Re: [PATCH v3 57/68] afs: Fix afs_write_end() to handle len > page size

From: Linus Torvalds
Date: Thu Dec 16 2021 - 11:34:11 EST

Next message: Paolo Valente: "Re: [PATCH RFC 9/9] block, bfq: decrease 'num_groups_with_pending_reqs' earlier"
Previous message: kernel test robot: "[intel-tdx:kvm-upstream 81/152] arch/x86/kvm/vmx/tdx_stubs.c:16:5: error: no previous prototype for 'tdx_vcpu_ioctl'"
In reply to: David Howells: "[PATCH v3 57/68] afs: Fix afs_write_end() to handle len > page size"
Next in thread: David Howells: "[PATCH v3 58/68] afs: Convert afs to use the new fscache API"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Dec 16, 2021 at 8:22 AM David Howells <dhowells@xxxxxxxxxx> wrote:
>
> It is possible for the len argument to afs_write_end() to overrun the end
> of the page (len is used to key the size of the page in afs_write_start()
> when compound pages become a regular thing).

This smells like a bug in the caller.

It's just insane to call "write_end()" with a range that doesn't
actually fit in the page provided.

Exactly how does that happen, and why should AFS deal with it, not
whoever called write_end()?

Linus

Next message: Paolo Valente: "Re: [PATCH RFC 9/9] block, bfq: decrease 'num_groups_with_pending_reqs' earlier"
Previous message: kernel test robot: "[intel-tdx:kvm-upstream 81/152] arch/x86/kvm/vmx/tdx_stubs.c:16:5: error: no previous prototype for 'tdx_vcpu_ioctl'"
In reply to: David Howells: "[PATCH v3 57/68] afs: Fix afs_write_end() to handle len > page size"
Next in thread: David Howells: "[PATCH v3 58/68] afs: Convert afs to use the new fscache API"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]