From: Linus Torvalds <torvalds@linux-foundation.org>
To: David Howells <dhowells@redhat.com>
Cc: Jakub Kicinski <kuba@kernel.org>,
netdev@vger.kernel.org, "David S. Miller" <davem@davemloft.net>,
Eric Dumazet <edumazet@google.com>,
Paolo Abeni <pabeni@redhat.com>,
Willem de Bruijn <willemdebruijn.kernel@gmail.com>,
David Ahern <dsahern@kernel.org>,
Matthew Wilcox <willy@infradead.org>,
Jens Axboe <axboe@kernel.dk>,
linux-mm@kvack.org, linux-kernel@vger.kernel.org,
Chuck Lever <chuck.lever@oracle.com>,
Boris Pismenny <borisp@nvidia.com>,
John Fastabend <john.fastabend@gmail.com>,
Christoph Hellwig <hch@infradead.org>
Subject: Re: Bug in short splice to socket?
Date: Fri, 2 Jun 2023 08:11:47 -0400 [thread overview]
Message-ID: <CAHk-=wgyAGUMHmQM-5Eb556z5xiHZB7cF05qjrtUH4F7P-1rSA@mail.gmail.com> (raw)
In-Reply-To: <1227123.1685706296@warthog.procyon.org.uk>
On Fri, Jun 2, 2023 at 7:45 AM David Howells <dhowells@redhat.com> wrote:
>
> Linus Torvalds <torvalds@linux-foundation.org> wrote:
>
> > Do what I already suggested: making SPLICE_F_MORE reflect reality.
>
> I'm trying to. I need MSG_MORE to behave sensibly for what I want.
But you need to stop doing these random hacks to fs/splice.c
The point is, you *CANNOT* make SPLICE_F_MORE reflect reality by
hacking fs/splice.c. Really. The generic layer DOES NOT KNOW, AND
FUNDAMENTALLY CANNOT KNOW if there is more data to be had.
So any of these random patches that try to add heuristics to
fs/splice.c will be rejected out of hand. They simply cannot be
correct.
And no, on the whole I do not believe you have to maintain some
selftest. A selftest failure is worrisome in that it clearly shows
that some behavior changed, but the situation here is
(a) the current behavior is arguably bad and buggy
(b) if we want to fix that bug, then the current behavior *will* change
Now, the only question then is whether the self-test actually tests
anything that user space actually depends on, or if it just tests some
random corner case.
So the self-test is certainly a ref flag, but not necessarily a very
meaningful one.
It shows that some user-visible change happened, which is always a big
danger flag, but after all that was the whole *point* of the whole
exercise. The fact that the self-test caught the change is good,
because it means we had test coverage, but when the behavior is
something we *want* to change, the test failure is not a problem in
itself.
So what I think you should do is to fix the bug right, with a clean
patch, and no crazy hacks. That is something we can then apply and
test. All the while knowing full well that "uhhuh, this is a visible
change, we may have to revert it".
If then some *real* load ends up showing a regression, we may just be
screwed. Our current behavior may be buggy, but we have the rule that
once user space depends on kernel bugs, they become features pretty
much by definition, however much we might dislike it.
At that point, we'll have to see what we can do - if anything.
Basically, what I think the SPLICE_F_MORE rules *should* be (and hey,
I may be missing something) is
1) if the user set that bit in the flags, then it's always true.
The user basically told us "I will supply more data even after the
splice has finished", so it doesn't matter if the kernel runs out of
data in the middle.
2) if the splice read side sees "I was asked for N bytes, but I could
only supply X bytes and I still have more to give", when we should set
SPLICE_F_MORE internally ("temporarily") for the next splice call.
This is basically the "kernel independently knows that there will
be more data" case.
3) In the end, this is all "best effort" and to some degree
inevitably a heuristic. We cannot see the future. We may hit that case
#2 and set the "there will be more data" bit, but then get a signal
and finish the splice system call before that more data actually
happens.
Now, presumably the user will then continue the partial splice
after handling the signal, so (3) is still "right", but obviously we
can't _know_ that.
A corollary to (3) is that the reader side may not always know if
there will be more data to be read. For a file source, it's fairly
clear (modulo the obvious caveats - files can be truncated etc etc).
For other splice sources, the "I still have more to give" may not be
as unambiguous. It is what it is.
Am I missing some important case? Considering that we clearly do *not*
do a great job at SPLICE_F_MORE right now, I'd really want the
situation to be either that we just make the code "ClearlyCorrect(tm)"
and simple, or we just leave it alone as "that's our odd behavior,
deal with it".
None of this "let's change this all to be even more complex, and
handle some particular special case the way I want" crap.
Do it right, or don't do it at all.
