* [PATCH v3] splice: only read in as much information as there is pipe buffer space
@ 2019-10-14 22:09 Darrick J. Wong
2019-10-15 11:31 ` Andreas Grünbacher
` (2 more replies)
0 siblings, 3 replies; 6+ messages in thread
From: Darrick J. Wong @ 2019-10-14 22:09 UTC (permalink / raw)
To: Alexander Viro
Cc: Andreas Gruenbacher, Rasmus Villemoes, linux-fsdevel, Bob Peterson
From: Darrick J. Wong <darrick.wong@oracle.com>
Andreas Grünbacher reports that on the two filesystems that support
iomap directio, it's possible for splice() to return -EAGAIN (instead of
a short splice) if the pipe being written to has less space available in
its pipe buffers than the length supplied by the calling process.
Months ago we fixed splice_direct_to_actor to clamp the length of the
read request to the size of the splice pipe. Do the same to do_splice.
Fixes: 17614445576b6 ("splice: don't read more than available pipe space")
Reported-by: syzbot+3c01db6025f26530cf8d@syzkaller.appspotmail.com
Reported-by: Andreas Grünbacher <andreas.gruenbacher@gmail.com>
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
---
fs/splice.c | 14 +++++++++++---
1 file changed, 11 insertions(+), 3 deletions(-)
diff --git a/fs/splice.c b/fs/splice.c
index 98412721f056..e509239d7e06 100644
--- a/fs/splice.c
+++ b/fs/splice.c
@@ -945,12 +945,13 @@ ssize_t splice_direct_to_actor(struct file *in, struct splice_desc *sd,
WARN_ON_ONCE(pipe->nrbufs != 0);
while (len) {
+ unsigned int pipe_pages;
size_t read_len;
loff_t pos = sd->pos, prev_pos = pos;
/* Don't try to read more the pipe has space for. */
- read_len = min_t(size_t, len,
- (pipe->buffers - pipe->nrbufs) << PAGE_SHIFT);
+ pipe_pages = pipe->buffers - pipe->nrbufs;
+ read_len = min(len, (size_t)pipe_pages << PAGE_SHIFT);
ret = do_splice_to(in, &pos, pipe, read_len, flags);
if (unlikely(ret <= 0))
goto out_release;
@@ -1180,8 +1181,15 @@ static long do_splice(struct file *in, loff_t __user *off_in,
pipe_lock(opipe);
ret = wait_for_space(opipe, flags);
- if (!ret)
+ if (!ret) {
+ unsigned int pipe_pages;
+
+ /* Don't try to read more the pipe has space for. */
+ pipe_pages = opipe->buffers - opipe->nrbufs;
+ len = min(len, (size_t)pipe_pages << PAGE_SHIFT);
+
ret = do_splice_to(in, &offset, opipe, len, flags);
+ }
pipe_unlock(opipe);
if (ret > 0)
wakeup_pipe_readers(opipe);
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH v3] splice: only read in as much information as there is pipe buffer space
2019-10-14 22:09 [PATCH v3] splice: only read in as much information as there is pipe buffer space Darrick J. Wong
@ 2019-10-15 11:31 ` Andreas Grünbacher
2019-10-16 3:12 ` Dave Chinner
2019-10-16 18:45 ` Eric Biggers
2 siblings, 0 replies; 6+ messages in thread
From: Andreas Grünbacher @ 2019-10-15 11:31 UTC (permalink / raw)
To: Darrick J. Wong
Cc: Alexander Viro, Andreas Gruenbacher, Rasmus Villemoes,
linux-fsdevel, Bob Peterson
Hi Darrick,
Am Di., 15. Okt. 2019 um 07:33 Uhr schrieb Darrick J. Wong
<darrick.wong@oracle.com>:
> From: Darrick J. Wong <darrick.wong@oracle.com>
>
> Andreas Grünbacher reports that on the two filesystems that support
> iomap directio, it's possible for splice() to return -EAGAIN (instead of
> a short splice) if the pipe being written to has less space available in
> its pipe buffers than the length supplied by the calling process.
>
> Months ago we fixed splice_direct_to_actor to clamp the length of the
> read request to the size of the splice pipe. Do the same to do_splice.
