diff options
| author | Huiwen He <hehuiwen@kylinos.cn> | 2026-07-03 13:32:56 +0800 |
|---|---|---|
| committer | Steve French <stfrench@microsoft.com> | 2026-07-13 10:37:54 -0500 |
| commit | b09ae45d85dc816987a71db9eebc54b0ae288e94 (patch) | |
| tree | 14451ff928f9b56f83222fe8659adedac3186199 /scripts/package/gen-diff-patch | |
| parent | 5906d0e82e8e07d756f3ed1abfac8f8cea2c20dc (diff) | |
smb/client: handle overlapping allocated ranges in fallocate
smb3_simple_fallocate_range() can skip holes when an allocated range
returned by the server starts before the current fallocate offset. The
skipped hole is not zero-filled, but fallocate still returns success. A
later write to that hole may therefore fail with ENOSPC.
The function queries allocated ranges so that it can preserve existing
contents and write zeroes only into holes. However, the server may return
a range that starts before the current fallocate offset.
For example, assume the fallocate request is [100, 400) and the only
allocated range returned by the server is [0, 200):
Request: [100, 400)
Server range: [ 0, 200) allocated
Correct:
[100, 200) allocated data, skip
[200, 400) hole, zero-fill
Current:
[100, 300) skipped
[300, 400) zero-filled afterwards
The current code adds the full server range length, 200, to the current
offset 100 and moves to 300. As a result, the hole in [200, 300) is
skipped without being zero-filled.
Fix this by advancing only over the part of the allocated range that
overlaps the current fallocate offset. Ignore ranges that end before the
current offset and reject ranges whose end offset overflows.
This also prevents a malformed range length from causing an out-of-bounds
zero-buffer read.
Fixes: 966a3cb7c7db ("cifs: improve fallocate emulation")
Signed-off-by: Huiwen He <hehuiwen@kylinos.cn>
Reviewed-by: ChenXiaoSong <chenxiaosong@kylinos.cn>
Signed-off-by: Steve French <stfrench@microsoft.com>
Diffstat (limited to 'scripts/package/gen-diff-patch')
0 files changed, 0 insertions, 0 deletions
