From 9884f37985c1108fb8106a5d8615c2c35f3c6a71 Mon Sep 17 00:00:00 2001
From: Patrick Farrell <pfarrell@whamcloud.com>
Date: Wed, 9 Mar 2022 22:16:50 -0500
Subject: [PATCH] LU-15637 llite: Fix use of uninitialized fields

We use data from ci_rw to set io_start_index and
io_end_index, which is a problem for mmap because mmap does
not use ci_rw.

When ci_rand_read is set or readahead is disabled, we use
these values to decide how much data to read.

ci_rw is uninitialized, and if the values are non-zero,
we may try to read data beyond the locks we took for our
I/O.

If there is no lock (either because there was never one or
it was cancelled), this results in an LBUG in
osc_req_attr_set when it verifies the pages are covered by
a lock.

Signed-off-by: Patrick Farrell <pfarrell@whamcloud.com>
Change-Id: If7c8d2eb87a28bf76a6f959e7be7bf636c887cfe
Reviewed-on: https://review.whamcloud.com/46776
Tested-by: jenkins <devops@whamcloud.com>
Reviewed-by: Yang Sheng <ys@whamcloud.com>
Reviewed-by: Andreas Dilger <adilger@whamcloud.com>
Tested-by: Maloo <maloo@whamcloud.com>
Reviewed-by: Oleg Drokin <green@whamcloud.com>
---
 lustre/llite/rw.c | 18 +++++++++++++-----
 1 file changed, 13 insertions(+), 5 deletions(-)

diff --git a/lustre/llite/rw.c b/lustre/llite/rw.c
index 785809d..3ebfab0 100644
--- a/lustre/llite/rw.c
+++ b/lustre/llite/rw.c
@@ -1628,6 +1628,8 @@ int ll_io_read_page(const struct lu_env *env, struct cl_io *io,
 	struct vvp_page           *vpg;
 	int			   rc = 0, rc2 = 0;
 	bool			   uptodate;
+	struct vvp_io *vio = vvp_env_io(env);
+	bool mmap = !vio->vui_ra_valid;
 	pgoff_t ra_start_index = 0;
 	pgoff_t io_start_index;
 	pgoff_t io_end_index;
@@ -1642,12 +1644,11 @@ int ll_io_read_page(const struct lu_env *env, struct cl_io *io,
 	uptodate = vpg->vpg_defer_uptodate;
 
 	if (ll_readahead_enabled(sbi) && !vpg->vpg_ra_updated && ras) {
-		struct vvp_io *vio = vvp_env_io(env);
 		enum ras_update_flags flags = 0;
 
 		if (uptodate)
 			flags |= LL_RAS_HIT;
-		if (!vio->vui_ra_valid)
+		if (mmap)
 			flags |= LL_RAS_MMAP;
 		ras_update(sbi, inode, ras, vvp_index(vpg), flags, io);
 	}
@@ -1665,9 +1666,16 @@ int ll_io_read_page(const struct lu_env *env, struct cl_io *io,
 		cl_2queue_add(queue, page, true);
 	}
 
-	io_start_index = cl_index(io->ci_obj, io->u.ci_rw.crw_pos);
-	io_end_index = cl_index(io->ci_obj, io->u.ci_rw.crw_pos +
-				io->u.ci_rw.crw_count - 1);
+	/* mmap does not set the ci_rw fields */
+	if (!mmap) {
+		io_start_index = cl_index(io->ci_obj, io->u.ci_rw.crw_pos);
+		io_end_index = cl_index(io->ci_obj, io->u.ci_rw.crw_pos +
+					io->u.ci_rw.crw_count - 1);
+	} else {
+		io_start_index = vvp_index(vpg);
+		io_end_index = vvp_index(vpg);
+	}
+
 	if (ll_readahead_enabled(sbi) && ras && !io->ci_rand_read) {
 		pgoff_t skip_index = 0;
 
-- 
1.8.3.1