>
> Fixes: 17614445576b6 ("splice: don't read more than available pipe space")
> Reported-by: syzbot+3c01db6025f26530cf8d@syzkaller.appspotmail.com
> Reported-by: Andreas Grünbacher <andreas.gruenbacher@gmail.com>
> Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
I've done some minimal testing on top of 5.4-rc3. This patch fixes the
splice issue and also passes the syzbot reproducer. I'll add it to the
set of patches I regularly run fstests on now, but we already know
fstests doesn't cover splice in the greatest depth possible, so that's
unlikely to reveal anything new.
Thanks,
Andreas
> ---
> fs/splice.c | 14 +++++++++++---
> 1 file changed, 11 insertions(+), 3 deletions(-)
>
> diff --git a/fs/splice.c b/fs/splice.c
> index 98412721f056..e509239d7e06 100644
> --- a/fs/splice.c
> +++ b/fs/splice.c
> @@ -945,12 +945,13 @@ ssize_t splice_direct_to_actor(struct file *in, struct splice_desc *sd,
> WARN_ON_ONCE(pipe->nrbufs != 0);
>
> while (len) {
> + unsigned int pipe_pages;
> size_t read_len;
> loff_t pos = sd->pos, prev_pos = pos;
>
> /* Don't try to read more the pipe has space for. */
> - read_len = min_t(size_t, len,
> - (pipe->buffers - pipe->nrbufs) << PAGE_SHIFT);
> + pipe_pages = pipe->buffers - pipe->nrbufs;
> + read_len = min(len, (size_t)pipe_pages << PAGE_SHIFT);
> ret = do_splice_to(in, &pos, pipe, read_len, flags);
> if (unlikely(ret <= 0))
> goto out_release;
> @@ -1180,8 +1181,15 @@ static long do_splice(struct file *in, loff_t __user *off_in,
>
> pipe_lock(opipe);
> ret = wait_for_space(opipe, flags);
> - if (!ret)
> + if (!ret) {
> + unsigned int pipe_pages;
> +
> + /* Don't try to read more the pipe has space for. */
> + pipe_pages = opipe->buffers - opipe->nrbufs;
> + len = min(len, (size_t)pipe_pages << PAGE_SHIFT);
> +
> ret = do_splice_to(in, &offset, opipe, len, flags);
> + }
> pipe_unlock(opipe);
> if (ret > 0)
> wakeup_pipe_readers(opipe);
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH v3] splice: only read in as much information as there is pipe buffer space
2019-10-14 22:09 [PATCH v3] splice: only read in as much information as there is pipe buffer space Darrick J. Wong
2019-10-15 11:31 ` Andreas Grünbacher
@ 2019-10-16 3:12 ` Dave Chinner
2019-10-16 18:54 ` Darrick J. Wong
2019-10-16 18:45 ` Eric Biggers
2 siblings, 1 reply; 6+ messages in thread
From: Dave Chinner @ 2019-10-16 3:12 UTC (permalink / raw)
To: Darrick J. Wong
Cc: Alexander Viro, Andreas Gruenbacher, Rasmus Villemoes,
linux-fsdevel, Bob Peterson
On Mon, Oct 14, 2019 at 03:09:40PM -0700, Darrick J. Wong wrote:
> From: Darrick J. Wong <darrick.wong@oracle.com>
>
> Andreas Grünbacher reports that on the two filesystems that support
> iomap directio, it's possible for splice() to return -EAGAIN (instead of
> a short splice) if the pipe being written to has less space available in
> its pipe buffers than the length supplied by the calling process.
>
> Months ago we fixed splice_direct_to_actor to clamp the length of the
> read request to the size of the splice pipe. Do the same to do_splice.
>
> Fixes: 17614445576b6 ("splice: don't read more than available pipe space")
> Reported-by: syzbot+3c01db6025f26530cf8d@syzkaller.appspotmail.com
> Reported-by: Andreas Grünbacher <andreas.gruenbacher@gmail.com>
> Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
> ---
> fs/splice.c | 14 +++++++++++---
> 1 file changed, 11 insertions(+), 3 deletions(-)
>
> diff --git a/fs/splice.c b/fs/splice.c
> index 98412721f056..e509239d7e06 100644
> --- a/fs/splice.c
> +++ b/fs/splice.c
> @@ -945,12 +945,13 @@ ssize_t splice_direct_to_actor(struct file *in, struct splice_desc *sd,
> WARN_ON_ONCE(pipe->nrbufs != 0);
>
> while (len) {
> + unsigned int pipe_pages;
define this as a size_t...
