From mboxrd@z Thu Jan  1 00:00:00 1970
From: Linus Torvalds <torvalds@linux-foundation.org>
Subject: Re: [PATCH 1/1] ext4, dio: Remove overflow for size >2G in aio-dio code.
Date: Sun, 20 May 2012 21:50:24 -0700
Message-ID: <CA+55aFxA0Do37AxoM2MPH5nnMa2VAPHp1pKJ7CiafGGQL-b0wQ@mail.gmail.com>
References: <F9014F50-D1F6-4B64-8535-7452CC64B18A@qualexsystems.com>
 <1337500880.16053.YahooMailNeo@web192405.mail.sg3.yahoo.com>
 <CA+55aFwTN_uFXnoLo=uJnA21FeUs_92c8FvMY6-aXk=UmF1zgQ@mail.gmail.com> <1337570918.78986.YahooMailNeo@web192406.mail.sg3.yahoo.com>
Mime-Version: 1.0
Content-Type: multipart/mixed; boundary=0016e6d58aeb12ed3d04c084a5af
Cc: "tytso@mit.edu" <tytso@mit.edu>,
	"adilger.kernel@dilger.ca" <adilger.kernel@dilger.ca>,
	"linux-fsdevel@vger.kernel.org" <linux-fsdevel@vger.kernel.org>
To: manish honap <manish_honap_vit@yahoo.co.in>
Return-path: <linux-fsdevel-owner@vger.kernel.org>
Received: from mail-we0-f174.google.com ([74.125.82.174]:51350 "EHLO
	mail-we0-f174.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1751745Ab2EUEuq (ORCPT
	<rfc822;linux-fsdevel@vger.kernel.org>);
	Mon, 21 May 2012 00:50:46 -0400
Received: by weyu7 with SMTP id u7so2927665wey.19
        for <linux-fsdevel@vger.kernel.org>; Sun, 20 May 2012 21:50:44 -0700 (PDT)
In-Reply-To: <1337570918.78986.YahooMailNeo@web192406.mail.sg3.yahoo.com>
Sender: linux-fsdevel-owner@vger.kernel.org
List-ID: <linux-fsdevel.vger.kernel.org>

--0016e6d58aeb12ed3d04c084a5af
Content-Type: text/plain; charset=ISO-8859-1

On Sun, May 20, 2012 at 8:28 PM, manish honap
<manish_honap_vit@yahoo.co.in> wrote:
> Hello Linus,
>
> The overflow issue was seen during async dio path

Christ. fs/aio.c doesn't do the proper rw_verify_area().

As a result, it doesn't check file locks, and it doesn't seem to check
offset overflows either.

The vector versions kind of get the size limit by mistake (because
they at least use rw_copy_check_uvector(), which does limit things to
MAX_RW_COUNT), but they don't do the offset overflow check either.

Does this patch work for you? What it *should* do is the same that the
other read/write paths do (and the vector path for aio already do),
namely truncate reads or writes to MAX_RW_COUNT (which is INT_MAX
aligned down to a page).

This patch is entirely untested,

                     Linus

--0016e6d58aeb12ed3d04c084a5af
Content-Type: application/octet-stream; name="patch.diff"
Content-Disposition: attachment; filename="patch.diff"
Content-Transfer-Encoding: base64
X-Attachment-Id: f_h2h23tty0

