Fix readahead semantics on pipes and sockets (rhbz 1078894)

kernel.spec

@@ -809,6 +809,9 @@ Patch25044: iwlwifi-dvm-take-mutex-when-sending-SYNC-BT-config-command.patch
 #CVE-2014-2523 rhbz 1077343 1077350
 Patch25045: netfilter-nf_conntrack_dccp-fix-skb_header_pointer-A.patch
 
+#rhbz 1078894
+Patch25046: mm-readahead.c-fix-do_readahead-for-no-readpage-s.patch
+
 # END OF PATCH DEFINITIONS
 
 %endif
@@ -1564,6 +1567,9 @@ ApplyPatch iwlwifi-dvm-take-mutex-when-sending-SYNC-BT-config-command.patch
 #CVE-2014-2523 rhbz 1077343 1077350
 ApplyPatch netfilter-nf_conntrack_dccp-fix-skb_header_pointer-A.patch
 
+#rhbz 1078894
+ApplyPatch mm-readahead.c-fix-do_readahead-for-no-readpage-s.patch
+
 # END OF PATCH APPLICATIONS
 
 %endif
@@ -2376,6 +2382,9 @@ fi
 # and build.
 
 %changelog
+* Thu Mar 20 2014 Josh Boyer <jwboyer@fedoraproject.org>
+- Fix readahead semantics on pipes and sockets (rhbz 1078894)
+
 * Mon Mar 17 2014 Josh Boyer <jwboyer@fedoraproject.org>
 - CVE-2014-2523 netfilter: nf_conntrack_dccp: incorrect skb_header_pointer API usages (rhbz 1077343 1077350)
 

mm-readahead.c-fix-do_readahead-for-no-readpage-s.patch

@@ -0,0 +1,78 @@
+Bugzilla: 1078894
+Upstream: 3.14 and sent to stable for 3.13.7
+
+From 58d5640ebdb273cc817b0d0cda7bcf2efbbc2ff7 Mon Sep 17 00:00:00 2001
+From: Mark Rutland <mark.rutland@arm.com>
+Date: Wed, 29 Jan 2014 14:05:51 -0800
+Subject: [PATCH] mm/readahead.c: fix do_readahead() for no readpage(s)
+
+Commit 63d0f0a3c7e1 ("mm/readahead.c:do_readhead(): don't check for
+->readpage") unintentionally made do_readahead return 0 for all valid
+files regardless of whether readahead was supported, rather than the
+expected -EINVAL.  This gets forwarded on to userspace, and results in
+sys_readahead appearing to succeed in cases that don't make sense (e.g.
+when called on pipes or sockets).  This issue is detected by the LTP
+readahead01 testcase.
+
+As the exact return value of force_page_cache_readahead is currently
+never used, we can simplify it to return only 0 or -EINVAL (when
+readpage or readpages is missing).  With that in place we can simply
+forward on the return value of force_page_cache_readahead in
+do_readahead.
+
+This patch performs said change, restoring the expected semantics.
+
+Signed-off-by: Mark Rutland <mark.rutland@arm.com>
+Acked-by: Kirill A. Shutemov <kirill.shutemov@linux.intel.com>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+---
+ mm/readahead.c | 15 +++++----------
+ 1 file changed, 5 insertions(+), 10 deletions(-)
+
+diff --git a/mm/readahead.c b/mm/readahead.c
+index 7cdbb44..0de2360 100644
+--- a/mm/readahead.c
++++ b/mm/readahead.c
+@@ -211,8 +211,6 @@ out:
+ int force_page_cache_readahead(struct address_space *mapping, struct file *filp,
+ 		pgoff_t offset, unsigned long nr_to_read)
+ {
+-	int ret = 0;
+-
+ 	if (unlikely(!mapping->a_ops->readpage && !mapping->a_ops->readpages))
+ 		return -EINVAL;
+ 
+@@ -226,15 +224,13 @@ int force_page_cache_readahead(struct address_space *mapping, struct file *filp,
+ 			this_chunk = nr_to_read;
+ 		err = __do_page_cache_readahead(mapping, filp,
+ 						offset, this_chunk, 0);
+-		if (err < 0) {
+-			ret = err;
+-			break;
+-		}
+-		ret += err;
++		if (err < 0)
++			return err;
++
+ 		offset += this_chunk;
+ 		nr_to_read -= this_chunk;
+ 	}
+-	return ret;
++	return 0;
+ }
+ 
+ /*
+@@ -576,8 +572,7 @@ do_readahead(struct address_space *mapping, struct file *filp,
+ 	if (!mapping || !mapping->a_ops)
+ 		return -EINVAL;
+ 
+-	force_page_cache_readahead(mapping, filp, index, nr);
+-	return 0;
++	return force_page_cache_readahead(mapping, filp, index, nr);
+ }
+ 
+ SYSCALL_DEFINE3(readahead, int, fd, loff_t, offset, size_t, count)
+-- 
+1.8.5.3
+