diff options
author | Guo Chao <yan@linux.vnet.ibm.com> | 2013-02-22 00:16:50 +0100 |
---|---|---|
committer | Jens Axboe <axboe@kernel.dk> | 2013-02-22 10:43:22 +0100 |
commit | b7a1da695f3fb33d093e6de20b1dfc238e3c9587 (patch) | |
tree | 396c68e51b16414c20b4ae2c61a421ab7d1739c6 /drivers/block/loop.c | |
parent | loopdev: remove an user triggerable oops (diff) | |
download | linux-b7a1da695f3fb33d093e6de20b1dfc238e3c9587.tar.xz linux-b7a1da695f3fb33d093e6de20b1dfc238e3c9587.zip |
loopdev: ignore negative offset when calculate loop device size
Negative offset may cause loop device size larger than backing file
size.
$ fallocate -l 1M a
$ losetup --offset 0xffffffffffff0000 /dev/loop0 a
$ blockdev --getsize64 /dev/loop0
1114112
$ ls -l a
-rw-r--r-- 1 root root 1048576 Jan 23 12:46 a
$ cat /dev/loop0
cat: /dev/loop0: Input/output error
It makes no sense to do that. Only apply offset when it's positive.
Fix a typo in the comment by the way.
Signed-off-by: Guo Chao <yan@linux.vnet.ibm.com>
Cc: Alexander Viro <viro@zeniv.linux.org.uk>
Cc: Guo Chao <yan@linux.vnet.ibm.com>
Cc: M. Hindess <hindessm@uk.ibm.com>
Cc: Nikanth Karthikesan <knikanth@suse.de>
Cc: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Diffstat (limited to 'drivers/block/loop.c')
-rw-r--r-- | drivers/block/loop.c | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/drivers/block/loop.c b/drivers/block/loop.c index 1b1b0c981a85..bef9d63b0c83 100644 --- a/drivers/block/loop.c +++ b/drivers/block/loop.c @@ -162,12 +162,13 @@ static struct loop_func_table *xfer_funcs[MAX_LO_CRYPT] = { static loff_t get_size(loff_t offset, loff_t sizelimit, struct file *file) { - loff_t size, loopsize; + loff_t loopsize; /* Compute loopsize in bytes */ - size = i_size_read(file->f_mapping->host); - loopsize = size - offset; - /* offset is beyond i_size, wierd but possible */ + loopsize = i_size_read(file->f_mapping->host); + if (offset > 0) + loopsize -= offset; + /* offset is beyond i_size, weird but possible */ if (loopsize < 0) return 0; |