diff options
author | Jan Kara <jack@suse.cz> | 2015-11-30 10:15:42 -0700 |
---|---|---|
committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2016-01-31 11:25:55 -0800 |
commit | 9c8c46046edba54532225f61291ecc162d24cf70 (patch) | |
tree | 1d6dcb318a03169702456b016b518405ab40ebac | |
parent | 42debcb0815cfdf8c1a5e5c40eb71f6c2547c432 (diff) | |
download | lwn-9c8c46046edba54532225f61291ecc162d24cf70.tar.gz lwn-9c8c46046edba54532225f61291ecc162d24cf70.zip |
direct-io: Fix negative return from dio read beyond eof
commit 74cedf9b6c603f2278a05bc91b140b32b434d0b5 upstream.
Assume a filesystem with 4KB blocks. When a file has size 1000 bytes and
we issue direct IO read at offset 1024, blockdev_direct_IO() reads the
tail of the last block and the logic for handling short DIO reads in
dio_complete() results in a return value -24 (1000 - 1024) which
obviously confuses userspace.
Fix the problem by bailing out early once we sample i_size and can
reliably check that direct IO read starts beyond i_size.
Reported-by: Avi Kivity <avi@scylladb.com>
Fixes: 9fe55eea7e4b444bafc42fa0000cc2d1d2847275
CC: Steven Whitehouse <swhiteho@redhat.com>
Signed-off-by: Jan Kara <jack@suse.cz>
Signed-off-by: Jens Axboe <axboe@fb.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-rw-r--r-- | fs/direct-io.c | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/fs/direct-io.c b/fs/direct-io.c index 11256291642e..8897af41ae90 100644 --- a/fs/direct-io.c +++ b/fs/direct-io.c @@ -1161,6 +1161,15 @@ do_blockdev_direct_IO(struct kiocb *iocb, struct inode *inode, } } + /* Once we sampled i_size check for reads beyond EOF */ + dio->i_size = i_size_read(inode); + if (iov_iter_rw(iter) == READ && offset >= dio->i_size) { + if (dio->flags & DIO_LOCKING) + mutex_unlock(&inode->i_mutex); + kmem_cache_free(dio_cache, dio); + goto out; + } + /* * For file extending writes updating i_size before data writeouts * complete can expose uninitialized blocks in dumb filesystems. @@ -1214,7 +1223,6 @@ do_blockdev_direct_IO(struct kiocb *iocb, struct inode *inode, sdio.next_block_for_io = -1; dio->iocb = iocb; - dio->i_size = i_size_read(inode); spin_lock_init(&dio->bio_lock); dio->refcount = 1; |