> size_t read_len;
> loff_t pos = sd->pos, prev_pos = pos;
>
> /* Don't try to read more the pipe has space for. */
> - read_len = min_t(size_t, len,
> - (pipe->buffers - pipe->nrbufs) << PAGE_SHIFT);
> + pipe_pages = pipe->buffers - pipe->nrbufs;
> + read_len = min(len, (size_t)pipe_pages << PAGE_SHIFT);
read_len = min_t(size_t, len, pipe_pages << PAGER_SHIFT);
> ret = do_splice_to(in, &pos, pipe, read_len, flags);
> if (unlikely(ret <= 0))
> goto out_release;
> @@ -1180,8 +1181,15 @@ static long do_splice(struct file *in, loff_t __user *off_in,
>
> pipe_lock(opipe);
> ret = wait_for_space(opipe, flags);
> - if (!ret)
> + if (!ret) {
> + unsigned int pipe_pages;
> +
> + /* Don't try to read more the pipe has space for. */
> + pipe_pages = opipe->buffers - opipe->nrbufs;
> + len = min(len, (size_t)pipe_pages << PAGE_SHIFT);
And same here...
Cheers,
Dave.
--
Dave Chinner
david@fromorbit.com
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH v3] splice: only read in as much information as there is pipe buffer space
2019-10-14 22:09 [PATCH v3] splice: only read in as much information as there is pipe buffer space Darrick J. Wong
2019-10-15 11:31 ` Andreas Grünbacher
2019-10-16 3:12 ` Dave Chinner
@ 2019-10-16 18:45 ` Eric Biggers
2019-10-16 18:52 ` Darrick J. Wong
2 siblings, 1 reply; 6+ messages in thread
From: Eric Biggers @ 2019-10-16 18:45 UTC (permalink / raw)
To: Darrick J. Wong
Cc: Alexander Viro, Andreas Gruenbacher, Rasmus Villemoes,
linux-fsdevel, Bob Peterson
On Mon, Oct 14, 2019 at 03:09:40PM -0700, Darrick J. Wong wrote:
> From: Darrick J. Wong <darrick.wong@oracle.com>
>
> Andreas Grünbacher reports that on the two filesystems that support
> iomap directio, it's possible for splice() to return -EAGAIN (instead of
> a short splice) if the pipe being written to has less space available in
> its pipe buffers than the length supplied by the calling process.
>
> Months ago we fixed splice_direct_to_actor to clamp the length of the
> read request to the size of the splice pipe. Do the same to do_splice.
>
> Fixes: 17614445576b6 ("splice: don't read more than available pipe space")
> Reported-by: syzbot+3c01db6025f26530cf8d@syzkaller.appspotmail.com
I already invalidated this syzbot report when the previous version of this patch
was dropped, as that was what the report appeared to be for. So you don't need
this Reported-by line. It's not a big deal, but including it could mislead
people into thinking that syzbot found a problem with the commit in the Fixes:
line, rather than a prior version of this patch.
- Eric
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH v3] splice: only read in as much information as there is pipe buffer space
2019-10-16 18:45 ` Eric Biggers
@ 2019-10-16 18:52 ` Darrick J. Wong
0 siblings, 0 replies; 6+ messages in thread
From: Darrick J. Wong @ 2019-10-16 18:52 UTC (permalink / raw)
To: Alexander Viro, Andreas Gruenbacher, Rasmus Villemoes,
linux-fsdevel, Bob Peterson
On Wed, Oct 16, 2019 at 11:45:49AM -0700, Eric Biggers wrote:
> On Mon, Oct 14, 2019 at 03:09:40PM -0700, Darrick J. Wong wrote:
> > From: Darrick J. Wong <darrick.wong@oracle.com>
> >
> > Andreas Grünbacher reports that on the two filesystems that support
> > iomap directio, it's possible for splice() to return -EAGAIN (instead of
> > a short splice) if the pipe being written to has less space available in
> > its pipe buffers than the length supplied by the calling process.
> >
> > Months ago we fixed splice_direct_to_actor to clamp the length of the
> > read request to the size of the splice pipe. Do the same to do_splice.
