The size of block-device is larger than 16TB, and the os is 32bit. If the offset of read/write is larger then 16TB. The index of address_space will overflow and supply data from low offset instead. when read-operation, in function do_generic_file_read(): >index = *ppos >> PAGE_CACHE_SHIFT; Because the *ppos is larger than 16TB and the index is the type pgoff_t which 32bit in 32bit-OS. So index will overflow. When write-operation, in function generic_write_checks(): >if (likely(!isblk)) { > ..... > } else { >#ifdef CONFIG_BLOCK > loff_t isize; > if (bdev_read_only(I_BDEV(inode))) return -EPERM; > isize = i_size_read(inode); > if (*pos >= isize) { > if (*count || *pos > isize) > return -ENOSPC; > } > > if (*pos + *count > isize) > *count = isize - *pos; The code only check size.But continue code: generic_file_buffered_write-->generic_perform_write-->blkdev_write_begin --->block_write_begin() > pgoff_t index = pos >> PAGE_CACHE_SHIFT; The index will overflow again. Although filesystem has a attribute s_maxbytes, the block-device was not create so no affect. Signed-off-by: majianpeng <majianpeng@xxxxxxxxx> --- fs/block_dev.c | 4 +++- mm/filemap.c | 28 ++++++++++++++++++++++++++++ 2 files changed, 31 insertions(+), 1 deletion(-) diff --git a/fs/block_dev.c b/fs/block_dev.c index c2bbe1f..1752c0e 100644 --- a/fs/block_dev.c +++ b/fs/block_dev.c @@ -382,7 +382,9 @@ static loff_t block_llseek(struct file *file, loff_t offset, int origin) mutex_lock(&bd_inode->i_mutex); size = i_size_read(bd_inode); - +#if BITS_PER_LONG == 32 + size = min_t(loff_t, size, (loff_t)0xFFFFFFFF * PAGE_CACHE_SIZE - 1); +#endif retval = -EINVAL; switch (origin) { case SEEK_END: diff --git a/mm/filemap.c b/mm/filemap.c index 79c4b2b..34a15bf 100644 --- a/mm/filemap.c +++ b/mm/filemap.c @@ -1373,6 +1373,25 @@ int generic_segment_checks(const struct iovec *iov, } EXPORT_SYMBOL(generic_segment_checks); +static inline +int generic_read_block_checks(struct file *file, loff_t *pos, size_t *count) +{ + struct inode *inode = file->f_mapping->host; + loff_t isize = 0; +#if BITS_PER_LONG == 32 && defined(CONFIG_BLOCK) + isize = min_t(loff_t, i_size_read(inode), + (loff_t)0xFFFFFFFF * PAGE_CACHE_SIZE - 1); + if (*pos >= isize) { + if (*count || *pos > isize) + return -ENOSPC; + } + + if (*pos + *count > isize) + *count = isize - *pos; +#endif + return 0; +} + /** * generic_file_aio_read - generic filesystem read routine * @iocb: kernel I/O control block @@ -1398,6 +1417,11 @@ generic_file_aio_read(struct kiocb *iocb, const struct iovec *iov, if (retval) return retval; + if (S_ISBLK(filp->f_mapping->host->i_mode)) { + retval = generic_read_block_checks(filp, &pos, &count); + if (retval) + return retval; + } /* coalesce the iovecs and go direct-to-BIO for O_DIRECT */ if (filp->f_flags & O_DIRECT) { loff_t size; @@ -2214,6 +2238,10 @@ inline int generic_write_checks(struct file *file, loff_t *pos, size_t *count, i if (bdev_read_only(I_BDEV(inode))) return -EPERM; isize = i_size_read(inode); +#if BITS_PER_LONG == 32 + isize = min_t(loff_t, isize, + (loff_t)0xFFFFFFFF * PAGE_CACHE_SIZE - 1); +#endif if (*pos >= isize) { if (*count || *pos > isize) return -ENOSPC; -- 1.7.9.5 -------------- majianpeng 2012-05-29 -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html