summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJens Axboe <axboe@suse.de>2006-04-19 15:55:10 +0200
committerJens Axboe <axboe@suse.de>2006-04-19 15:55:10 +0200
commit91ad66ef4469cb631ec0ccd131b07f16770773f7 (patch)
tree89db609ce4d9673ad1f586abe87c76d6f38ab0d0
parentLinux v2.6.17-rc2 (diff)
downloadlinux-91ad66ef4469cb631ec0ccd131b07f16770773f7.tar.xz
linux-91ad66ef4469cb631ec0ccd131b07f16770773f7.zip
[PATCH] splice: close i_size truncate races on read
We need to check i_size after doing a blocking readpage. Signed-off-by: Jens Axboe <axboe@suse.de>
-rw-r--r--fs/splice.c43
1 files changed, 37 insertions, 6 deletions
diff --git a/fs/splice.c b/fs/splice.c
index 8d57e89924a6..7e8585574726 100644
--- a/fs/splice.c
+++ b/fs/splice.c
@@ -145,8 +145,8 @@ static struct pipe_buf_operations page_cache_pipe_buf_ops = {
* pipe buffer operations. Otherwise very similar to the regular pipe_writev().
*/
static ssize_t move_to_pipe(struct pipe_inode_info *pipe, struct page **pages,
- int nr_pages, unsigned long offset,
- unsigned long len, unsigned int flags)
+ int nr_pages, unsigned long len,
+ unsigned int offset, unsigned int flags)
{
int ret, do_wakeup, i;
@@ -243,14 +243,16 @@ __generic_file_splice_read(struct file *in, loff_t *ppos,
unsigned int flags)
{
struct address_space *mapping = in->f_mapping;
- unsigned int offset, nr_pages;
+ unsigned int loff, offset, nr_pages;
struct page *pages[PIPE_BUFFERS];
struct page *page;
- pgoff_t index;
+ pgoff_t index, end_index;
+ loff_t isize;
+ size_t bytes;
int i, error;
index = *ppos >> PAGE_CACHE_SHIFT;
- offset = *ppos & ~PAGE_CACHE_MASK;
+ loff = offset = *ppos & ~PAGE_CACHE_MASK;
nr_pages = (len + offset + PAGE_CACHE_SIZE - 1) >> PAGE_CACHE_SHIFT;
if (nr_pages > PIPE_BUFFERS)
@@ -268,6 +270,7 @@ __generic_file_splice_read(struct file *in, loff_t *ppos,
* Now fill in the holes:
*/
error = 0;
+ bytes = 0;
for (i = 0; i < nr_pages; i++, index++) {
find_page:
/*
@@ -336,13 +339,41 @@ readpage:
goto find_page;
break;
}
+
+ /*
+ * i_size must be checked after ->readpage().
+ */
+ isize = i_size_read(mapping->host);
+ end_index = (isize - 1) >> PAGE_CACHE_SHIFT;
+ if (unlikely(!isize || index > end_index)) {
+ page_cache_release(page);
+ break;
+ }
+
+ /*
+ * if this is the last page, see if we need to shrink
+ * the length and stop
+ */
+ if (end_index == index) {
+ loff = PAGE_CACHE_SIZE - (isize & ~PAGE_CACHE_MASK);
+ if (bytes + loff > isize) {
+ page_cache_release(page);
+ break;
+ }
+ /*
+ * force quit after adding this page
+ */
+ nr_pages = i;
+ }
}
fill_it:
pages[i] = page;
+ bytes += PAGE_CACHE_SIZE - loff;
+ loff = 0;
}
if (i)
- return move_to_pipe(pipe, pages, i, offset, len, flags);
+ return move_to_pipe(pipe, pages, i, bytes, offset, flags);
return error;
}