summaryrefslogtreecommitdiffstats
path: root/drivers/block/loop.c
diff options
context:
space:
mode:
authorGuo Chao <yan@linux.vnet.ibm.com>2013-02-22 00:16:50 +0100
committerJens Axboe <axboe@kernel.dk>2013-02-22 10:43:22 +0100
commitb7a1da695f3fb33d093e6de20b1dfc238e3c9587 (patch)
tree396c68e51b16414c20b4ae2c61a421ab7d1739c6 /drivers/block/loop.c
parentloopdev: remove an user triggerable oops (diff)
downloadlinux-b7a1da695f3fb33d093e6de20b1dfc238e3c9587.tar.xz
linux-b7a1da695f3fb33d093e6de20b1dfc238e3c9587.zip
loopdev: ignore negative offset when calculate loop device size
Negative offset may cause loop device size larger than backing file size. $ fallocate -l 1M a $ losetup --offset 0xffffffffffff0000 /dev/loop0 a $ blockdev --getsize64 /dev/loop0 1114112 $ ls -l a -rw-r--r-- 1 root root 1048576 Jan 23 12:46 a $ cat /dev/loop0 cat: /dev/loop0: Input/output error It makes no sense to do that. Only apply offset when it's positive. Fix a typo in the comment by the way. Signed-off-by: Guo Chao <yan@linux.vnet.ibm.com> Cc: Alexander Viro <viro@zeniv.linux.org.uk> Cc: Guo Chao <yan@linux.vnet.ibm.com> Cc: M. Hindess <hindessm@uk.ibm.com> Cc: Nikanth Karthikesan <knikanth@suse.de> Cc: Jens Axboe <axboe@kernel.dk> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Jens Axboe <axboe@kernel.dk>
Diffstat (limited to 'drivers/block/loop.c')
-rw-r--r--drivers/block/loop.c9
1 files changed, 5 insertions, 4 deletions
diff --git a/drivers/block/loop.c b/drivers/block/loop.c
index 1b1b0c981a85..bef9d63b0c83 100644
--- a/drivers/block/loop.c
+++ b/drivers/block/loop.c
@@ -162,12 +162,13 @@ static struct loop_func_table *xfer_funcs[MAX_LO_CRYPT] = {
static loff_t get_size(loff_t offset, loff_t sizelimit, struct file *file)
{
- loff_t size, loopsize;
+ loff_t loopsize;
/* Compute loopsize in bytes */
- size = i_size_read(file->f_mapping->host);
- loopsize = size - offset;
- /* offset is beyond i_size, wierd but possible */
+ loopsize = i_size_read(file->f_mapping->host);
+ if (offset > 0)
+ loopsize -= offset;
+ /* offset is beyond i_size, weird but possible */
if (loopsize < 0)
return 0;