[lustre-devel] [PATCH 2/7] lustre: llite: Fix use of uninitialized fields

Mon Apr 18 17:30:59 PDT 2022

From: Patrick Farrell <pfarrell at whamcloud.com>

We use data from ci_rw to set io_start_index and
io_end_index, which is a problem for mmap because mmap does
not use ci_rw.

When ci_rand_read is set or readahead is disabled, we use
these values to decide how much data to read.

ci_rw is uninitialized, and if the values are non-zero,
we may try to read data beyond the locks we took for our
I/O.

If there is no lock (either because there was never one or
it was cancelled), this results in an LBUG in
osc_req_attr_set when it verifies the pages are covered by
a lock.

WC-bug-id: https://jira.whamcloud.com/browse/LU-15637
Lustre-commit: 9884f37985c1108fb ("LU-15637 llite: Fix use of uninitialized fields")
Signed-off-by: Patrick Farrell <pfarrell at whamcloud.com>
Reviewed-on: https://review.whamcloud.com/46776
Reviewed-by: Yang Sheng <ys at whamcloud.com>
Reviewed-by: Andreas Dilger <adilger at whamcloud.com>
Reviewed-by: Oleg Drokin <green at whamcloud.com>
Signed-off-by: James Simmons <jsimmons at infradead.org>
---
 fs/lustre/llite/rw.c | 18 +++++++++++++-----
 1 file changed, 13 insertions(+), 5 deletions(-)

diff --git a/fs/lustre/llite/rw.c b/fs/lustre/llite/rw.c
index b8cffde..0ddd920 100644
--- a/fs/lustre/llite/rw.c
+++ b/fs/lustre/llite/rw.c
@@ -1627,6 +1627,8 @@ int ll_io_read_page(const struct lu_env *env, struct cl_io *io,
 	struct ll_readahead_state *ras = NULL;
 	struct cl_2queue *queue = &io->ci_queue;
 	struct ll_sb_info *sbi = ll_i2sbi(inode);
+	struct vvp_io *vio = vvp_env_io(env);
+	bool mmap = !vio->vui_ra_valid;
 	struct cl_sync_io *anchor = NULL;
 	pgoff_t ra_start_index = 0;
 	pgoff_t io_start_index;
@@ -1644,12 +1646,11 @@ int ll_io_read_page(const struct lu_env *env, struct cl_io *io,
 	uptodate = vpg->vpg_defer_uptodate;
 
 	if (ll_readahead_enabled(sbi) && !vpg->vpg_ra_updated && ras) {
-		struct vvp_io *vio = vvp_env_io(env);
 		enum ras_update_flags flags = 0;
 
 		if (uptodate)
 			flags |= LL_RAS_HIT;
-		if (!vio->vui_ra_valid)
+		if (mmap)
 			flags |= LL_RAS_MMAP;
 		ras_update(sbi, inode, ras, vvp_index(vpg), flags, io);
 	}
@@ -1667,9 +1668,16 @@ int ll_io_read_page(const struct lu_env *env, struct cl_io *io,
 		cl_page_list_add(&queue->c2_qin, page, true);
 	}
 
-	io_start_index = cl_index(io->ci_obj, io->u.ci_rw.crw_pos);
-	io_end_index = cl_index(io->ci_obj, io->u.ci_rw.crw_pos +
-				io->u.ci_rw.crw_count - 1);
+	/* mmap does not set the ci_rw fields */
+	if (!mmap) {
+		io_start_index = cl_index(io->ci_obj, io->u.ci_rw.crw_pos);
+		io_end_index = cl_index(io->ci_obj, io->u.ci_rw.crw_pos +
+					io->u.ci_rw.crw_count - 1);
+	} else {
+		io_start_index = vvp_index(vpg);
+		io_end_index = vvp_index(vpg);
+	}
+
 	if (ll_readahead_enabled(sbi) && ras && !io->ci_rand_read) {
 		pgoff_t skip_index = 0;
 
-- 
1.8.3.1