> >
> > Fixes: 17614445576b6 ("splice: don't read more than available pipe space")
> > Reported-by: syzbot+3c01db6025f26530cf8d@syzkaller.appspotmail.com
>
> I already invalidated this syzbot report when the previous version of this patch
> was dropped, as that was what the report appeared to be for. So you don't need
> this Reported-by line. It's not a big deal, but including it could mislead
> people into thinking that syzbot found a problem with the commit in the Fixes:
> line, rather than a prior version of this patch.
Ok, will drop for v4. Thanks for taking care of the report.
--D
> - Eric
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH v3] splice: only read in as much information as there is pipe buffer space
2019-10-16 3:12 ` Dave Chinner
@ 2019-10-16 18:54 ` Darrick J. Wong
0 siblings, 0 replies; 6+ messages in thread
From: Darrick J. Wong @ 2019-10-16 18:54 UTC (permalink / raw)
To: Dave Chinner
Cc: Alexander Viro, Andreas Gruenbacher, Rasmus Villemoes,
linux-fsdevel, Bob Peterson
On Wed, Oct 16, 2019 at 02:12:59PM +1100, Dave Chinner wrote:
> On Mon, Oct 14, 2019 at 03:09:40PM -0700, Darrick J. Wong wrote:
> > From: Darrick J. Wong <darrick.wong@oracle.com>
> >
> > Andreas Grünbacher reports that on the two filesystems that support
> > iomap directio, it's possible for splice() to return -EAGAIN (instead of
> > a short splice) if the pipe being written to has less space available in
> > its pipe buffers than the length supplied by the calling process.
> >
> > Months ago we fixed splice_direct_to_actor to clamp the length of the
> > read request to the size of the splice pipe. Do the same to do_splice.
> >
> > Fixes: 17614445576b6 ("splice: don't read more than available pipe space")
> > Reported-by: syzbot+3c01db6025f26530cf8d@syzkaller.appspotmail.com
> > Reported-by: Andreas Grünbacher <andreas.gruenbacher@gmail.com>
> > Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
> > ---
> > fs/splice.c | 14 +++++++++++---
> > 1 file changed, 11 insertions(+), 3 deletions(-)
> >
> > diff --git a/fs/splice.c b/fs/splice.c
> > index 98412721f056..e509239d7e06 100644
> > --- a/fs/splice.c
> > +++ b/fs/splice.c
> > @@ -945,12 +945,13 @@ ssize_t splice_direct_to_actor(struct file *in, struct splice_desc *sd,
> > WARN_ON_ONCE(pipe->nrbufs != 0);
> >
> > while (len) {
> > + unsigned int pipe_pages;
>
> define this as a size_t...
>
> > size_t read_len;
> > loff_t pos = sd->pos, prev_pos = pos;
> >
> > /* Don't try to read more the pipe has space for. */
> > - read_len = min_t(size_t, len,
> > - (pipe->buffers - pipe->nrbufs) << PAGE_SHIFT);
> > + pipe_pages = pipe->buffers - pipe->nrbufs;
> > + read_len = min(len, (size_t)pipe_pages << PAGE_SHIFT);
>
> read_len = min_t(size_t, len, pipe_pages << PAGER_SHIFT);
If we make pipe_pages have type size_t then we don't need min_t here,
right? Since len and read_len are already size_t.
--D
> > ret = do_splice_to(in, &pos, pipe, read_len, flags);
> > if (unlikely(ret <= 0))
> > goto out_release;
> > @@ -1180,8 +1181,15 @@ static long do_splice(struct file *in, loff_t __user *off_in,
> >
> > pipe_lock(opipe);
> > ret = wait_for_space(opipe, flags);
> > - if (!ret)
> > + if (!ret) {
> > + unsigned int pipe_pages;
> > +
> > + /* Don't try to read more the pipe has space for. */
> > + pipe_pages = opipe->buffers - opipe->nrbufs;
> > + len = min(len, (size_t)pipe_pages << PAGE_SHIFT);
>
> And same here...
>
> Cheers,
>
> Dave.
>
> --
> Dave Chinner
> david@fromorbit.com
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2019-10-16 18:55 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-10-14 22:09 [PATCH v3] splice: only read in as much information as there is pipe buffer space Darrick J. Wong
2019-10-15 11:31 ` Andreas Grünbacher
2019-10-16 3:12 ` Dave Chinner
2019-10-16 18:54 ` Darrick J. Wong
2019-10-16 18:45 ` Eric Biggers
2019-10-16 18:52 ` Darrick J. Wong
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.