• David Howells's avatar
    afs: Fix StoreData op marshalling · fb853a4a
    David Howells authored
    [ Upstream commit 8c7ae38d ]
    
    The marshalling of AFS.StoreData, AFS.StoreData64 and YFS.StoreData64 calls
    generated by ->setattr() ops for the purpose of expanding a file is
    incorrect due to older documentation incorrectly describing the way the RPC
    'FileLength' parameter is meant to work.
    
    The older documentation says that this is the length the file is meant to
    end up at the end of the operation; however, it was never implemented this
    way in any of the servers, but rather the file is truncated down to this
    before the write operation is effected, and never expanded to it (and,
    indeed, it was renamed to 'TruncPos' in 2014).
    
    Fix this by setting the position parameter to the new file length and doing
    a zero-lengh write there.
    
    The bug causes Xwayland to SIGBUS due to unexpected non-expansion of a file
    it then mmaps.  This can be tested by giving the following test program a
    filename in an AFS directory:
    
    	#include <stdio.h>
    	#include <stdlib.h>
    	#include <unistd.h>
    	#include <fcntl.h>
    	#include <sys/mman.h>
    	int main(int argc, char *argv[])
    	{
    		char *p;
    		int fd;
    		if (argc != 2) {
    			fprintf(stderr,
    				"Format: test-trunc-mmap <file>\n");
    			exit(2);
    		}
    		fd = open(argv[1], O_RDWR | O_CREAT | O_TRUNC);
    		if (fd < 0) {
    			perror(argv[1]);
    			exit(1);
    		}
    		if (ftruncate(fd, 0x140008) == -1) {
    			perror("ftruncate");
    			exit(1);
    		}
    		p = mmap(NULL, 4096, PROT_READ | PROT_WRITE,
    			 MAP_SHARED, fd, 0);
    		if (p == MAP_FAILED) {
    			perror("mmap");
    			exit(1);
    		}
    		p[0] = 'a';
    		if (munmap(p, 4096) < 0) {
    			perror("munmap");
    			exit(1);
    		}
    		if (close(fd) < 0) {
    			perror("close");
    			exit(1);
    		}
    		exit(0);
    	}
    
    Fixes: 31143d5d ("AFS: implement basic file write support")
    Reported-by: 's avatarJonathan Billings <jsbillin@umich.edu>
    Tested-by: 's avatarJonathan Billings <jsbillin@umich.edu>
    Signed-off-by: 's avatarDavid Howells <dhowells@redhat.com>
    Signed-off-by: 's avatarLinus Torvalds <torvalds@linux-foundation.org>
    Signed-off-by: 's avatarSasha Levin (Microsoft) <sashal@kernel.org>
    fb853a4a
Name
Last commit
Last update
..
Kconfig Loading commit data...
Makefile Loading commit data...
addr_list.c Loading commit data...
afs.h Loading commit data...
afs_cm.h Loading commit data...
afs_fs.h Loading commit data...
afs_vl.h Loading commit data...
cache.c Loading commit data...
callback.c Loading commit data...
cell.c Loading commit data...
cmservice.c Loading commit data...
dir.c Loading commit data...
dir_edit.c Loading commit data...
dynroot.c Loading commit data...
file.c Loading commit data...
flock.c Loading commit data...
fs_probe.c Loading commit data...
fsclient.c Loading commit data...
inode.c Loading commit data...
internal.h Loading commit data...
main.c Loading commit data...
misc.c Loading commit data...
mntpt.c Loading commit data...
netdevices.c Loading commit data...
proc.c Loading commit data...
protocol_yfs.h Loading commit data...
rotate.c Loading commit data...
rxrpc.c Loading commit data...
security.c Loading commit data...
server.c Loading commit data...
server_list.c Loading commit data...
super.c Loading commit data...
vl_list.c Loading commit data...
vl_probe.c Loading commit data...
vl_rotate.c Loading commit data...
vlclient.c Loading commit data...
volume.c Loading commit data...
write.c Loading commit data...
xattr.c Loading commit data...
xdr_fs.h Loading commit data...
yfsclient.c Loading commit data...