Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit b4c76fa7 authored by Chris Mason's avatar Chris Mason Committed by Linus Torvalds
Browse files

[PATCH] reiserfs_write_full_page() should not get_block past eof 



reiserfs_write_full_page does zero bytes in the file past eof, but it may
call get_block on those buffers as well.  On machines where the page size
is larger than the blocksize, this can result in mmaped files incorrectly
growing up to a block boundary during writepage.

The fix is to avoid calling get_block for any blocks that are entirely past
eof

Signed-off-by: default avatarChris Mason <mason@suse.com>
Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
parent b5f3953c

fs/reiserfs/inode.c

+12 −2
Original line number Diff line number Diff line
@@ -2340,6 +2340,7 @@ static int reiserfs_write_full_page(struct page *page, 
	unsigned long end_index = inode->i_size >> PAGE_CACHE_SHIFT;

	int error = 0;

	unsigned long block;

	sector_t last_block;

	struct buffer_head *head, *bh;

	int partial = 0;

	int nr = 0;
@@ -2387,10 +2388,19 @@ static int reiserfs_write_full_page(struct page *page, 
	}

	bh = head;

	block = page->index << (PAGE_CACHE_SHIFT - s->s_blocksize_bits);

	last_block = (i_size_read(inode) - 1) >> inode->i_blkbits;

	/* first map all the buffers, logging any direct items we find */

	do {

		if ((checked || buffer_dirty(bh)) && (!buffer_mapped(bh) ||

						      (buffer_mapped(bh)

		if (block > last_block) {

			/*

			 * This can happen when the block size is less than

			 * the page size.  The corresponding bytes in the page

			 * were zero filled above

			 */

			clear_buffer_dirty(bh);

			set_buffer_uptodate(bh);

		} else if ((checked || buffer_dirty(bh)) &&

		           (!buffer_mapped(bh) || (buffer_mapped(bh)

						       && bh->b_blocknr ==

						       0))) {

			/* not mapped yet, or it points to a direct item, search