Sasha Levin
2020-Apr-18 13:47 UTC
[Ocfs2-devel] [PATCH AUTOSEL 5.6 55/73] ocfs2: no need try to truncate file beyond i_size
From: Changwei Ge <chge at linux.alibaba.com> [ Upstream commit 783fda856e1034dee90a873f7654c418212d12d7 ] Linux fallocate(2) with FALLOC_FL_PUNCH_HOLE mode set, its offset can exceed the inode size. Ocfs2 now doesn't allow that offset beyond inode size. This restriction is not necessary and violates fallocate(2) semantics. If fallocate(2) offset is beyond inode size, just return success and do nothing further. Otherwise, ocfs2 will crash the kernel. kernel BUG at fs/ocfs2//alloc.c:7264! ocfs2_truncate_inline+0x20f/0x360 [ocfs2] ocfs2_remove_inode_range+0x23c/0xcb0 [ocfs2] __ocfs2_change_file_space+0x4a5/0x650 [ocfs2] ocfs2_fallocate+0x83/0xa0 [ocfs2] vfs_fallocate+0x148/0x230 SyS_fallocate+0x48/0x80 do_syscall_64+0x79/0x170 Signed-off-by: Changwei Ge <chge at linux.alibaba.com> Signed-off-by: Andrew Morton <akpm at linux-foundation.org> Reviewed-by: Joseph Qi <joseph.qi at linux.alibaba.com> Cc: Mark Fasheh <mark at fasheh.com> Cc: Joel Becker <jlbec at evilplan.org> Cc: Junxiao Bi <junxiao.bi at oracle.com> Cc: Changwei Ge <gechangwei at live.cn> Cc: Gang He <ghe at suse.com> Cc: Jun Piao <piaojun at huawei.com> Cc: <stable at vger.kernel.org> Link: https://urldefense.com/v3/__http://lkml.kernel.org/r/20200407082754.17565-1-chge at linux.alibaba.com__;!!GqivPVa7Brio!J8OTDi4_RMzjCZKw1J4hkPFCV_umwW5spx03qm_F4UX5AU04Ev6dvxMJj64RRod4ECLAkQ$ Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org> Signed-off-by: Sasha Levin <sashal at kernel.org> --- fs/ocfs2/alloc.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/fs/ocfs2/alloc.c b/fs/ocfs2/alloc.c index 88534eb0e7c2a..3d5b6b989db26 100644 --- a/fs/ocfs2/alloc.c +++ b/fs/ocfs2/alloc.c @@ -7403,6 +7403,10 @@ int ocfs2_truncate_inline(struct inode *inode, struct buffer_head *di_bh, struct ocfs2_dinode *di = (struct ocfs2_dinode *)di_bh->b_data; struct ocfs2_inline_data *idata = &di->id2.i_data; + /* No need to punch hole beyond i_size. */ + if (start >= i_size_read(inode)) + return 0; + if (end > i_size_read(inode)) end = i_size_read(inode); -- 2.20.1