From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-3.8 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 52BEDC433B4 for ; Fri, 7 May 2021 19:18:03 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 2480C6135A for ; Fri, 7 May 2021 19:18:03 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229670AbhEGTTC (ORCPT ); Fri, 7 May 2021 15:19:02 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35640 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229542AbhEGTTB (ORCPT ); Fri, 7 May 2021 15:19:01 -0400 Received: from zeniv-ca.linux.org.uk (zeniv-ca.linux.org.uk [IPv6:2607:5300:60:148a::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8FAEDC061574; Fri, 7 May 2021 12:18:01 -0700 (PDT) Received: from viro by zeniv-ca.linux.org.uk with local (Exim 4.94 #2 (Red Hat Linux)) id 1lf5yy-00CMNR-Ra; Fri, 07 May 2021 19:17:52 +0000 Date: Fri, 7 May 2021 19:17:52 +0000 From: Al Viro To: Linus Torvalds Cc: Kees Cook , Colin Ian King , Christoph Hellwig , Johannes Berg , linux-fsdevel , LKML Subject: Re: splice() from /dev/zero to a pipe does not work (5.9+) Message-ID: References: <2add1129-d42e-176d-353d-3aca21280ead@canonical.com> <202105071116.638258236E@keescook> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Sender: Al Viro Precedence: bulk List-ID: X-Mailing-List: linux-fsdevel@vger.kernel.org On Fri, May 07, 2021 at 12:06:31PM -0700, Linus Torvalds wrote: > That said - looking at the current 'pipe_zero()', it uses > 'push_pipe()' to actually allocation regular pages, and then clear > them. > > Which is basically what a generic_file_splice_read() would do, and it > feels incredibly pointless and stupid to me. > > I *think* we should be able to just do something like > > len = size; > while (len > 0) { > struct pipe_buffer *buf; > unsigned int tail = pipe->tail; > unsigned int head = pipe->head; > unsigned int mask = pipe->ring_size - 1; > > if (pipe_full(head, tail, pipe->max_usage)) > break; > buf = &pipe->bufs[iter_head & p_mask]; > buf->ops = &zero_pipe_buf_ops; > buf->page = ZERO_PAGE(0); > buf->offset = 0; > buf->len = min_t(ssize_t, len, PAGE_SIZE); > len -= buf->len; > pipe->head = head+1; > } > return size - len; > > but honestly, I haven't thought a lot about it. > > Al? This is another of those "right up your alley" things. Umm... That would do wonders to anything that used to do copy_to_user()/clear_user()/copy_to_user() and got converted to copy_to_iter()/iov_iter_zero()/copy_to_iter()... Are you sure we can shove zero page into pipe, anyway? IIRC, get_page()/put_page() on that is not allowed, and I'm not at all sure that nothing in e.g. fuse splice-related logics would go ahead an do just that. Or am I confused about the page refcounting for those?