Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit a564da39 authored by Oleg Nesterov's avatar Oleg Nesterov Committed by Linus Torvalds
Browse files

[PATCH] readahead: ->prev_page can overrun the ahead window 



If get_next_ra_size() does not grow fast enough, ->prev_page can overrun
the ahead window.  This means the caller will read the pages from
->ahead_start + ->ahead_size to ->prev_page synchronously.

Signed-off-by: default avatarOleg Nesterov <oleg@tv-sign.ru>
Cc: Steven Pratt <slpratt@austin.ibm.com>
Cc: Ram Pai <linuxram@us.ibm.com>
Cc: Trond Myklebust <trond.myklebust@fys.uio.no>
Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
parent d15c023b

mm/readahead.c

+20 −6
Original line number Diff line number Diff line
@@ -52,13 +52,24 @@ static inline unsigned long get_min_readahead(struct file_ra_state *ra) 
	return (VM_MIN_READAHEAD * 1024) / PAGE_CACHE_SIZE;

}



static inline void reset_ahead_window(struct file_ra_state *ra)

{

	/*

	 * ... but preserve ahead_start + ahead_size value,

	 * see 'recheck:' label in page_cache_readahead().

	 * Note: We never use ->ahead_size as rvalue without

	 * checking ->ahead_start != 0 first.

	 */

	ra->ahead_size += ra->ahead_start;

	ra->ahead_start = 0;

}



static inline void ra_off(struct file_ra_state *ra)

{

	ra->start = 0;

	ra->flags = 0;

	ra->size = 0;

	ra->ahead_start = 0;

	ra->ahead_size = 0;

	reset_ahead_window(ra);

	return;

}
@@ -426,8 +437,7 @@ static int make_ahead_window(struct address_space *mapping, struct file *filp, 
		 * congestion.  The ahead window will any way be closed

		 * in case we failed due to excessive page cache hits.

		 */

		ra->ahead_start = 0;

		ra->ahead_size = 0;

		reset_ahead_window(ra);

	}



	return ret;
@@ -520,11 +530,11 @@ page_cache_readahead(struct address_space *mapping, struct file_ra_state *ra, 
	 * If we get here we are doing sequential IO and this was not the first

	 * occurence (ie we have an existing window)

	 */



	if (ra->ahead_start == 0) {	 /* no ahead window yet */

		if (!make_ahead_window(mapping, filp, ra, 0))

			goto out;

			goto recheck;

	}



	/*

	 * Already have an ahead window, check if we crossed into it.

	 * If so, shift windows and issue a new ahead window.
@@ -536,6 +546,10 @@ page_cache_readahead(struct address_space *mapping, struct file_ra_state *ra, 
		ra->start = ra->ahead_start;

		ra->size = ra->ahead_size;

		make_ahead_window(mapping, filp, ra, 0);

recheck:

		/* prev_page shouldn't overrun the ahead window */

		ra->prev_page = min(ra->prev_page,

			ra->ahead_start + ra->ahead_size - 1);

	}



out: