Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp2991695yba; Mon, 22 Apr 2019 17:20:33 -0700 (PDT) X-Google-Smtp-Source: APXvYqyT8iehw2r5pyJguBoXDj99dCtLShMrL2BAHbW9GdeuXYbRkM5DbzyN1JmcNb0wPBNVUs6i X-Received: by 2002:aa7:818a:: with SMTP id g10mr3876682pfi.178.1555978832932; Mon, 22 Apr 2019 17:20:32 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1555978832; cv=none; d=google.com; s=arc-20160816; b=0niQXDH3+P8qen2OS1VPOwpHHCsi+5xd38KHLxrQaxn01A01pyacBA+qg94LttXh8e GWbtWrIhalS+UT8gOGLi7scVxq7mDm7ZxJclDfWTyUf9hjQmMfyUVolJ2nHElSPxXWiG dL+B3U7L0zb45vEk55eAbJScGQ7G2K5B738UcpBIykqnPzUywdPCgLuok61GxAmyVU0+ JSxnXgfvBCiEvvgn7r02k8ZohphJG+3CEBIJGhro6hS3GpqclcG+9eAOAzkE58BFwuy4 u+lL6UIAUCrM8eYqoLvWlrm3+nvb1WL6Mgi0ShkWwAvKjfut0xlgi/itdwTOxM7zue6X kB3Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=d9BngLtG+ysf3O+5IafFym/h0wZpOP0lOcUuvFbDpgM=; b=Kp79xFc0guN4jQPXdLIXmp2PvvgHR1QGBZwY+eYxDZt+Z6qy59hu2lHVctuKdDIgfs SAEf7GWeG3UhZnQZD/UWd9MBdikWX+tsTj32N7UNcKkYbR8UOpWFay+LFj7+znw9XVJ6 u32ZEWylJtS8WBob1XJxIFUQDkMLUDOtwuMx2LPlX1VyZWUuEqLHdEsAKeVDIXwMyts6 o8eJhB3HWcIGbaifzFxgY2plXw0pdOStEDAwLe+mBaA5HE3nhIrLmxdXUYs5IgUeqeRK CPTS21WMJ2VspbmTPKY0n1TyW9tcpF89jW2Q2pBSKisRajoVpvd8HCTI7u+WLnqVXFKj w4Iw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=Ckw6qB7i; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id q184si6346477pga.374.2019.04.22.17.20.18; Mon, 22 Apr 2019 17:20:32 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=Ckw6qB7i; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1732325AbfDVUGp (ORCPT + 99 others); Mon, 22 Apr 2019 16:06:45 -0400 Received: from mail.kernel.org ([198.145.29.99]:45580 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728922AbfDVTo3 (ORCPT ); Mon, 22 Apr 2019 15:44:29 -0400 Received: from sasha-vm.mshome.net (c-73-47-72-35.hsd1.nh.comcast.net [73.47.72.35]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id CD196218DA; Mon, 22 Apr 2019 19:44:27 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1555962268; bh=PZ7if4JgjNIy4CiddinObM/lzLXVDEkNB7Cd19rk6W8=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=Ckw6qB7if7MU4ygDWXLOHH5vBdcRqI4dB3TSAe+dBdEXtMpJak1I8ilCMcLD0ODLY xsCOPEzwxjv0mRdkP/vGo2LJDISF0STIMF/2nfCvhu+WjjKi47RBhB8bdiHyxdNb22 8YAhwDxo78099hkhq3kPfYkkFRfKjhNl2dxsi0OY= From: Sasha Levin To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Cc: David Howells , Linus Torvalds , Sasha Levin , linux-afs@lists.infradead.org Subject: [PATCH AUTOSEL 5.0 76/98] afs: Fix StoreData op marshalling Date: Mon, 22 Apr 2019 15:41:43 -0400 Message-Id: <20190422194205.10404-76-sashal@kernel.org> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20190422194205.10404-1-sashal@kernel.org> References: <20190422194205.10404-1-sashal@kernel.org> MIME-Version: 1.0 X-stable: review X-Patchwork-Hint: Ignore Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: David Howells [ Upstream commit 8c7ae38d1ce12a0eaeba655df8562552b3596c7f ] The marshalling of AFS.StoreData, AFS.StoreData64 and YFS.StoreData64 calls generated by ->setattr() ops for the purpose of expanding a file is incorrect due to older documentation incorrectly describing the way the RPC 'FileLength' parameter is meant to work. The older documentation says that this is the length the file is meant to end up at the end of the operation; however, it was never implemented this way in any of the servers, but rather the file is truncated down to this before the write operation is effected, and never expanded to it (and, indeed, it was renamed to 'TruncPos' in 2014). Fix this by setting the position parameter to the new file length and doing a zero-lengh write there. The bug causes Xwayland to SIGBUS due to unexpected non-expansion of a file it then mmaps. This can be tested by giving the following test program a filename in an AFS directory: #include #include #include #include #include int main(int argc, char *argv[]) { char *p; int fd; if (argc != 2) { fprintf(stderr, "Format: test-trunc-mmap \n"); exit(2); } fd = open(argv[1], O_RDWR | O_CREAT | O_TRUNC); if (fd < 0) { perror(argv[1]); exit(1); } if (ftruncate(fd, 0x140008) == -1) { perror("ftruncate"); exit(1); } p = mmap(NULL, 4096, PROT_READ | PROT_WRITE, MAP_SHARED, fd, 0); if (p == MAP_FAILED) { perror("mmap"); exit(1); } p[0] = 'a'; if (munmap(p, 4096) < 0) { perror("munmap"); exit(1); } if (close(fd) < 0) { perror("close"); exit(1); } exit(0); } Fixes: 31143d5d515e ("AFS: implement basic file write support") Reported-by: Jonathan Billings Tested-by: Jonathan Billings Signed-off-by: David Howells Signed-off-by: Linus Torvalds Signed-off-by: Sasha Levin (Microsoft) --- fs/afs/fsclient.c | 6 +++--- fs/afs/yfsclient.c | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/fs/afs/fsclient.c b/fs/afs/fsclient.c index ca08c83168f5..0b37867b5c20 100644 --- a/fs/afs/fsclient.c +++ b/fs/afs/fsclient.c @@ -1515,8 +1515,8 @@ static int afs_fs_setattr_size64(struct afs_fs_cursor *fc, struct iattr *attr) xdr_encode_AFS_StoreStatus(&bp, attr); - *bp++ = 0; /* position of start of write */ - *bp++ = 0; + *bp++ = htonl(attr->ia_size >> 32); /* position of start of write */ + *bp++ = htonl((u32) attr->ia_size); *bp++ = 0; /* size of write */ *bp++ = 0; *bp++ = htonl(attr->ia_size >> 32); /* new file length */ @@ -1564,7 +1564,7 @@ static int afs_fs_setattr_size(struct afs_fs_cursor *fc, struct iattr *attr) xdr_encode_AFS_StoreStatus(&bp, attr); - *bp++ = 0; /* position of start of write */ + *bp++ = htonl(attr->ia_size); /* position of start of write */ *bp++ = 0; /* size of write */ *bp++ = htonl(attr->ia_size); /* new file length */ diff --git a/fs/afs/yfsclient.c b/fs/afs/yfsclient.c index 5aa57929e8c2..6e97a42d24d1 100644 --- a/fs/afs/yfsclient.c +++ b/fs/afs/yfsclient.c @@ -1514,7 +1514,7 @@ static int yfs_fs_setattr_size(struct afs_fs_cursor *fc, struct iattr *attr) bp = xdr_encode_u32(bp, 0); /* RPC flags */ bp = xdr_encode_YFSFid(bp, &vnode->fid); bp = xdr_encode_YFS_StoreStatus(bp, attr); - bp = xdr_encode_u64(bp, 0); /* position of start of write */ + bp = xdr_encode_u64(bp, attr->ia_size); /* position of start of write */ bp = xdr_encode_u64(bp, 0); /* size of write */ bp = xdr_encode_u64(bp, attr->ia_size); /* new file length */ yfs_check_req(call, bp); -- 2.19.1