Re: [patch] fix race in __block_prepare_write (again)

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Re: [patch] fix race in __block_prepare_write (again)

Andrew Morton-8
Anton Altaparmakov <[hidden email]> wrote:

>
> mm/filemap.c::file_buffered_write():
>
>  - It calls fault_in_pages_readable() which is completely bogus if
>  @nr_segs > 1.  It needs to be replaced by a to be written
>  "fault_in_pages_readable_iovec()".
>
>  - It increments @buf even in the iovec case thus @buf can point to
>  random memory really quickly (in the iovec case) and then it calls
>  fault_in_pages_readable() on this random memory.  Ouch...

hmm, yes.  Like this?


diff -puN mm/filemap.c~generic_file_buffered_write-fixes mm/filemap.c
--- 25/mm/filemap.c~generic_file_buffered_write-fixes 2005-04-24 14:18:58.445943000 -0700
+++ 25-akpm/mm/filemap.c 2005-04-24 14:20:21.995241576 -0700
@@ -1944,7 +1944,7 @@ generic_file_buffered_write(struct kiocb
  buf = iov->iov_base + written;
  else {
  filemap_set_next_iovec(&cur_iov, &iov_base, written);
- buf = iov->iov_base + iov_base;
+ buf = cur_iov->iov_base + iov_base;
  }
 
  do {
@@ -2002,9 +2002,11 @@ generic_file_buffered_write(struct kiocb
  count -= status;
  pos += status;
  buf += status;
- if (unlikely(nr_segs > 1))
+ if (unlikely(nr_segs > 1)) {
  filemap_set_next_iovec(&cur_iov,
  &iov_base, status);
+ buf = cur_iov->iov_base + iov_base;
+ }
  }
  }
  if (unlikely(copied != bytes))
_

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [hidden email]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/
Reply | Threaded
Open this post in threaded view
|

Re: [patch] fix race in __block_prepare_write (again)

Anton Altaparmakov
On Sun, 2005-04-24 at 14:24 -0700, Andrew Morton wrote:

> Anton Altaparmakov <[hidden email]> wrote:
> >
> > mm/filemap.c::file_buffered_write():
> >
> >  - It calls fault_in_pages_readable() which is completely bogus if
> >  @nr_segs > 1.  It needs to be replaced by a to be written
> >  "fault_in_pages_readable_iovec()".
> >
> >  - It increments @buf even in the iovec case thus @buf can point to
> >  random memory really quickly (in the iovec case) and then it calls
> >  fault_in_pages_readable() on this random memory.  Ouch...
>
> hmm, yes.  Like this?

Yes, certainly a big improvement over what is there at the moment.

> diff -puN mm/filemap.c~generic_file_buffered_write-fixes mm/filemap.c
> --- 25/mm/filemap.c~generic_file_buffered_write-fixes 2005-04-24 14:18:58.445943000 -0700
> +++ 25-akpm/mm/filemap.c 2005-04-24 14:20:21.995241576 -0700
> @@ -1944,7 +1944,7 @@ generic_file_buffered_write(struct kiocb
>   buf = iov->iov_base + written;
>   else {
>   filemap_set_next_iovec(&cur_iov, &iov_base, written);
> - buf = iov->iov_base + iov_base;
> + buf = cur_iov->iov_base + iov_base;
>   }
>  
>   do {
> @@ -2002,9 +2002,11 @@ generic_file_buffered_write(struct kiocb
>   count -= status;
>   pos += status;
>   buf += status;
> - if (unlikely(nr_segs > 1))
> + if (unlikely(nr_segs > 1)) {
>   filemap_set_next_iovec(&cur_iov,
>   &iov_base, status);
> + buf = cur_iov->iov_base + iov_base;
> + }
>   }
>   }
>   if (unlikely(copied != bytes))

Best regards,

        Anton
--
Anton Altaparmakov <aia21 at cam.ac.uk> (replace at with @)
Unix Support, Computing Service, University of Cambridge, CB2 3QH, UK
Linux NTFS maintainer / IRC: #ntfs on irc.freenode.net
WWW: http://linux-ntfs.sf.net/ & http://www-stu.christs.cam.ac.uk/~aia21/

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [hidden email]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/