diff options
author | Trond Myklebust <Trond.Myklebust@netapp.com> | 2006-09-08 09:48:54 -0700 |
---|---|---|
committer | Linus Torvalds <torvalds@g5.osdl.org> | 2006-09-08 10:22:51 -0700 |
commit | e9f7bee1df223dcf83743b46cb06c08d95497ec0 (patch) | |
tree | 67beae4733ef0286645112a52623c81c8f8a19a9 /include/linux/nfs_xdr.h | |
parent | 016eb4a0ed06a3677d67a584da901f0e9a63c666 (diff) | |
download | op-kernel-dev-e9f7bee1df223dcf83743b46cb06c08d95497ec0.zip op-kernel-dev-e9f7bee1df223dcf83743b46cb06c08d95497ec0.tar.gz |
[PATCH] NFS: large non-page-aligned direct I/O clobbers memory
The logic in nfs_direct_read_schedule and nfs_direct_write_schedule can
allow data->npages to be one larger than rpages. This causes a page
pointer to be written beyond the end of the pagevec in nfs_read_data (or
nfs_write_data).
Fix this by making nfs_(read|write)_alloc() calculate the size of the
pagevec array, and initialise data->npages.
Also get rid of the redundant argument to nfs_commit_alloc().
Signed-off-by: Trond Myklebust <Trond.Myklebust@netapp.com>
Cc: Chuck Lever <chuck.lever@oracle.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Diffstat (limited to 'include/linux/nfs_xdr.h')
-rw-r--r-- | include/linux/nfs_xdr.h | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/include/linux/nfs_xdr.h b/include/linux/nfs_xdr.h index db9cbf6..41e5a19 100644 --- a/include/linux/nfs_xdr.h +++ b/include/linux/nfs_xdr.h @@ -729,7 +729,7 @@ struct nfs_read_data { struct list_head pages; /* Coalesced read requests */ struct nfs_page *req; /* multi ops per nfs_page */ struct page **pagevec; - unsigned int npages; /* active pages in pagevec */ + unsigned int npages; /* Max length of pagevec */ struct nfs_readargs args; struct nfs_readres res; #ifdef CONFIG_NFS_V4 @@ -748,7 +748,7 @@ struct nfs_write_data { struct list_head pages; /* Coalesced requests we wish to flush */ struct nfs_page *req; /* multi ops per nfs_page */ struct page **pagevec; - unsigned int npages; /* active pages in pagevec */ + unsigned int npages; /* Max length of pagevec */ struct nfs_writeargs args; /* argument struct */ struct nfs_writeres res; /* result struct */ #ifdef CONFIG_NFS_V4 |