tmpfs: don't undo fallocate past its last page

commit b9b4bb26af017dbe930cd4df7f9b2fc3a0497bfe upstream.

When fallocate is interrupted it will undo a range that extends one byte
past its range of allocated pages.  This can corrupt an in-use page by
zeroing out its first byte.  Instead, undo using the inclusive byte
range.

Fixes: 1635f6a74152f1d ("tmpfs: undo fallocation on failure")
Link: http://lkml.kernel.org/r/1462713387-16724-1-git-send-email-anthony.romano@coreos.com
Signed-off-by: Anthony Romano <anthony.romano@coreos.com>
Cc: Vlastimil Babka <vbabka@suse.cz>
Cc: Hugh Dickins <hughd@google.com>
Cc: Brandon Philips <brandon@ifup.co>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Willy Tarreau <w@1wt.eu>

diff --git a/mm/shmem.c b/mm/shmem.c
index 4e4a7349c5cd7ef4686e497356bf74b92cd5856d..e163e40b0bb56c4053e0427e38aa3bed6c2d2e26 100644 (file)
--- a/mm/shmem.c
+++ b/mm/shmem.c
@@ -1950,7 +1950,7 @@ static long shmem_fallocate(struct file *file, int mode, loff_t offset,
                        /* Remove the !PageUptodate pages we added */
                        shmem_undo_range(inode,
                                (loff_t)start << PAGE_CACHE_SHIFT,
-                               (loff_t)index << PAGE_CACHE_SHIFT, true);
+                               ((loff_t)index << PAGE_CACHE_SHIFT) - 1, true);
                        goto undone;
                }