IGZzL2Fpby5jIHwgMzAgKysrKysrKysrKysrKystLS0tLS0tLS0tLS0tLS0tCiAxIGZpbGUgY2hh
bmdlZCwgMTQgaW5zZXJ0aW9ucygrKSwgMTYgZGVsZXRpb25zKC0pCgpkaWZmIC0tZ2l0IGEvZnMv
YWlvLmMgYi9mcy9haW8uYwppbmRleCA2N2E2ZGIzZTFiNmYuLmU3ZjJmYWQ3YjRjZSAxMDA2NDQK
LS0tIGEvZnMvYWlvLmMKKysrIGIvZnMvYWlvLmMKQEAgLTE0NTYsNiArMTQ1NiwxMCBAQCBzdGF0
aWMgc3NpemVfdCBhaW9fc2V0dXBfdmVjdG9yZWRfcncoaW50IHR5cGUsIHN0cnVjdCBraW9jYiAq
a2lvY2IsIGJvb2wgY29tcGF0KQogCWlmIChyZXQgPCAwKQogCQlnb3RvIG91dDsKIAorCXJldCA9
IHJ3X3ZlcmlmeV9hcmVhKHR5cGUsIGtpb2NiLT5raV9maWxwLCAma2lvY2ItPmtpX3BvcywgcmV0
KTsKKwlpZiAocmV0IDwgMCkKKwkJZ290byBvdXQ7CisKIAlraW9jYi0+a2lfbnJfc2VncyA9IGtp
b2NiLT5raV9uYnl0ZXM7CiAJa2lvY2ItPmtpX2N1cl9zZWcgPSAwOwogCS8qIGtpX25ieXRlcy9s
ZWZ0IG5vdyByZWZsZWN0IGJ5dGVzIGluc3RlYWQgb2Ygc2VncyAqLwpAQCAtMTQ2NywxMSArMTQ3
MSwxNyBAQCBvdXQ6CiAJcmV0dXJuIHJldDsKIH0KIAotc3RhdGljIHNzaXplX3QgYWlvX3NldHVw
X3NpbmdsZV92ZWN0b3Ioc3RydWN0IGtpb2NiICpraW9jYikKK3N0YXRpYyBzc2l6ZV90IGFpb19z
ZXR1cF9zaW5nbGVfdmVjdG9yKGludCB0eXBlLCBzdHJ1Y3QgZmlsZSAqIGZpbGUsIHN0cnVjdCBr
aW9jYiAqa2lvY2IpCiB7CisJaW50IGJ5dGVzOworCisJYnl0ZXMgPSByd192ZXJpZnlfYXJlYSh0
eXBlLCBmaWxlLCAma2lvY2ItPmtpX3Bvcywga2lvY2ItPmtpX2xlZnQpOworCWlmIChieXRlcyA8
IDApCisJCXJldHVybiBieXRlczsKKwogCWtpb2NiLT5raV9pb3ZlYyA9ICZraW9jYi0+a2lfaW5s
aW5lX3ZlYzsKIAlraW9jYi0+a2lfaW92ZWMtPmlvdl9iYXNlID0ga2lvY2ItPmtpX2J1ZjsKLQlr
aW9jYi0+a2lfaW92ZWMtPmlvdl9sZW4gPSBraW9jYi0+a2lfbGVmdDsKKwlraW9jYi0+a2lfaW92
ZWMtPmlvdl9sZW4gPSBieXRlczsKIAlraW9jYi0+a2lfbnJfc2VncyA9IDE7CiAJa2lvY2ItPmtp
X2N1cl9zZWcgPSAwOwogCXJldHVybiAwOwpAQCAtMTQ5NiwxMCArMTUwNiw3IEBAIHN0YXRpYyBz
c2l6ZV90IGFpb19zZXR1cF9pb2NiKHN0cnVjdCBraW9jYiAqa2lvY2IsIGJvb2wgY29tcGF0KQog
CQlpZiAodW5saWtlbHkoIWFjY2Vzc19vayhWRVJJRllfV1JJVEUsIGtpb2NiLT5raV9idWYsCiAJ
CQlraW9jYi0+a2lfbGVmdCkpKQogCQkJYnJlYWs7Ci0JCXJldCA9IHNlY3VyaXR5X2ZpbGVfcGVy
