Patch "ceph: stop copying to iter at EOF on sync reads" has been added to the 6.8-stable tree

Sasha Levin <sashal@xxxxxxxxxx> · Sun, 24 Mar 2024 14:15:30 -0400

This is a note to let you know that I've just added the patch titled

    ceph: stop copying to iter at EOF on sync reads

to the 6.8-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     ceph-stop-copying-to-iter-at-eof-on-sync-reads.patch
and it can be found in the queue-6.8 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit dc8f0abd54dd7163bc73837cfe85f964047575aa
Author: Xiubo Li <xiubli@xxxxxxxxxx>
Date:   Wed Feb 21 09:16:12 2024 +0800

    ceph: stop copying to iter at EOF on sync reads
    
    [ Upstream commit 1065da21e5df9d843d2c5165d5d576be000142a6 ]
    
    If EOF is encountered, ceph_sync_read() return value is adjusted down
    according to i_size, but the "to" iter is advanced by the actual number
    of bytes read.  Then, when retrying, the remainder of the range may be
    skipped incorrectly.
    
    Ensure that the "to" iter is advanced only until EOF.
    
    [ idryomov: changelog ]
    
    Fixes: c3d8e0b5de48 ("ceph: return the real size read when it hits EOF")
    Reported-by: Frank Hsiao <frankhsiao@xxxxxxxx>
    Signed-off-by: Xiubo Li <xiubli@xxxxxxxxxx>
    Reviewed-by: Ilya Dryomov <idryomov@xxxxxxxxx>
    Tested-by: Frank Hsiao <frankhsiao@xxxxxxxx>
    Signed-off-by: Ilya Dryomov <idryomov@xxxxxxxxx>
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/fs/ceph/file.c b/fs/ceph/file.c
index abe8028d95bf4..3d1cd079dbf16 100644
--- a/fs/ceph/file.c
+++ b/fs/ceph/file.c
@@ -1138,7 +1138,12 @@ ssize_t __ceph_sync_read(struct inode *inode, loff_t *ki_pos,
 		}
 
 		idx = 0;
-		left = ret > 0 ? ret : 0;
+		if (ret <= 0)
+			left = 0;
+		else if (off + ret > i_size)
+			left = i_size - off;
+		else
+			left = ret;
 		while (left > 0) {
 			size_t plen, copied;
 
@@ -1167,15 +1172,13 @@ ssize_t __ceph_sync_read(struct inode *inode, loff_t *ki_pos,
 	}
 
 	if (ret > 0) {
-		if (off > *ki_pos) {
-			if (off >= i_size) {
-				*retry_op = CHECK_EOF;
-				ret = i_size - *ki_pos;
-				*ki_pos = i_size;
-			} else {
-				ret = off - *ki_pos;
-				*ki_pos = off;
-			}
+		if (off >= i_size) {
+			*retry_op = CHECK_EOF;
+			ret = i_size - *ki_pos;
+			*ki_pos = i_size;
+		} else {
+			ret = off - *ki_pos;
+			*ki_pos = off;
 		}
 
 		if (last_objver)







