4.3-stable review patch. If anyone has any objections, please let me know.
------------------ From: Jan Kara <[email protected]> commit 74cedf9b6c603f2278a05bc91b140b32b434d0b5 upstream. Assume a filesystem with 4KB blocks. When a file has size 1000 bytes and we issue direct IO read at offset 1024, blockdev_direct_IO() reads the tail of the last block and the logic for handling short DIO reads in dio_complete() results in a return value -24 (1000 - 1024) which obviously confuses userspace. Fix the problem by bailing out early once we sample i_size and can reliably check that direct IO read starts beyond i_size. Reported-by: Avi Kivity <[email protected]> Fixes: 9fe55eea7e4b444bafc42fa0000cc2d1d2847275 CC: Steven Whitehouse <[email protected]> Signed-off-by: Jan Kara <[email protected]> Signed-off-by: Jens Axboe <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]> --- fs/direct-io.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) --- a/fs/direct-io.c +++ b/fs/direct-io.c @@ -1161,6 +1161,15 @@ do_blockdev_direct_IO(struct kiocb *iocb } } + /* Once we sampled i_size check for reads beyond EOF */ + dio->i_size = i_size_read(inode); + if (iov_iter_rw(iter) == READ && offset >= dio->i_size) { + if (dio->flags & DIO_LOCKING) + mutex_unlock(&inode->i_mutex); + kmem_cache_free(dio_cache, dio); + goto out; + } + /* * For file extending writes updating i_size before data writeouts * complete can expose uninitialized blocks in dumb filesystems. @@ -1214,7 +1223,6 @@ do_blockdev_direct_IO(struct kiocb *iocb sdio.next_block_for_io = -1; dio->iocb = iocb; - dio->i_size = i_size_read(inode); spin_lock_init(&dio->bio_lock); dio->refcount = 1;
