From 6572be008d9f6e765b626fb780e6cc71e07e7747 Mon Sep 17 00:00:00 2001
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Wed, 27 Jan 2016 09:20:54 -0800
Subject: [PATCH] 4.1-stable patches

added patches:
	direct-io-fix-negative-return-from-dio-read-beyond-eof.patch
	fix-the-regression-from-direct-io-fix-negative-return-from-dio-read-beyond-eof.patch
---
 ...tive-return-from-dio-read-beyond-eof.patch | 55 +++++++++++++++++++
 ...tive-return-from-dio-read-beyond-eof.patch | 30 ++++++++++
 queue-4.1/series                              |  2 +
 3 files changed, 87 insertions(+)
 create mode 100644 queue-4.1/direct-io-fix-negative-return-from-dio-read-beyond-eof.patch
 create mode 100644 queue-4.1/fix-the-regression-from-direct-io-fix-negative-return-from-dio-read-beyond-eof.patch

diff --git a/queue-4.1/direct-io-fix-negative-return-from-dio-read-beyond-eof.patch b/queue-4.1/direct-io-fix-negative-return-from-dio-read-beyond-eof.patch
new file mode 100644
index 00000000000..749b01b61cc
--- /dev/null
+++ b/queue-4.1/direct-io-fix-negative-return-from-dio-read-beyond-eof.patch
@@ -0,0 +1,55 @@
+From 74cedf9b6c603f2278a05bc91b140b32b434d0b5 Mon Sep 17 00:00:00 2001
+From: Jan Kara <jack@suse.cz>
+Date: Mon, 30 Nov 2015 10:15:42 -0700
+Subject: direct-io: Fix negative return from dio read beyond eof
+
+From: Jan Kara <jack@suse.cz>
+
+commit 74cedf9b6c603f2278a05bc91b140b32b434d0b5 upstream.
+
+Assume a filesystem with 4KB blocks. When a file has size 1000 bytes and
+we issue direct IO read at offset 1024, blockdev_direct_IO() reads the
+tail of the last block and the logic for handling short DIO reads in
+dio_complete() results in a return value -24 (1000 - 1024) which
+obviously confuses userspace.
+
+Fix the problem by bailing out early once we sample i_size and can
+reliably check that direct IO read starts beyond i_size.
+
+Reported-by: Avi Kivity <avi@scylladb.com>
+Fixes: 9fe55eea7e4b444bafc42fa0000cc2d1d2847275
+CC: Steven Whitehouse <swhiteho@redhat.com>
+Signed-off-by: Jan Kara <jack@suse.cz>
+Signed-off-by: Jens Axboe <axboe@fb.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/direct-io.c |   10 +++++++++-
+ 1 file changed, 9 insertions(+), 1 deletion(-)
+
+--- a/fs/direct-io.c
++++ b/fs/direct-io.c
+@@ -1159,6 +1159,15 @@ do_blockdev_direct_IO(struct kiocb *iocb
+ 		}
+ 	}
+ 
++	/* Once we sampled i_size check for reads beyond EOF */
++	dio->i_size = i_size_read(inode);
++	if (iov_iter_rw(iter) == READ && offset >= dio->i_size) {
++		if (dio->flags & DIO_LOCKING)
++			mutex_unlock(&inode->i_mutex);
++		kmem_cache_free(dio_cache, dio);
++		goto out;
++	}
++
+ 	/*
+ 	 * For file extending writes updating i_size before data writeouts
+ 	 * complete can expose uninitialized blocks in dumb filesystems.
+@@ -1212,7 +1221,6 @@ do_blockdev_direct_IO(struct kiocb *iocb
+ 	sdio.next_block_for_io = -1;
+ 
+ 	dio->iocb = iocb;
+-	dio->i_size = i_size_read(inode);
+ 
+ 	spin_lock_init(&dio->bio_lock);
+ 	dio->refcount = 1;
diff --git a/queue-4.1/fix-the-regression-from-direct-io-fix-negative-return-from-dio-read-beyond-eof.patch b/queue-4.1/fix-the-regression-from-direct-io-fix-negative-return-from-dio-read-beyond-eof.patch
new file mode 100644
index 00000000000..a442a106f1f
--- /dev/null
+++ b/queue-4.1/fix-the-regression-from-direct-io-fix-negative-return-from-dio-read-beyond-eof.patch
@@ -0,0 +1,30 @@
+From 2d4594acbf6d8f75a27f3578476b6a27d8b13ebb Mon Sep 17 00:00:00 2001
+From: Al Viro <viro@zeniv.linux.org.uk>
+Date: Tue, 8 Dec 2015 12:22:47 -0500
+Subject: fix the regression from "direct-io: Fix negative return from dio read beyond eof"
+
+From: Al Viro <viro@zeniv.linux.org.uk>
+
+commit 2d4594acbf6d8f75a27f3578476b6a27d8b13ebb upstream.
+
+Sure, it's better to bail out of past-the-eof read and return 0 than return
+a bogus negative value on such.  Only we'd better make sure we are bailing out
+with 0 and not -ENOMEM...
+
+Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/direct-io.c |    1 +
+ 1 file changed, 1 insertion(+)
+
+--- a/fs/direct-io.c
++++ b/fs/direct-io.c
+@@ -1165,6 +1165,7 @@ do_blockdev_direct_IO(struct kiocb *iocb
+ 		if (dio->flags & DIO_LOCKING)
+ 			mutex_unlock(&inode->i_mutex);
+ 		kmem_cache_free(dio_cache, dio);
++		retval = 0;
+ 		goto out;
+ 	}
+ 
diff --git a/queue-4.1/series b/queue-4.1/series
index a607f40c6f9..0184f7f3ab4 100644
--- a/queue-4.1/series
+++ b/queue-4.1/series
@@ -121,3 +121,5 @@ parisc-iommu-fix-panic-due-to-trying-to-allocate-too-large-region.patch
 hid-core-avoid-uninitialized-buffer-access.patch
 staging-lustre-echo_copy.._lsm-dereferences-userland-pointers-directly.patch
 media-vivid-osd-fix-info-leak-in-ioctl.patch
+direct-io-fix-negative-return-from-dio-read-beyond-eof.patch
+fix-the-regression-from-direct-io-fix-negative-return-from-dio-read-beyond-eof.patch
-- 
2.47.3