From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753268AbdDJXsd (ORCPT ); Mon, 10 Apr 2017 19:48:33 -0400 Received: from scorn.kernelslacker.org ([45.56.101.199]:35646 "EHLO scorn.kernelslacker.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751710AbdDJXsc (ORCPT ); Mon, 10 Apr 2017 19:48:32 -0400 Date: Mon, 10 Apr 2017 19:48:30 -0400 From: Dave Jones To: Al Viro Cc: Linux Kernel Subject: Re: iov_iter_pipe warning. Message-ID: <20170410234830.tmqdhpjtfdveor3c@codemonkey.org.uk> Mail-Followup-To: Dave Jones , Al Viro , Linux Kernel References: <20170321205901.mojmjd2fxmykq3df@codemonkey.org.uk> <20170410192800.GC29622@ZenIV.linux.org.uk> <20170410194206.loesu5licstif7or@codemonkey.org.uk> <20170410195711.GD29622@ZenIV.linux.org.uk> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20170410195711.GD29622@ZenIV.linux.org.uk> User-Agent: NeoMutt/20170306 (1.8.0) X-Spam-Note: SpamAssassin invocation failed Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Apr 10, 2017 at 08:57:11PM +0100, Al Viro wrote: > On Mon, Apr 10, 2017 at 03:42:06PM -0400, Dave Jones wrote: > > > Do you have a reliable reproducer? > > > > Not reliable, but I'll see if I can find some time to narrow it down > > this week. I've been working on better logging of "wtf just happened" > > the last few weeks, so it should get easier once I finish that work. > > I would suggest > a) slapping WARN_ON(pipe->nr_bufs); right before the loop > in splice_direct_to_actor(). Internal pipe should be empty when we > enter this function. > b) the same WARN_ON() in the very end of the loop body. > > We should have started with empty pipe. We'd called ->splice_read() > and it had returned a positive number (in read_len). That should be > the amount we'd pushed in there. Then we call actor(), with > sd->total_len set to read_len. Its return value is > * positive (or we would've buggered off) > * no less than read_len (ditto) > so it should have drained the pipe entirely, leaving it empty again. > > Finding it not just non-empty, but full means that something's very > wrong. The actor here is essentially ->splice_write(), and I'm really > curious which file is the target. Actually, could you turn those > WARN_ON() into > if (WARN_ON(pipe->nr_bufs)) > printk(KERN_ERR "->splice_write = %p", > sd->u.file->f_op->splice_write); > and see which function it is? s/nr_bufs/nrbufs/ aside, I tried this, and it didn't trigger, even though I hit the iov_iter_pipe WARN again. Dave