Commit 684c9aae authored by Linus Torvalds's avatar Linus Torvalds
Browse files

vfs: fix O_DIRECT read past end of block device 



The direct-IO write path already had the i_size checks in mm/filemap.c,
but it turns out the read path did not, and removing the block size
checks in fs/block_dev.c (commit bbec0270: "blkdev_max_block: make
private to fs/buffer.c") removed the magic "shrink IO to past the end of
the device" code there.

Fix it by truncating the IO to the size of the block device, like the
write path already does.

NOTE! I suspect the write path would be *much* better off doing it this
way in fs/block_dev.c, rather than hidden deep in mm/filemap.c.  The
mm/filemap.c code is extremely hard to follow, and has various
conditionals on the target being a block device (ie the flag passed in
to 'generic_write_checks()', along with a conditional update of the
inode timestamp etc).

It is also quite possible that we should treat this whole block device
size as a "s_maxbytes" issue, and try to make the logic even more
generic.  However, in the meantime this is the fairly minimal targeted
fix.

Noted by Milan Broz thanks to a regression test for the cryptsetup
reencrypt tool.

Reported-and-tested-by: default avatarMilan Broz <mbroz@redhat.com>
Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
parent 1b3c393c

fs/block_dev.c

+17 −1
Original line number Diff line number Diff line
@@ -1544,6 +1544,22 @@ ssize_t blkdev_aio_write(struct kiocb *iocb, const struct iovec *iov, 
}

EXPORT_SYMBOL_GPL(blkdev_aio_write);



static ssize_t blkdev_aio_read(struct kiocb *iocb, const struct iovec *iov,

			 unsigned long nr_segs, loff_t pos)

{

	struct file *file = iocb->ki_filp;

	struct inode *bd_inode = file->f_mapping->host;

	loff_t size = i_size_read(bd_inode);



	if (pos >= size)

		return 0;



	size -= pos;

	if (size < INT_MAX)

		nr_segs = iov_shorten((struct iovec *)iov, nr_segs, size);

	return generic_file_aio_read(iocb, iov, nr_segs, pos);

}



/*

 * Try to release a page associated with block device when the system

 * is under memory pressure.
@@ -1574,7 +1590,7 @@ const struct file_operations def_blk_fops = { 
	.llseek		= block_llseek,

	.read		= do_sync_read,

	.write		= do_sync_write,

	.aio_read	= generic_file_aio_read,

	.aio_read	= blkdev_aio_read,

	.aio_write	= blkdev_aio_write,

	.mmap		= generic_file_mmap,

	.fsync		= blkdev_fsync,

CRA Git | Maintained and supported by SUSTech CRA and CCSE