Amerigo Wang
2009-Jul-06 07:18 UTC
[Patch v2] btrfs: use file_remove_suid() after i_mutex is held
V1 -> V2: Move kmalloc() before mutex_lock(), suggested by Arjan. file_remove_suid() should be called with i_mutex held, file_update_time() too. So move them after mutex_lock(). Plus, check the return value of kmalloc(). Signed-off-by: WANG Cong <amwang@redhat.com> Cc: Arjan <arjan@infradead.org> Cc: Chris Mason <chris.mason@oracle.com> Cc: Yan Zheng <zheng.yan@oracle.com> Cc: Sven Wegener <sven.wegener@stealer.net> Cc: Josef Bacik <jbacik@redhat.com> Cc: Jeff Mahoney <jeffm@suse.com> --- diff --git a/fs/btrfs/file.c b/fs/btrfs/file.c index 7c3cd24..09ef5d6 100644 --- a/fs/btrfs/file.c +++ b/fs/btrfs/file.c @@ -944,14 +944,17 @@ static ssize_t btrfs_file_write(struct file *file, const char __user *buf, if (count == 0) goto out_nolock; + pages = kmalloc(nrptrs * sizeof(struct page *), GFP_KERNEL); + if (!pages) + goto out_nolock; + + mutex_lock(&inode->i_mutex); + err = file_remove_suid(file); if (err) - goto out_nolock; + goto out; file_update_time(file); - pages = kmalloc(nrptrs * sizeof(struct page *), GFP_KERNEL); - - mutex_lock(&inode->i_mutex); BTRFS_I(inode)->sequence++; first_index = pos >> PAGE_CACHE_SHIFT; last_index = (pos + count) >> PAGE_CACHE_SHIFT; -- To unsubscribe from this list: send the line "unsubscribe linux-btrfs" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Tao Ma
2009-Jul-06 07:42 UTC
Re: [Patch v2] btrfs: use file_remove_suid() after i_mutex is held
Hi Amerigo, Amerigo Wang wrote:> V1 -> V2: > Move kmalloc() before mutex_lock(), suggested by Arjan. > > file_remove_suid() should be called with i_mutex held, > file_update_time() too. So move them after mutex_lock(). > > Plus, check the return value of kmalloc(). > > Signed-off-by: WANG Cong <amwang@redhat.com> > Cc: Arjan <arjan@infradead.org> > Cc: Chris Mason <chris.mason@oracle.com> > Cc: Yan Zheng <zheng.yan@oracle.com> > Cc: Sven Wegener <sven.wegener@stealer.net> > Cc: Josef Bacik <jbacik@redhat.com> > Cc: Jeff Mahoney <jeffm@suse.com> > > --- > diff --git a/fs/btrfs/file.c b/fs/btrfs/file.c > index 7c3cd24..09ef5d6 100644 > --- a/fs/btrfs/file.c > +++ b/fs/btrfs/file.c > @@ -944,14 +944,17 @@ static ssize_t btrfs_file_write(struct file *file, const char __user *buf, > if (count == 0) > goto out_nolock; > > + pages = kmalloc(nrptrs * sizeof(struct page *), GFP_KERNEL); > + if (!pages) > + goto out_nolock;I guess you need to set err to -ENOMEM here so that the caller knows what''s wrong. With your patch, this function just return 0(since num_written and err are both 0) with no error, and I guess it is worse than kernel BUG out when the NULL pages is used later. Regards, Tao -- To unsubscribe from this list: send the line "unsubscribe linux-btrfs" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Amerigo Wang
2009-Jul-06 09:12 UTC
Re: [Patch v2] btrfs: use file_remove_suid() after i_mutex is held
Tao Ma wrote:> Hi Amerigo, > > Amerigo Wang wrote: >> V1 -> V2: >> Move kmalloc() before mutex_lock(), suggested by Arjan. >> >> file_remove_suid() should be called with i_mutex held, >> file_update_time() too. So move them after mutex_lock(). >> >> Plus, check the return value of kmalloc(). >> >> Signed-off-by: WANG Cong <amwang@redhat.com> >> Cc: Arjan <arjan@infradead.org> >> Cc: Chris Mason <chris.mason@oracle.com> >> Cc: Yan Zheng <zheng.yan@oracle.com> >> Cc: Sven Wegener <sven.wegener@stealer.net> >> Cc: Josef Bacik <jbacik@redhat.com> >> Cc: Jeff Mahoney <jeffm@suse.com> >> >> --- >> diff --git a/fs/btrfs/file.c b/fs/btrfs/file.c >> index 7c3cd24..09ef5d6 100644 >> --- a/fs/btrfs/file.c >> +++ b/fs/btrfs/file.c >> @@ -944,14 +944,17 @@ static ssize_t btrfs_file_write(struct file >> *file, const char __user *buf, >> if (count == 0) >> goto out_nolock; >> >> + pages = kmalloc(nrptrs * sizeof(struct page *), GFP_KERNEL); >> + if (!pages) >> + goto out_nolock; > I guess you need to set err to -ENOMEM here so that the caller knows > what''s wrong. With your patch, this function just return 0(since > num_written and err are both 0) with no error, and I guess it is worse > than kernel BUG out when the NULL pages is used later.Agree. Thanks, I will update it. -- To unsubscribe from this list: send the line "unsubscribe linux-btrfs" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html