From: Nick Piggin Date: Tue, 20 Feb 2007 21:58:09 +0000 (-0800) Subject: [PATCH] fs: fix nobh data leak X-Git-Tag: v2.6.21-rc1~21 X-Git-Url: https://err.no/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=22c8ca78f20724676b6006232bf06cc3e9299539;p=linux-2.6 [PATCH] fs: fix nobh data leak nobh_prepare_write leaks data similarly to how simple_prepare_write did. Fix by not marking the page uptodate until nobh_commit_write time. Again, this could break weird use-cases, but none appear to exist in the tree. We can safely remove the set_page_dirty, because as the comment says, nobh_commit_write does set_page_dirty. If a filesystem wants to allocate backing store for a page dirtied via mmap, page_mkwrite is the suggested approach. Signed-off-by: Nick Piggin Signed-off-by: Andrew Morton Signed-off-by: Linus Torvalds --- diff --git a/fs/buffer.c b/fs/buffer.c index e95fe4f8d1..e8504b6517 100644 --- a/fs/buffer.c +++ b/fs/buffer.c @@ -2248,7 +2248,6 @@ int nobh_prepare_write(struct page *page, unsigned from, unsigned to, int i; int ret = 0; int is_mapped_to_disk = 1; - int dirtied_it = 0; if (PageMappedToDisk(page)) return 0; @@ -2285,14 +2284,10 @@ int nobh_prepare_write(struct page *page, unsigned from, unsigned to, continue; if (buffer_new(&map_bh) || !buffer_mapped(&map_bh)) { kaddr = kmap_atomic(page, KM_USER0); - if (block_start < from) { + if (block_start < from) memset(kaddr+block_start, 0, from-block_start); - dirtied_it = 1; - } - if (block_end > to) { + if (block_end > to) memset(kaddr + to, 0, block_end - to); - dirtied_it = 1; - } flush_dcache_page(page); kunmap_atomic(kaddr, KM_USER0); continue; @@ -2347,17 +2342,6 @@ int nobh_prepare_write(struct page *page, unsigned from, unsigned to, if (is_mapped_to_disk) SetPageMappedToDisk(page); - SetPageUptodate(page); - - /* - * Setting the page dirty here isn't necessary for the prepare_write - * function - commit_write will do that. But if/when this function is - * used within the pagefault handler to ensure that all mmapped pages - * have backing space in the filesystem, we will need to dirty the page - * if its contents were altered. - */ - if (dirtied_it) - set_page_dirty(page); return 0; @@ -2387,6 +2371,7 @@ int nobh_commit_write(struct file *file, struct page *page, struct inode *inode = page->mapping->host; loff_t pos = ((loff_t)page->index << PAGE_CACHE_SHIFT) + to; + SetPageUptodate(page); set_page_dirty(page); if (pos > inode->i_size) { i_size_write(inode, pos);