Hi Linus,
This patch (against 2.4.0-test10) fixes the O_SYNC/ENOSPC bug. Alan Cox
included a fix for this same bug in 2.2.18pre7 and David Weinehall in
2.0.39final. This bug is listed on Ted's "Linux 2.4 Status / TODO page" as
"Fix Exists But Isnt Merged", "Writing past end of removeable device can
cause data corruption bugs in the future".
More information and source code for small test program here:
http://marc.theaimsgroup.com/?l=linux-kernel&m=96879269024716&w=2
Regards,
Jari Ruusu <[email protected]>
--- linux-2.4.0-test10/fs/block_dev.c Wed Oct 4 01:03:11 2000
+++ linux/fs/block_dev.c Sat Nov 4 17:14:19 2000
@@ -30,7 +30,7 @@
ssize_t block, blocks;
loff_t offset;
ssize_t chars;
- ssize_t written;
+ ssize_t written, retval;
struct buffer_head * bhlist[NBUF];
size_t size;
kdev_t dev = inode->i_rdev;
@@ -40,7 +40,7 @@
if (is_read_only(dev))
return -EPERM;
- written = write_error = buffercount = 0;
+ retval = written = write_error = buffercount = 0;
blocksize = BLOCK_SIZE;
if (blksize_size[MAJOR(dev)] && blksize_size[MAJOR(dev)][MINOR(dev)])
blocksize = blksize_size[MAJOR(dev)][MINOR(dev)];
@@ -60,8 +60,10 @@
else
size = INT_MAX;
while (count>0) {
- if (block >= size)
- return written ? written : -ENOSPC;
+ if (block >= size) {
+ retval = -ENOSPC;
+ goto cleanup;
+ }
chars = blocksize - offset;
if (chars > count)
chars=count;
@@ -73,15 +75,19 @@
if (chars != blocksize)
fn = bread;
bh = fn(dev, block, blocksize);
- if (!bh)
- return written ? written : -EIO;
+ if (!bh) {
+ retval = -EIO;
+ goto cleanup;
+ }
if (!buffer_uptodate(bh))
wait_on_buffer(bh);
}
#else
bh = getblk(dev, block, blocksize);
- if (!bh)
- return written ? written : -EIO;
+ if (!bh) {
+ retval = -EIO;
+ goto cleanup;
+ }
if (!buffer_uptodate(bh))
{
@@ -105,7 +111,8 @@
if (!bhlist[i])
{
while(i >= 0) brelse(bhlist[i--]);
- return written ? written : -EIO;
+ retval = -EIO;
+ goto cleanup;
}
}
}
@@ -114,7 +121,8 @@
wait_on_buffer(bh);
if (!buffer_uptodate(bh)) {
brelse(bh);
- return written ? written : -EIO;
+ retval = -EIO;
+ goto cleanup;
}
};
};
@@ -148,6 +156,7 @@
if (write_error)
break;
}
+ cleanup:
if ( buffercount ){
ll_rw_block(WRITE, buffercount, bufferlist);
for(i=0; i<buffercount; i++){
@@ -157,10 +166,11 @@
brelse(bufferlist[i]);
}
}
- filp->f_reada = 1;
+ if(!retval)
+ filp->f_reada = 1;
if(write_error)
return -EIO;
- return written;
+ return written ? written : retval;
}
ssize_t block_read(struct file * filp, char * buf, size_t count, loff_t *ppos)