From: Trond Myklebust trond.myklebust@hammerspace.com
[ Upstream commit ace149e0830c380ddfce7e466fe860ca502fe4ee ]
If the caller supplies an iocb->ki_pos value that is close to the filesystem upper limit, and an iterator with a count that causes us to overflow that limit, then filemap_read() enters an infinite loop.
This behaviour was discovered when testing xfstests generic/525 with the "localio" optimisation for loopback NFS mounts.
Reported-by: Mike Snitzer snitzer@kernel.org Fixes: c2a9737f45e2 ("vfs,mm: fix a dead loop in truncate_inode_pages_range()") Tested-by: Mike Snitzer snitzer@kernel.org Signed-off-by: Trond Myklebust trond.myklebust@hammerspace.com Signed-off-by: Linus Torvalds torvalds@linux-foundation.org (cherry picked from commit ace149e0830c380ddfce7e466fe860ca502fe4ee) [Harshit: Minor conflict resolved due to missing commit: 25d6a23e8d28 ("filemap: Convert filemap_get_read_batch() to use a folio_batch") in 5.15.y] Signed-off-by: Harshit Mogalapalli harshit.m.mogalapalli@oracle.com --- mm/filemap.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/mm/filemap.c b/mm/filemap.c index c71e86c12418..cc86c5a127b9 100644 --- a/mm/filemap.c +++ b/mm/filemap.c @@ -2617,7 +2617,7 @@ ssize_t filemap_read(struct kiocb *iocb, struct iov_iter *iter, if (unlikely(!iov_iter_count(iter))) return 0;
- iov_iter_truncate(iter, inode->i_sb->s_maxbytes); + iov_iter_truncate(iter, inode->i_sb->s_maxbytes - iocb->ki_pos); pagevec_init(&pvec);
do {