bWlzc2lvbihmaWxlLCBNQVlfUkVBRCk7Ci0JCWlmICh1bmxpa2VseShyZXQpKQotCQkJYnJlYWs7
Ci0JCXJldCA9IGFpb19zZXR1cF9zaW5nbGVfdmVjdG9yKGtpb2NiKTsKKwkJcmV0ID0gYWlvX3Nl
dHVwX3NpbmdsZV92ZWN0b3IoUkVBRCwgZmlsZSwga2lvY2IpOwogCQlpZiAocmV0KQogCQkJYnJl
YWs7CiAJCXJldCA9IC1FSU5WQUw7CkBAIC0xNTE0LDEwICsxNTIxLDcgQEAgc3RhdGljIHNzaXpl
X3QgYWlvX3NldHVwX2lvY2Ioc3RydWN0IGtpb2NiICpraW9jYiwgYm9vbCBjb21wYXQpCiAJCWlm
ICh1bmxpa2VseSghYWNjZXNzX29rKFZFUklGWV9SRUFELCBraW9jYi0+a2lfYnVmLAogCQkJa2lv
Y2ItPmtpX2xlZnQpKSkKIAkJCWJyZWFrOwotCQlyZXQgPSBzZWN1cml0eV9maWxlX3Blcm1pc3Np
b24oZmlsZSwgTUFZX1dSSVRFKTsKLQkJaWYgKHVubGlrZWx5KHJldCkpCi0JCQlicmVhazsKLQkJ
cmV0ID0gYWlvX3NldHVwX3NpbmdsZV92ZWN0b3Ioa2lvY2IpOworCQlyZXQgPSBhaW9fc2V0dXBf
c2luZ2xlX3ZlY3RvcihXUklURSwgZmlsZSwga2lvY2IpOwogCQlpZiAocmV0KQogCQkJYnJlYWs7
CiAJCXJldCA9IC1FSU5WQUw7CkBAIC0xNTI4LDkgKzE1MzIsNiBAQCBzdGF0aWMgc3NpemVfdCBh
aW9fc2V0dXBfaW9jYihzdHJ1Y3Qga2lvY2IgKmtpb2NiLCBib29sIGNvbXBhdCkKIAkJcmV0ID0g
LUVCQURGOwogCQlpZiAodW5saWtlbHkoIShmaWxlLT5mX21vZGUgJiBGTU9ERV9SRUFEKSkpCiAJ
CQlicmVhazsKLQkJcmV0ID0gc2VjdXJpdHlfZmlsZV9wZXJtaXNzaW9uKGZpbGUsIE1BWV9SRUFE
KTsKLQkJaWYgKHVubGlrZWx5KHJldCkpCi0JCQlicmVhazsKIAkJcmV0ID0gYWlvX3NldHVwX3Zl
Y3RvcmVkX3J3KFJFQUQsIGtpb2NiLCBjb21wYXQpOwogCQlpZiAocmV0KQogCQkJYnJlYWs7CkBA
IC0xNTQyLDkgKzE1NDMsNiBAQCBzdGF0aWMgc3NpemVfdCBhaW9fc2V0dXBfaW9jYihzdHJ1Y3Qg
a2lvY2IgKmtpb2NiLCBib29sIGNvbXBhdCkKIAkJcmV0ID0gLUVCQURGOwogCQlpZiAodW5saWtl
bHkoIShmaWxlLT5mX21vZGUgJiBGTU9ERV9XUklURSkpKQogCQkJYnJlYWs7Ci0JCXJldCA9IHNl
Y3VyaXR5X2ZpbGVfcGVybWlzc2lvbihmaWxlLCBNQVlfV1JJVEUpOwotCQlpZiAodW5saWtlbHko
cmV0KSkKLQkJCWJyZWFrOwogCQlyZXQgPSBhaW9fc2V0dXBfdmVjdG9yZWRfcncoV1JJVEUsIGtp
b2NiLCBjb21wYXQpOwogCQlpZiAocmV0KQogCQkJYnJlYWs7Cg==
--0016e6d58aeb12ed3d04c084a5af--