Linus
next prev parent reply other threads:[~2023-06-02 12:12 UTC|newest]
Thread overview: 69+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-05-24 15:32 [PATCH net-next 00/12] splice, net: Replace sendpage with sendmsg(MSG_SPLICE_PAGES), part 3 David Howells
2023-05-24 15:33 ` [PATCH net-next 01/12] mm: Move the page fragment allocator from page_alloc.c into its own file David Howells
2023-05-24 15:33 ` [PATCH net-next 02/12] mm: Provide a page_frag_cache allocator cleanup function David Howells
2023-05-24 15:33 ` David Howells
2023-05-24 15:33 ` [PATCH net-next 03/12] mm: Make the page_frag_cache allocator alignment param a pow-of-2 David Howells
2023-05-24 15:33 ` David Howells
2023-05-27 15:54 ` Alexander H Duyck
2023-05-27 15:54 ` Alexander H Duyck
2023-11-30 9:00 ` Yunsheng Lin
2023-11-30 9:00 ` Yunsheng Lin
2023-06-16 15:28 ` David Howells
2023-06-16 15:28 ` David Howells
2023-06-16 16:06 ` Alexander Duyck
2023-06-16 16:06 ` Alexander Duyck
2023-05-24 15:33 ` [PATCH net-next 04/12] mm: Make the page_frag_cache allocator use multipage folios David Howells
2023-05-24 15:33 ` David Howells
2023-05-26 11:56 ` Yunsheng Lin
2023-05-26 11:56 ` Yunsheng Lin
2023-05-27 15:47 ` Alexander H Duyck
2023-05-27 15:47 ` Alexander H Duyck
2023-06-06 8:25 ` David Howells
2023-06-06 8:25 ` David Howells
2023-06-06 14:59 ` Alexander Duyck
2023-06-06 14:59 ` Alexander Duyck
2023-05-26 12:47 ` David Howells
2023-05-26 12:47 ` David Howells
2023-05-26 14:06 ` Mika Penttilä
2023-05-26 14:06 ` Mika Penttilä
2023-05-27 0:50 ` Jakub Kicinski
2023-05-27 0:50 ` Jakub Kicinski
2023-05-24 15:33 ` [PATCH net-next 05/12] mm: Make the page_frag_cache allocator handle __GFP_ZERO itself David Howells
2023-05-24 15:33 ` David Howells
2023-05-27 0:57 ` Jakub Kicinski
2023-05-27 0:57 ` Jakub Kicinski
2023-05-27 15:54 ` Alexander Duyck
2023-05-27 15:54 ` Alexander Duyck
2023-05-24 15:33 ` [PATCH net-next 06/12] mm: Make the page_frag_cache allocator use per-cpu David Howells
2023-05-24 15:33 ` David Howells
2023-05-27 1:02 ` Jakub Kicinski
2023-05-27 1:02 ` Jakub Kicinski
2023-05-24 15:33 ` [PATCH net-next 07/12] net: Clean up users of netdev_alloc_cache and napi_frag_cache David Howells
2023-05-24 15:33 ` [PATCH net-next 08/12] net: Copy slab data for sendmsg(MSG_SPLICE_PAGES) David Howells
2023-05-24 15:33 ` [PATCH net-next 09/12] tls/sw: Support MSG_SPLICE_PAGES David Howells
2023-05-27 1:08 ` Jakub Kicinski
2023-05-30 22:26 ` Bug in short splice to socket? David Howells
2023-05-31 0:32 ` Jakub Kicinski
2023-06-01 11:01 ` David Laight
2023-06-01 13:09 ` Linus Torvalds
2023-06-01 13:19 ` Linus Torvalds
2023-06-01 14:34 ` David Howells
2023-06-01 15:12 ` Linus Torvalds
2023-06-05 11:03 ` David Laight
2023-06-05 15:52 ` David Howells
2023-06-01 17:14 ` David Howells
2023-06-02 4:20 ` Jakub Kicinski
2023-06-02 8:23 ` David Howells
2023-06-02 11:28 ` Linus Torvalds
2023-06-02 11:44 ` David Howells
2023-06-02 12:11 ` Linus Torvalds [this message]
2023-06-02 16:39 ` Jakub Kicinski
2023-06-02 16:53 ` Linus Torvalds
2023-06-02 17:05 ` Linus Torvalds
2023-06-02 17:38 ` Jakub Kicinski
2023-06-02 20:38 ` David Howells
2023-06-02 20:50 ` David Howells
2023-05-24 15:33 ` [PATCH net-next 10/12] tls/sw: Convert tls_sw_sendpage() to use MSG_SPLICE_PAGES David Howells
2023-05-27 1:13 ` Jakub Kicinski
2023-05-24 15:33 ` [PATCH net-next 11/12] tls/device: Support MSG_SPLICE_PAGES David Howells
2023-05-24 15:33 ` [PATCH net-next 12/12] tls/device: Convert tls_device_sendpage() to use MSG_SPLICE_PAGES David Howells
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAHk-=wgyAGUMHmQM-5Eb556z5xiHZB7cF05qjrtUH4F7P-1rSA@mail.gmail.com' \
--to=torvalds@linux-foundation.org \
--cc=axboe@kernel.dk \
--cc=borisp@nvidia.com \
--cc=chuck.lever@oracle.com \
--cc=davem@davemloft.net \
--cc=dhowells@redhat.com \
--cc=dsahern@kernel.org \
--cc=edumazet@google.com \
--cc=hch@infradead.org \
--cc=john.fastabend@gmail.com \
--cc=kuba@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=willemdebruijn.kernel@gmail.com \
--cc=willy@infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.