From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1755814AbcHSH3V (ORCPT <rfc822;w@1wt.eu>);
        Fri, 19 Aug 2016 03:29:21 -0400
Received: from mx2.suse.de ([195.135.220.15]:49736 "EHLO mx2.suse.de"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1755345AbcHSHLt (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 19 Aug 2016 03:11:49 -0400
X-Amavis-Alert: BAD HEADER SECTION, Duplicate header field: "References"
From: Jiri Slaby <jslaby@suse.cz>
To: stable@vger.kernel.org
Cc: linux-kernel@vger.kernel.org,
        Anthony Romano <anthony.romano@coreos.com>,
        Vlastimil Babka <vbabka@suse.cz>, Hugh Dickins <hughd@google.com>,
        Brandon Philips <brandon@ifup.co>,
        Andrew Morton <akpm@linux-foundation.org>,
        Linus Torvalds <torvalds@linux-foundation.org>,
        Jiri Slaby <jslaby@suse.cz>
Subject: [PATCH 3.12 028/100] tmpfs: don't undo fallocate past its last page
Date: Fri, 19 Aug 2016 09:10:27 +0200
Message-Id: <eb06a5f95c9b1e8fda6a000c0ccbea5048e54d97.1471589700.git.jslaby@suse.cz>
X-Mailer: git-send-email 2.9.3
In-Reply-To: <bc76af4e1436406a1f53da243e76bd10327691f2.1471589700.git.jslaby@suse.cz>
References: <bc76af4e1436406a1f53da243e76bd10327691f2.1471589700.git.jslaby@suse.cz>
In-Reply-To: <cover.1471589700.git.jslaby@suse.cz>
References: <cover.1471589700.git.jslaby@suse.cz>
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Anthony Romano <anthony.romano@coreos.com>

3.12-stable review patch.  If anyone has any objections, please let me know.

===============

commit b9b4bb26af017dbe930cd4df7f9b2fc3a0497bfe upstream.

When fallocate is interrupted it will undo a range that extends one byte
past its range of allocated pages.  This can corrupt an in-use page by
zeroing out its first byte.  Instead, undo using the inclusive byte
range.

Fixes: 1635f6a74152f1d ("tmpfs: undo fallocation on failure")
Link: http://lkml.kernel.org/r/1462713387-16724-1-git-send-email-anthony.romano@coreos.com
Signed-off-by: Anthony Romano <anthony.romano@coreos.com>
Cc: Vlastimil Babka <vbabka@suse.cz>
Cc: Hugh Dickins <hughd@google.com>
Cc: Brandon Philips <brandon@ifup.co>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
---
 mm/shmem.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/mm/shmem.c b/mm/shmem.c
index e9502a67e300..ff42f161fc32 100644
--- a/mm/shmem.c
+++ b/mm/shmem.c
@@ -1897,7 +1897,7 @@ static long shmem_fallocate(struct file *file, int mode, loff_t offset,
 			/* Remove the !PageUptodate pages we added */
 			shmem_undo_range(inode,
 				(loff_t)start << PAGE_CACHE_SHIFT,
-				(loff_t)index << PAGE_CACHE_SHIFT, true);
+				((loff_t)index << PAGE_CACHE_SHIFT) - 1, true);
 			goto undone;
 		}
 
-- 
2.9.3