[RHEL7,COMMIT] ms/seq_file: fix problem when seeking mid-record

Submitted by Konstantin Khorenko on Dec. 24, 2019, 10:04 a.m.

Details

Message ID 201912241004.xBOA4Do8001399@finist-ce7.sw.ru
State New
Series "ms/fs/seq_file.c: simplify seq_file iteration code and interface"
Headers show

Commit Message

Konstantin Khorenko Dec. 24, 2019, 10:04 a.m.
The commit is pushed to "branch-rh7-3.10.0-1062.7.1.vz7.130.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-1062.7.1.vz7.130.5
------>
commit 24a0222e303a782da6ac25930a53922ac9e51a62
Author: NeilBrown <neilb@suse.com>
Date:   Tue Aug 13 15:37:44 2019 -0700

    ms/seq_file: fix problem when seeking mid-record
    
    If you use lseek or similar (e.g.  pread) to access a location in a
    seq_file file that is within a record, rather than at a record boundary,
    then the first read will return the remainder of the record, and the
    second read will return the whole of that same record (instead of the
    next record).  When seeking to a record boundary, the next record is
    correctly returned.
    
    This bug was introduced by a recent patch (identified below).  Before
    that patch, seq_read() would increment m->index when the last of the
    buffer was returned (m->count == 0).  After that patch, we rely on
    ->next to increment m->index after filling the buffer - but there was
    one place where that didn't happen.
    
    Link: https://lkml.kernel.org/lkml/877e7xl029.fsf@notabene.neil.brown.name/
    Fixes: 1f4aace60b0e ("fs/seq_file.c: simplify seq_file iteration code and interface")
    Signed-off-by: NeilBrown <neilb@suse.com>
    Reported-by: Sergei Turchanov <turchanov@farpost.com>
    Tested-by: Sergei Turchanov <turchanov@farpost.com>
    Cc: Alexander Viro <viro@zeniv.linux.org.uk>
    Cc: Markus Elfring <Markus.Elfring@web.de>
    Cc: <stable@vger.kernel.org>    [4.19+]
    Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
    Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
    
    https://bugs.openvz.org/browse/OVZ-7158
    
    (cherry picked from commit 6a2aeab59e97101b4001bac84388fc49a992f87e)
    Signed-off-by: Vasiliy Averin <vvs@virtuozzo.com>
---
 fs/seq_file.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Patch hide | download patch | download mbox

diff --git a/fs/seq_file.c b/fs/seq_file.c
index 61fa5f8e8a58b..4dc70b8d6f3be 100644
--- a/fs/seq_file.c
+++ b/fs/seq_file.c
@@ -124,6 +124,7 @@  static int traverse(struct seq_file *m, loff_t offset)
 		}
 		if (seq_has_overflowed(m))
 			goto Eoverflow;
+		p = m->op->next(m, p, &m->index);
 		if (pos + m->count > offset) {
 			m->from = offset - pos;
 			m->count -= m->from;
@@ -131,7 +132,6 @@  static int traverse(struct seq_file *m, loff_t offset)
 		}
 		pos += m->count;
 		m->count = 0;
-		p = m->op->next(m, p, &m->index);
 		if (pos == offset)
 			break;
 	}