Re: [PATCH] VFS readahead bug in 2.6.8-rc[1-3]

[Nick Piggin]

Nick Piggin wrote:

> Phillip Lougher wrote:
>
> > Hi,
> >
> > There is a readahead bug in do_generic_mapping_read (filemap.c).  This
> > bug appears to have been introduced in 2.6.8-rc1.  Specifically the bug
> > is caused by an incorrect code change which causes VFS to call
> > readpage() for indexes beyond the end of files where the file length is
> > zero or a 4k multiple.
> >
> > In Squashfs this causes a variety of almost immediate OOPes because
> > Squashfs trusts the VFS not to pass invalid index values.  For other
> > filesystems it may also be causing subtle bugs.  I have received
> > prune_dcache oopes similar to Gene Heskett's (which was also
> > pointer corruption), and so it may fix this and other reported
> > readahead bugs.
> >
> > The patch is against 2.6.8-rc3.
>
> Good work - bug is mine, sorry.

On second thought, maybe not. I think your filesystem is at fault.

Firstly, there possibly is a bug in do_pagecache_readahead which allows 
it to
read off the end of the file in a completely serialised situation. But 
even so,
notice the absence of locking - i_size can change at any time can't it? Then
your fix will blow up when you race with a truncate, right?

I think you need to handle reading off the end of the file properly: I'm not
too familiar with this code, but IIRC you are allowed to setup pagecache 
past
the end of the file - it gets handled correctly in 
do_generic_mapping_read, and
ends up falling off the LRU. This should help you.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/