| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 15 Feb 2017 22:41:40 +0000
From: Ben Hutchings <ben@...adent.org.uk>
To: linux-kernel@...r.kernel.org, stable@...r.kernel.org
CC: akpm@...ux-foundation.org, "Miklos Szeredi" <mszeredi@...hat.com>,
"Al Viro" <viro@...iv.linux.org.uk>
Subject: [PATCH 3.16 230/306] fuse: fix fuse_write_end() if zero bytes
were copied
3.16.40-rc1 review patch. If anyone has any objections, please let me know.
------------------
From: Miklos Szeredi <mszeredi@...hat.com>
commit 59c3b76cc61d1d676f965c192cc7969aa5cb2744 upstream.
If pos is at the beginning of a page and copied is zero then page is not
zeroed but is marked uptodate.
Fix by skipping everything except unlock/put of page if zero bytes were
copied.
Reported-by: Al Viro <viro@...iv.linux.org.uk>
Fixes: 6b12c1b37e55 ("fuse: Implement write_begin/write_end callbacks")
Signed-off-by: Miklos Szeredi <mszeredi@...hat.com>
Signed-off-by: Ben Hutchings <ben@...adent.org.uk>
---
fs/fuse/file.c | 6 ++++++
1 file changed, 6 insertions(+)
--- a/fs/fuse/file.c
+++ b/fs/fuse/file.c
@@ -2058,6 +2058,10 @@ static int fuse_write_end(struct file *f
{
struct inode *inode = page->mapping->host;
+ /* Haven't copied anything? Skip zeroing, size extending, dirtying. */
+ if (!copied)
+ goto unlock;
+
if (!PageUptodate(page)) {
/* Zero any unwritten bytes at the end of the page */
size_t endoff = (pos + copied) & ~PAGE_CACHE_MASK;
@@ -2068,6 +2072,8 @@ static int fuse_write_end(struct file *f
fuse_write_update_size(inode, pos + copied);
set_page_dirty(page);
+
+unlock:
unlock_page(page);
page_cache_release(page);
Powered by blists - more mailing lists