original development tree for Linux kernel GTP module; now long in mainline.
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

115 lines
3.5 KiB

[PATCH] fix possible PAGE_CACHE_SHIFT overflows We've had two instances recently of overflows when doing 64_bit_value = (32_bit_value << PAGE_CACHE_SHIFT) I did a tree-wide grep of `<<.*PAGE_CACHE_SHIFT' and this is the result. - afs_rxfs_fetch_descriptor.offset is of type off_t, which seems broken. - jfs and jffs are limited to 4GB anyway. - reiserfs map_block_for_writepage() takes an unsigned long for the block - it should take sector_t. (It'll fail for huge filesystems with blocksize<PAGE_CACHE_SIZE) - cramfs_read() needs to use sector_t (I think cramsfs is busted on large filesystems anyway) - affs is limited in file size anyway. - I generally didn't fix 32-bit overflows in directory operations. - arm's __flush_dcache_page() is peculiar. What if the page lies beyond 4G? - gss_wrap_req_priv() needs checking (snd_buf->page_base) Cc: Oleg Drokin <green@linuxhacker.ru> Cc: David Howells <dhowells@redhat.com> Cc: David Woodhouse <dwmw2@infradead.org> Cc: <reiserfs-dev@namesys.com> Cc: Christoph Hellwig <hch@lst.de> Cc: Anton Altaparmakov <aia21@cantab.net> Cc: Jeff Dike <jdike@addtoit.com> Cc: Paolo 'Blaisorblade' Giarrusso <blaisorblade@yahoo.it> Cc: Roman Zippel <zippel@linux-m68k.org> Cc: <linux-fsdevel@vger.kernel.org> Cc: Miklos Szeredi <miklos@szeredi.hu> Cc: Russell King <rmk@arm.linux.org.uk> Cc: Trond Myklebust <trond.myklebust@fys.uio.no> Cc: Neil Brown <neilb@cse.unsw.edu.au> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
16 years ago
  1. /*
  2. * Copyright (c) 2000-2001 Christoph Hellwig.
  3. * All rights reserved.
  4. *
  5. * Redistribution and use in source and binary forms, with or without
  6. * modification, are permitted provided that the following conditions
  7. * are met:
  8. * 1. Redistributions of source code must retain the above copyright
  9. * notice, this list of conditions, and the following disclaimer,
  10. * without modification.
  11. * 2. The name of the author may not be used to endorse or promote products
  12. * derived from this software without specific prior written permission.
  13. *
  14. * Alternatively, this software may be distributed under the terms of the
  15. * GNU General Public License ("GPL").
  16. *
  17. * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
  18. * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  19. * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  20. * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR
  21. * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  22. * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  23. * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  24. * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  25. * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  26. * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  27. * SUCH DAMAGE.
  28. */
  29. /*
  30. * Veritas filesystem driver - support for 'immed' inodes.
  31. */
  32. #include <linux/fs.h>
  33. #include <linux/pagemap.h>
  34. #include <linux/namei.h>
  35. #include "vxfs.h"
  36. #include "vxfs_extern.h"
  37. #include "vxfs_inode.h"
  38. static void * vxfs_immed_follow_link(struct dentry *, struct nameidata *);
  39. static int vxfs_immed_readpage(struct file *, struct page *);
  40. /*
  41. * Inode operations for immed symlinks.
  42. *
  43. * Unliked all other operations we do not go through the pagecache,
  44. * but do all work directly on the inode.
  45. */
  46. const struct inode_operations vxfs_immed_symlink_iops = {
  47. .readlink = generic_readlink,
  48. .follow_link = vxfs_immed_follow_link,
  49. };
  50. /*
  51. * Address space operations for immed files and directories.
  52. */
  53. const struct address_space_operations vxfs_immed_aops = {
  54. .readpage = vxfs_immed_readpage,
  55. };
  56. /**
  57. * vxfs_immed_follow_link - follow immed symlink
  58. * @dp: dentry for the link
  59. * @np: pathname lookup data for the current path walk
  60. *
  61. * Description:
  62. * vxfs_immed_follow_link restarts the pathname lookup with
  63. * the data obtained from @dp.
  64. *
  65. * Returns:
  66. * Zero on success, else a negative error code.
  67. */
  68. static void *
  69. vxfs_immed_follow_link(struct dentry *dp, struct nameidata *np)
  70. {
  71. struct vxfs_inode_info *vip = VXFS_INO(dp->d_inode);
  72. nd_set_link(np, vip->vii_immed.vi_immed);
  73. return NULL;
  74. }
  75. /**
  76. * vxfs_immed_readpage - read part of an immed inode into pagecache
  77. * @file: file context (unused)
  78. * @page: page frame to fill in.
  79. *
  80. * Description:
  81. * vxfs_immed_readpage reads a part of the immed area of the
  82. * file that hosts @pp into the pagecache.
  83. *
  84. * Returns:
  85. * Zero on success, else a negative error code.
  86. *
  87. * Locking status:
  88. * @page is locked and will be unlocked.
  89. */
  90. static int
  91. vxfs_immed_readpage(struct file *fp, struct page *pp)
  92. {
  93. struct vxfs_inode_info *vip = VXFS_INO(pp->mapping->host);
  94. u_int64_t offset = (u_int64_t)pp->index << PAGE_CACHE_SHIFT;
  95. caddr_t kaddr;
  96. kaddr = kmap(pp);
  97. memcpy(kaddr, vip->vii_immed.vi_immed + offset, PAGE_CACHE_SIZE);
  98. kunmap(pp);
  99. flush_dcache_page(pp);
  100. SetPageUptodate(pp);
  101. unlock_page(pp);
  102. return 0;
  103. }