On Sun, May 20, 2012 at 8:28 PM, manish honap
<manish_honap_vit@xxxxxxxxxxx> wrote:
> Hello Linus,
>
> The overflow issue was seen during async dio path
Christ. fs/aio.c doesn't do the proper rw_verify_area().
As a result, it doesn't check file locks, and it doesn't seem to check
offset overflows either.
The vector versions kind of get the size limit by mistake (because
they at least use rw_copy_check_uvector(), which does limit things to
MAX_RW_COUNT), but they don't do the offset overflow check either.
Does this patch work for you? What it *should* do is the same that the
other read/write paths do (and the vector path for aio already do),
namely truncate reads or writes to MAX_RW_COUNT (which is INT_MAX
aligned down to a page).
This patch is entirely untested,
Linus
Attachment:
patch.diff
Description: Binary data
