Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 22c8ca78 authored by Nick Piggin's avatar Nick Piggin Committed by Linus Torvalds
Browse files

[PATCH] fs: fix nobh data leak 



nobh_prepare_write leaks data similarly to how simple_prepare_write did. Fix
by not marking the page uptodate until nobh_commit_write time. Again, this
could break weird use-cases, but none appear to exist in the tree.

We can safely remove the set_page_dirty, because as the comment says,
nobh_commit_write does set_page_dirty. If a filesystem wants to allocate
backing store for a page dirtied via mmap, page_mkwrite is the suggested
approach.

Signed-off-by: default avatarNick Piggin <npiggin@suse.de>
Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
parent 955eff5a

fs/buffer.c

+3 −18
Original line number Diff line number Diff line
@@ -2248,7 +2248,6 @@ int nobh_prepare_write(struct page *page, unsigned from, unsigned to, 
	int i;

	int ret = 0;

	int is_mapped_to_disk = 1;

	int dirtied_it = 0;



	if (PageMappedToDisk(page))

		return 0;
@@ -2285,14 +2284,10 @@ int nobh_prepare_write(struct page *page, unsigned from, unsigned to, 
			continue;

		if (buffer_new(&map_bh) || !buffer_mapped(&map_bh)) {

			kaddr = kmap_atomic(page, KM_USER0);

			if (block_start < from) {

			if (block_start < from)

				memset(kaddr+block_start, 0, from-block_start);

				dirtied_it = 1;

			}

			if (block_end > to) {

			if (block_end > to)

				memset(kaddr + to, 0, block_end - to);

				dirtied_it = 1;

			}

			flush_dcache_page(page);

			kunmap_atomic(kaddr, KM_USER0);

			continue;
@@ -2347,17 +2342,6 @@ int nobh_prepare_write(struct page *page, unsigned from, unsigned to, 


	if (is_mapped_to_disk)

		SetPageMappedToDisk(page);

	SetPageUptodate(page);



	/*

	 * Setting the page dirty here isn't necessary for the prepare_write

	 * function - commit_write will do that.  But if/when this function is

	 * used within the pagefault handler to ensure that all mmapped pages

	 * have backing space in the filesystem, we will need to dirty the page

	 * if its contents were altered.

	 */

	if (dirtied_it)

		set_page_dirty(page);



	return 0;
@@ -2387,6 +2371,7 @@ int nobh_commit_write(struct file *file, struct page *page, 
	struct inode *inode = page->mapping->host;

	loff_t pos = ((loff_t)page->index << PAGE_CACHE_SHIFT) + to;



	SetPageUptodate(page);

	set_page_dirty(page);

	if (pos > inode->i_size) {

		i_size_write(inode, pos);