On Wed, 2012-12-12 at 11:38 -0500, Jeff Layton wrote:
> Eryu provided a test program that would segfault when attempting to read
> past the EOF on file that was opened O_DIRECT. The buffer given to the
> read() call was on the stack, and when he attempted to read past it it
> would scribble over the rest of the stack page.
>
> If we hit the end of the file on a DIO READ request, then we don't want
> to zero out the rest of the buffer. These aren't pagecache pages after
> all, and there's no guarantee that the buffers that were passed in
> represent entire pages.
>
> Cc: <stable@xxxxxxxxxxxxxxx> # v3.5+
> Cc: Fred Isaman <iisaman@xxxxxxxxxx>
> Reported-by: Eryu Guan <eguan@xxxxxxxxxx>
> Signed-off-by: Jeff Layton <jlayton@xxxxxxxxxx>
> ---
> fs/nfs/direct.c | 8 --------
> 1 file changed, 8 deletions(-)
>
> diff --git a/fs/nfs/direct.c b/fs/nfs/direct.c
> index cae26cb..594f4e7 100644
> --- a/fs/nfs/direct.c
> +++ b/fs/nfs/direct.c
> @@ -266,14 +266,6 @@ static void nfs_direct_read_completion(struct nfs_pgio_header *hdr)
> struct nfs_page *req = nfs_list_entry(hdr->pages.next);
> struct page *page = req->wb_page;
>
> - if (test_bit(NFS_IOHDR_EOF, &hdr->flags)) {
> - if (bytes > hdr->good_bytes)
> - zero_user(page, 0, PAGE_SIZE);
> - else if (hdr->good_bytes - bytes < PAGE_SIZE)
> - zero_user_segment(page,
> - hdr->good_bytes & ~PAGE_MASK,
> - PAGE_SIZE);
> - }
> if (!PageCompound(page)) {
> if (test_bit(NFS_IOHDR_ERROR, &hdr->flags)) {
> if (bytes < hdr->good_bytes)
I'm not saying that should be in the same patch, but it looks to me as
if we need to respect the EOF boundary for the page dirtying code too.
--
Trond Myklebust
Linux NFS client maintainer
NetApp
Trond.Myklebust@xxxxxxxxxx
www.netapp.com
��.n��������+%�������w��{.n�����{��w����jg���������ݢj�����G��������j:+v���w�m������w�������h�����٥
