages in thread
From: Theodore Ts'o @ 2014-01-07 17:58 UTC (permalink / raw)
  To: Ext4 Developers List; +Cc: stable

On Tue, Jan 07, 2014 at 12:57:17PM -0500, Theodore Ts'o wrote:
> A missing cast means that when we are truncating a file which is less
> than 60 bytes, we don't trunate the wrong area of memory, and in fact
> we can end up truncating the next inode in the inode table, or worse
> yet, some other kernel data structure.

s/trunate the wrong/clear the correct/

						- Ted

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH] ext4: avoid clearing beyond i_blocks when truncating an inline data file
  2014-01-07 17:57 [PATCH] ext4: avoid clearing beyond i_blocks when truncating an inline data file Theodore Ts'o
  2014-01-07 17:58 ` Theodore Ts'o
@ 2014-01-08 21:46 ` Jan Kara
  1 sibling, 0 replies; 3+ messages in thread
From: Jan Kara @ 2014-01-08 21:46 UTC (permalink / raw)
  To: Theodore Ts'o; +Cc: Ext4 Developers List, stable

On Tue 07-01-14 12:57:17, Ted Tso wrote:
> A missing cast means that when we are truncating a file which is less
> than 60 bytes, we don't trunate the wrong area of memory, and in fact
> we can end up truncating the next inode in the inode table, or worse
> yet, some other kernel data structure.
  Looks good (after updating the changelog as you suggested). You can add:
Reviewed-by: Jan Kara <jack@suse.cz>

								Honza
> 
> Addresses-Coverity-Id: #751987
> 
> Signed-off-by: "Theodore Ts'o" <tytso@mit.edu>
> Cc: stable@vger.kernel.org
> ---
>  fs/ext4/inline.c | 8 +++++---
>  1 file changed, 5 insertions(+), 3 deletions(-)
> 
> diff --git a/fs/ext4/inline.c b/fs/ext4/inline.c
> index c417e52..ed29e72 100644
> --- a/fs/ext4/inline.c
> +++ b/fs/ext4/inline.c
> @@ -1928,9 +1928,11 @@ void ext4_inline_data_truncate(struct inode *inode, int *has_inline)
>  		}
>  
>  		/* Clear the content within i_blocks. */
> -		if (i_size < EXT4_MIN_INLINE_DATA_SIZE)
> -			memset(ext4_raw_inode(&is.iloc)->i_block + i_size, 0,
> -					EXT4_MIN_INLINE_DATA_SIZE - i_size);
> +		if (i_size < EXT4_MIN_INLINE_DATA_SIZE) {
> +			void *p = (void *) ext4_raw_inode(&is.iloc)->i_block;
> +			memset(p + i_size, 0,
> +			       EXT4_MIN_INLINE_DATA_SIZE - i_size);
> +		}
>  
>  		EXT4_I(inode)->i_inline_size = i_size <
>  					EXT4_MIN_INLINE_DATA_SIZE ?
> -- 
> 1.8.5.rc3.362.gdf10213
> 
> --
> To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
-- 
Jan Kara <jack@suse.cz>
SUSE Labs, CR

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2014-01-08 21:46 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-01-07 17:57 [PATCH] ext4: avoid clearing beyond i_blocks when truncating an inline data file Theodore Ts'o
2014-01-07 17:58 ` Theodore Ts'o
2014-01-08 21:46 ` Jan Kara

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).