kernel_optimize_test/fs/afs
David Howells 29f0698532 afs: Fix AFS read bug
Fix a bug in AFS read whereby the request page afs_read::index isn't
incremented after calling ->page_done() if ->remain reaches 0, indicating
that the data read is complete.

Without this a NULL pointer exception happens when ->page_done() is called
twice for the last page because the page clearing loop will call it also
and afs_readpages_page_done() clears the current entry in the page list.

BUG: unable to handle kernel NULL pointer dereference at           (null)
IP: afs_readpages_page_done+0x21/0xa4 [kafs]
PGD 0
Oops: 0002 [#1] SMP
Modules linked in: kafs(E)
CPU: 2 PID: 3002 Comm: md5sum Tainted: G            E   4.10.0-fscache #485
Hardware name: ASUS All Series/H97-PLUS, BIOS 2306 10/09/2014
task: ffff8804017d86c0 task.stack: ffff8803fc1d8000
RIP: 0010:afs_readpages_page_done+0x21/0xa4 [kafs]
RSP: 0018:ffff8803fc1db978 EFLAGS: 00010282
RAX: ffff880405d39af8 RBX: 0000000000000000 RCX: ffff880407d83ed4
RDX: 0000000000000000 RSI: ffff880405d39a00 RDI: ffff880405c6f400
RBP: ffff8803fc1db988 R08: 0000000000000000 R09: 0000000000000001
R10: ffff8803fc1db820 R11: ffff88040cf56000 R12: ffff8804088f1780
R13: ffff8804017d86c0 R14: ffff8804088f1780 R15: 0000000000003840
FS:  00007f8154469700(0000) GS:ffff88041fb00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000000000000 CR3: 00000004016ec000 CR4: 00000000001406e0
Call Trace:
 afs_deliver_fs_fetch_data+0x5b9/0x60e [kafs]
 ? afs_make_call+0x316/0x4e8 [kafs]
 ? afs_make_call+0x359/0x4e8 [kafs]
 afs_deliver_to_call+0x173/0x2e8 [kafs]
 ? afs_make_call+0x316/0x4e8 [kafs]
 afs_make_call+0x37a/0x4e8 [kafs]
 ? wake_up_q+0x4f/0x4f
 ? __init_waitqueue_head+0x36/0x49
 afs_fs_fetch_data+0x21c/0x227 [kafs]
 ? afs_fs_fetch_data+0x21c/0x227 [kafs]
 afs_vnode_fetch_data+0xf3/0x1d2 [kafs]
 afs_readpages+0x314/0x3fd [kafs]
 __do_page_cache_readahead+0x208/0x2c5
 ondemand_readahead+0x3a2/0x3b7
 ? ondemand_readahead+0x3a2/0x3b7
 page_cache_async_readahead+0x5e/0x67
 generic_file_read_iter+0x23b/0x70c
 ? __inode_security_revalidate+0x2f/0x62
 __vfs_read+0xc4/0xe8
 vfs_read+0xd1/0x15a
 SyS_read+0x4c/0x89
 do_syscall_64+0x80/0x191
 entry_SYSCALL64_slow_path+0x25/0x25

Reported-by: Marc Dionne <marc.dionne@auristor.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Tested-by: Marc Dionne <marc.dionne@auristor.com>
2017-03-16 16:27:46 +00:00
..
afs_cm.h
afs_fs.h
afs_vl.h
afs.h
cache.c
callback.c afs: Migrate vlocation fields to 64-bit 2017-03-16 16:27:46 +00:00
cell.c
cmservice.c afs: Deal with an empty callback array 2017-03-16 16:27:44 +00:00
dir.c lib/vsprintf.c: remove %Z support 2017-02-27 18:43:47 -08:00
file.c afs: Flush outstanding writes when an fd is closed 2017-03-16 16:27:45 +00:00
flock.c fs/afs/flock: Remove deprecated create_singlethread_workqueue 2016-09-04 21:41:39 +01:00
fsclient.c afs: Fix AFS read bug 2017-03-16 16:27:46 +00:00
inode.c afs: Prevent callback expiry timer overflow 2017-03-16 16:27:46 +00:00
internal.h afs: Prevent callback expiry timer overflow 2017-03-16 16:27:46 +00:00
Kconfig
main.c afs: Use core kernel UUID generation 2017-02-10 16:34:17 +00:00
Makefile
misc.c
mntpt.c afs: Distinguish mountpoints from symlinks by file mode alone 2017-03-16 16:27:45 +00:00
netdevices.c afs: Use core kernel UUID generation 2017-02-10 16:34:17 +00:00
proc.c Replace <asm/uaccess.h> with <linux/uaccess.h> globally 2016-12-24 11:46:01 -08:00
rxrpc.c Merge branch 'WIP.sched-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2017-03-03 10:16:38 -08:00
security.c afs: security: Replace rcu_assign_pointer() with RCU_INIT_POINTER() 2017-03-16 16:27:45 +00:00
server.c afs: Migrate vlocation fields to 64-bit 2017-03-16 16:27:46 +00:00
super.c
vlclient.c afs: Kill afs_wait_mode 2017-01-09 11:10:02 +00:00
vlocation.c afs: Migrate vlocation fields to 64-bit 2017-03-16 16:27:46 +00:00
vnode.c afs: Kill afs_wait_mode 2017-01-09 11:10:02 +00:00
volume.c afs: Make afs_readpages() fetch data in bulk 2017-01-06 16:54:41 +00:00
write.c afs: Flush outstanding writes when an fd is closed 2017-03-16 16:27:45 +00:00