[2.3.28] [PATCH] generic_file_write mangles file pointer

Peter Benie (pjb1008@cam.ac.uk)
Mon, 22 Nov 1999 15:17:07 +0000

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Rogier Wolff: "Re: updating the RTC automagically"
Previous message: Ulrich Windl: "Re: updating the RTC automagically"

generic_file_write has a bug where it reads the value of *ppos before
taking out the inode semaphore. A second call to write() may end up
using an out of date copy of the file pointer, overwriting data from
the first write(). This is _very_ noticable when writing to an NFS
mounted file from multiple processes on an SMP machine. This patch
moves 'pos = *ppos' after the semaphore.

Peter

--- linux/mm/filemap.c.orig Mon Nov 22 13:36:43 1999
+++ linux/mm/filemap.c Mon Nov 22 13:39:04 1999
@@ -1791,18 +1791,21 @@
struct dentry *dentry = file->f_dentry;
struct inode *inode = dentry->d_inode;
unsigned long limit = current->rlim[RLIMIT_FSIZE].rlim_cur;
- loff_t pos = *ppos;
+ loff_t pos;
struct page *page, **hash, *cached_page;
unsigned long written;
long status;
int err;

- if (pos < 0)
- return -EINVAL;
-
cached_page = NULL;

down(&inode->i_sem);
+
+ pos = *ppos;
+ err = -EINVAL;
+ if (pos < 0)
+ goto out;
+
err = file->f_error;
if (err) {
file->f_error = 0;

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: Rogier Wolff: "Re: updating the RTC automagically"
Previous message: Ulrich Windl: "Re: updating the RTC automagically"