udf: Fix races with i_size changes during readpage
authorJan Kara <jack@suse.cz>
Tue, 13 Jun 2017 13:54:58 +0000 (15:54 +0200)
committerJan Kara <jack@suse.cz>
Wed, 14 Jun 2017 09:21:01 +0000 (11:21 +0200)
commit9795e0e8ac0d6a3ee092f1b555b284b57feef99e
treece1fa5f47b7b24d04d4893528eae522ce1885023
parenta247f7236d06f504e57637b8ec124fc1af226d08
udf: Fix races with i_size changes during readpage

__udf_adinicb_readpage() uses i_size several times. When truncate
changes i_size while the function is running, it can observe several
different values and thus e.g. expose uninitialized parts of page to
userspace. Also use i_size_read() in the function since it does not hold
inode_lock. Since i_size is guaranteed to be small, this cannot really
cause any issues even on 32-bit archs but let's be careful.

CC: stable@vger.kernel.org
Fixes: 9c2fc0de1a6e638fe58c354a463f544f42a90a09
Signed-off-by: Jan Kara <jack@suse.cz>
fs/udf/file.c