Commit 66160bc5 authored by Paolo \'Blaisorblade\' Giarrusso's avatar Paolo \'Blaisorblade\' Giarrusso Committed by Linus Torvalds

[PATCH] ext3: use generic_open_file to fix possible preemption bugs

Ext3 is currently using a duplicate version of generic_open_file, and this
should be fixed, before it gets out of sync.

In fact, it *has* got out of sync.

Apart some cosmetic changes (which are not a problem), note that it
directly reads inode->i_size, while the generic version uses i_size_read().

I'm not sure if this bug can actually be triggered, but here follows a
possible scenario: when

- a file is brought into inode cache
- that file is either truncated or extended (i.e.  inode->i_size is changed)
  and after this it changes it's "more than 2Gb" property,
- and process B opens that file in the meanwhile,

I suppose the size check can be hurted by a race condition, doesn't it?

Similar checks should probably be done for other FS's. Also, ext2 does not
have this problem - someone fixed this problem in ext2 but not ext3? How?
Signed-off-by: default avatarPaolo 'Blaisorblade' Giarrusso <blaisorblade_spam@yahoo.it>
Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
parent 8f0fa85a
...@@ -43,20 +43,6 @@ static int ext3_release_file (struct inode * inode, struct file * filp) ...@@ -43,20 +43,6 @@ static int ext3_release_file (struct inode * inode, struct file * filp)
return 0; return 0;
} }
/*
* Called when an inode is about to be opened.
* We use this to disallow opening RW large files on 32bit systems if
* the caller didn't specify O_LARGEFILE. On 64bit systems we force
* on this flag in sys_open.
*/
static int ext3_open_file (struct inode *inode, struct file *filp)
{
if (!(filp->f_flags & O_LARGEFILE) &&
inode->i_size > 0x7FFFFFFFLL)
return -EFBIG;
return 0;
}
static ssize_t static ssize_t
ext3_file_write(struct kiocb *iocb, const char __user *buf, size_t count, loff_t pos) ext3_file_write(struct kiocb *iocb, const char __user *buf, size_t count, loff_t pos)
{ {
...@@ -125,7 +111,7 @@ struct file_operations ext3_file_operations = { ...@@ -125,7 +111,7 @@ struct file_operations ext3_file_operations = {
.writev = generic_file_writev, .writev = generic_file_writev,
.ioctl = ext3_ioctl, .ioctl = ext3_ioctl,
.mmap = generic_file_mmap, .mmap = generic_file_mmap,
.open = ext3_open_file, .open = generic_file_open,
.release = ext3_release_file, .release = ext3_release_file,
.fsync = ext3_sync_file, .fsync = ext3_sync_file,
.sendfile = generic_file_sendfile, .sendfile = generic_file_sendfile,
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment