* [PATCH]: splice fix opipe_prep() full check
@ 2020-05-21 0:42 Jens Axboe
2020-05-21 0:58 ` Jens Axboe
0 siblings, 1 reply; 2+ messages in thread
From: Jens Axboe @ 2020-05-21 0:42 UTC (permalink / raw)
To: David Howells; +Cc: linux-kernel
The patch converting pipes to head and tail pointers mistakenly
turned the splice pipe-to-pipe opipe check into something
nonsensical. It's supposed to check if we have room in the pipe,
and return success if we do. If not, wait for room in the pipe.
Instead it's now returning success for a full pipe, and entering
the slow path for a non-full pipe.
Cc: stable@vger.kernel.org
Fixes: 8cefc107ca54 ("pipe: Use head and tail pointers for the ring, not cursor and length")
Signed-off-by: Jens Axboe <axboe@kernel.dk>
---
I didn't check if the offending commit had other logical fumbles.
diff --git a/fs/splice.c b/fs/splice.c
index fd0a1e7e5959..4e53efbd621d 100644
--- a/fs/splice.c
+++ b/fs/splice.c
@@ -1494,7 +1494,7 @@ static int opipe_prep(struct pipe_inode_info *pipe, unsigned int flags)
* Check pipe occupancy without the inode lock first. This function
* is speculative anyways, so missing one is ok.
*/
- if (pipe_full(pipe->head, pipe->tail, pipe->max_usage))
+ if (!pipe_full(pipe->head, pipe->tail, pipe->max_usage))
return 0;
ret = 0;
--
Jens Axboe
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH]: splice fix opipe_prep() full check
2020-05-21 0:42 [PATCH]: splice fix opipe_prep() full check Jens Axboe
@ 2020-05-21 0:58 ` Jens Axboe
0 siblings, 0 replies; 2+ messages in thread
From: Jens Axboe @ 2020-05-21 0:58 UTC (permalink / raw)
To: David Howells; +Cc: linux-kernel, Linus Torvalds
On 5/20/20 6:42 PM, Jens Axboe wrote:
> The patch converting pipes to head and tail pointers mistakenly
> turned the splice pipe-to-pipe opipe check into something
> nonsensical. It's supposed to check if we have room in the pipe,
> and return success if we do. If not, wait for room in the pipe.
> Instead it's now returning success for a full pipe, and entering
> the slow path for a non-full pipe.
Forgot to CC Linus - Linus, could you pick this up, or do you want
me to queue it up. Moving to 5.6 internally at FB triggers this
pretty easily, causing a hard hang as we'll get stuck in an infinite
busy loop in splice_pipe_to_pipe().
>
> Cc: stable@vger.kernel.org
> Fixes: 8cefc107ca54 ("pipe: Use head and tail pointers for the ring, not cursor and length")
> Signed-off-by: Jens Axboe <axboe@kernel.dk>
>
> ---
>
> I didn't check if the offending commit had other logical fumbles.
>
> diff --git a/fs/splice.c b/fs/splice.c
> index fd0a1e7e5959..4e53efbd621d 100644
> --- a/fs/splice.c
> +++ b/fs/splice.c
> @@ -1494,7 +1494,7 @@ static int opipe_prep(struct pipe_inode_info *pipe, unsigned int flags)
> * Check pipe occupancy without the inode lock first. This function
> * is speculative anyways, so missing one is ok.
> */
> - if (pipe_full(pipe->head, pipe->tail, pipe->max_usage))
> + if (!pipe_full(pipe->head, pipe->tail, pipe->max_usage))
> return 0;
>
> ret = 0;
>
--
Jens Axboe
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2020-05-21 0:58 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-05-21 0:42 [PATCH]: splice fix opipe_prep() full check Jens Axboe
2020-05-21 0:58 ` Jens Axboe
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).