--- /dev/null
+From 74cedf9b6c603f2278a05bc91b140b32b434d0b5 Mon Sep 17 00:00:00 2001
+From: Jan Kara <jack@suse.cz>
+Date: Mon, 30 Nov 2015 10:15:42 -0700
+Subject: direct-io: Fix negative return from dio read beyond eof
+
+From: Jan Kara <jack@suse.cz>
+
+commit 74cedf9b6c603f2278a05bc91b140b32b434d0b5 upstream.
+
+Assume a filesystem with 4KB blocks. When a file has size 1000 bytes and
+we issue direct IO read at offset 1024, blockdev_direct_IO() reads the
+tail of the last block and the logic for handling short DIO reads in
+dio_complete() results in a return value -24 (1000 - 1024) which
+obviously confuses userspace.
+
+Fix the problem by bailing out early once we sample i_size and can
+reliably check that direct IO read starts beyond i_size.
+
+Reported-by: Avi Kivity <avi@scylladb.com>
+Fixes: 9fe55eea7e4b444bafc42fa0000cc2d1d2847275
+CC: Steven Whitehouse <swhiteho@redhat.com>
+Signed-off-by: Jan Kara <jack@suse.cz>
+Signed-off-by: Jens Axboe <axboe@fb.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/direct-io.c | 10 +++++++++-
+ 1 file changed, 9 insertions(+), 1 deletion(-)
+
+--- a/fs/direct-io.c
++++ b/fs/direct-io.c
+@@ -1161,6 +1161,15 @@ do_blockdev_direct_IO(struct kiocb *iocb
+ }
+ }
+
++ /* Once we sampled i_size check for reads beyond EOF */
++ dio->i_size = i_size_read(inode);
++ if (iov_iter_rw(iter) == READ && offset >= dio->i_size) {
++ if (dio->flags & DIO_LOCKING)
++ mutex_unlock(&inode->i_mutex);
++ kmem_cache_free(dio_cache, dio);
++ goto out;
++ }
++
+ /*
+ * For file extending writes updating i_size before data writeouts
+ * complete can expose uninitialized blocks in dumb filesystems.
+@@ -1214,7 +1223,6 @@ do_blockdev_direct_IO(struct kiocb *iocb
+ sdio.next_block_for_io = -1;
+
+ dio->iocb = iocb;
+- dio->i_size = i_size_read(inode);
+
+ spin_lock_init(&dio->bio_lock);
+ dio->refcount = 1;
--- /dev/null
+From 2d4594acbf6d8f75a27f3578476b6a27d8b13ebb Mon Sep 17 00:00:00 2001
+From: Al Viro <viro@zeniv.linux.org.uk>
+Date: Tue, 8 Dec 2015 12:22:47 -0500
+Subject: fix the regression from "direct-io: Fix negative return from dio read beyond eof"
+
+From: Al Viro <viro@zeniv.linux.org.uk>
+
+commit 2d4594acbf6d8f75a27f3578476b6a27d8b13ebb upstream.
+
+Sure, it's better to bail out of past-the-eof read and return 0 than return
+a bogus negative value on such. Only we'd better make sure we are bailing out
+with 0 and not -ENOMEM...
+
+Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/direct-io.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/fs/direct-io.c
++++ b/fs/direct-io.c
+@@ -1167,6 +1167,7 @@ do_blockdev_direct_IO(struct kiocb *iocb
+ if (dio->flags & DIO_LOCKING)
+ mutex_unlock(&inode->i_mutex);
+ kmem_cache_free(dio_cache, dio);
++ retval = 0;
+ goto out;
+ }
+
projects / thirdparty / kernel / stable-queue.git / commitdiff
