LU-15637 llite: Fix use of uninitialized fields

We use data from ci_rw to set io_start_index and
io_end_index, which is a problem for mmap because mmap does
not use ci_rw.

When ci_rand_read is set or readahead is disabled, we use
these values to decide how much data to read.

ci_rw is uninitialized, and if the values are non-zero,
we may try to read data beyond the locks we took for our
I/O.

If there is no lock (either because there was never one or
it was cancelled), this results in an LBUG in
osc_req_attr_set when it verifies the pages are covered by
a lock.

Signed-off-by: Patrick Farrell <pfarrell@whamcloud.com>
Change-Id: If7c8d2eb87a28bf76a6f959e7be7bf636c887cfe
Reviewed-on: https://review.whamcloud.com/46776
Tested-by: jenkins <devops@whamcloud.com>
Reviewed-by: Yang Sheng <ys@whamcloud.com>
Reviewed-by: Andreas Dilger <adilger@whamcloud.com>
Tested-by: Maloo <maloo@whamcloud.com>
Reviewed-by: Oleg Drokin <green@whamcloud.com>

diff --git a/lustre/llite/rw.c b/lustre/llite/rw.c
index 785809d..3ebfab0 100644 (file)
--- a/lustre/llite/rw.c
+++ b/lustre/llite/rw.c
@@ -1628,6 +1628,8 @@ int ll_io_read_page(const struct lu_env *env, struct cl_io *io,
        struct vvp_page           *vpg;
        int                        rc = 0, rc2 = 0;
        bool                       uptodate;
+       struct vvp_io *vio = vvp_env_io(env);
+       bool mmap = !vio->vui_ra_valid;
        pgoff_t ra_start_index = 0;
        pgoff_t io_start_index;
        pgoff_t io_end_index;
@@ -1642,12 +1644,11 @@ int ll_io_read_page(const struct lu_env *env, struct cl_io *io,
        uptodate = vpg->vpg_defer_uptodate;
 
        if (ll_readahead_enabled(sbi) && !vpg->vpg_ra_updated && ras) {
-               struct vvp_io *vio = vvp_env_io(env);
                enum ras_update_flags flags = 0;
 
                if (uptodate)
                        flags |= LL_RAS_HIT;
-               if (!vio->vui_ra_valid)
+               if (mmap)
                        flags |= LL_RAS_MMAP;
                ras_update(sbi, inode, ras, vvp_index(vpg), flags, io);
        }
@@ -1665,9 +1666,16 @@ int ll_io_read_page(const struct lu_env *env, struct cl_io *io,
                cl_2queue_add(queue, page, true);
        }
 
-       io_start_index = cl_index(io->ci_obj, io->u.ci_rw.crw_pos);
-       io_end_index = cl_index(io->ci_obj, io->u.ci_rw.crw_pos +
-                               io->u.ci_rw.crw_count - 1);
+       /* mmap does not set the ci_rw fields */
+       if (!mmap) {
+               io_start_index = cl_index(io->ci_obj, io->u.ci_rw.crw_pos);
+               io_end_index = cl_index(io->ci_obj, io->u.ci_rw.crw_pos +
+                                       io->u.ci_rw.crw_count - 1);
+       } else {
+               io_start_index = vvp_index(vpg);
+               io_end_index = vvp_index(vpg);
+       }
+
        if (ll_readahead_enabled(sbi) && ras && !io->ci_rand_read) {
                pgoff_t skip_index = 0;