From: Joel Becker <Joel.Becker@oracle.com>
To: ocfs2-devel@oss.oracle.com
Subject: [Ocfs2-devel] ocfs2: question about dlmfs_file_read()
Date: Fri, 23 Apr 2010 15:27:17 -0700 [thread overview]
Message-ID: <20100423222716.GF8330@mail.oracle.com> (raw)
In-Reply-To: <4BD21A00.3020205@oracle.com>
On Fri, Apr 23, 2010 at 03:06:56PM -0700, Sunil Mushran wrote:
> Joel Becker wrote:
> > On Sun, Apr 18, 2010 at 10:32:01PM +0300, Dan Carpenter wrote:
> >
> >> Hello list,
> >>
> >> I was looking through the code for something unrelated and I got
> >> confused by this.
> >>
> >> fs/ocfs2/dlmfs/dlmfs.c dlmfs_file_read()
> >> 261 /* don't read past the lvb */
> >> 262 if ((count + *ppos) > i_size_read(inode))
> >> 263 readlen = i_size_read(inode) - *ppos;
> >> 264 else
> >> 265 readlen = count - *ppos;
> >>
> >> Shouldn't "readlen" just be "count" here? What prevents it from
> >> being a negative number?
> >>
> >> 266
> >> 267 lvb_buf = kmalloc(readlen, GFP_NOFS);
> >>
> >> Anyway, this code has been around for a long time so I'm probably
> >> missing something. I was just curious.
> >>
> >
> > No, I think you're right. Mark, Sunil, anyone?
>
> Nod.
Ok, I've pushed this fix to the 'fixes' branch of ocfs2.git.
Joel
From a36d515c7a2dfacebcf41729f6812dbc424ebcf0 Mon Sep 17 00:00:00 2001
From: Joel Becker <joel.becker@oracle.com>
Date: Fri, 23 Apr 2010 15:24:59 -0700
Subject: [PATCH] ocfs2_dlmfs: Fix math error when reading LVB.
When asked for a partial read of the LVB in a dlmfs file, we can
accidentally calculate a negative count.
Reported-by: Dan Carpenter <error27@gmail.com>
Cc: <stable@kernel.org>
Signed-off-by: Joel Becker <joel.becker@oracle.com>
---
fs/ocfs2/dlmfs/dlmfs.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/fs/ocfs2/dlmfs/dlmfs.c b/fs/ocfs2/dlmfs/dlmfs.c
index a99d1ea..b83d610 100644
--- a/fs/ocfs2/dlmfs/dlmfs.c
+++ b/fs/ocfs2/dlmfs/dlmfs.c
@@ -262,7 +262,7 @@ static ssize_t dlmfs_file_read(struct file *filp,
if ((count + *ppos) > i_size_read(inode))
readlen = i_size_read(inode) - *ppos;
else
- readlen = count - *ppos;
+ readlen = count;
lvb_buf = kmalloc(readlen, GFP_NOFS);
if (!lvb_buf)
--
1.7.0.4
--
Life's Little Instruction Book #139
"Never deprive someone of hope; it might be all they have."
Joel Becker
Principal Software Developer
Oracle
E-mail: joel.becker at oracle.com
Phone: (650) 506-8127
prev parent reply other threads:[~2010-04-23 22:27 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-04-18 19:32 [Ocfs2-devel] ocfs2: question about dlmfs_file_read() Dan Carpenter
2010-04-23 20:50 ` Joel Becker
2010-04-23 22:06 ` Sunil Mushran
2010-04-23 22:27 ` Joel Becker [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20100423222716.GF8330@mail.oracle.com \
--to=joel.becker@oracle.com \
--cc=ocfs2-devel@oss.oracle.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).