The iso9660 fs in 2.2.x kernels has an off-by-one error which
causes "access beyond end of device" errors when reading the last
portion of the last file, if that file has a size which is
N*4096+2048 bytes.
Repeat-by:
dd if=/dev/zero bs=2k of=/tmp/test-data count=1
mkisofs -V test -J -o /tmp/test.img /tmp/test-data
losetup /dev/loop0 /tmp/test.img
mkdir /mnt/test
mount -o ro -t iso9660 /dev/loop0 /mnt/test
wc /mnt/test/test-data
wc will fail with an I/O error, and dmesg will say:
attempt to access beyond end of device
07:00: rw=0, want=62, limit=60
dev 07:00 blksize=2048 blocknr=30 sector=120 size=2048 count=1
attempt to access beyond end of device
07:00: rw=0, want=62, limit=60
dev 07:00 blksize=2048 blocknr=30 sector=120 size=2048 count=1
fs/buffer.c:generic_readpage() appears to always bmap() every block
in a file's last page, even if the page isn't completely filled.
Apparently, the ->bmap() methods are supposed to deal with this
by returning 0 for blocks just after a file's end.
fs/isofs/inode.c:isofs_bmap() tests for this condition by comparing
the block's start offset with the file's size. If the offset is ">"
than the size, 0 is returned. This is wrong: offsets 0..size-1 are
in the file's range so the test should be ">=" not ">".
2.4.0-test4 does not appear to suffer from this problem.
/Mikael
--- linux-2.2.17pre13/fs/isofs/inode.c.~1~ Thu Jun 8 09:05:53 2000
+++ linux-2.2.17pre13/fs/isofs/inode.c Sun Jul 23 22:19:30 2000
@@ -915,7 +915,7 @@
* If we are beyond the end of this file, don't give out any
* blocks.
*/
- if( b_off > inode->i_size )
+ if( b_off >= inode->i_size )
{
off_t max_legal_read_offset;
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Sun Jul 23 2000 - 21:00:20 EST