lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <200807312259.43402.nickpiggin@yahoo.com.au>
Date:	Thu, 31 Jul 2008 22:59:43 +1000
From:	Nick Piggin <nickpiggin@...oo.com.au>
To:	Miklos Szeredi <miklos@...redi.hu>
Cc:	jens.axboe@...cle.com, akpm@...ux-foundation.org,
	torvalds@...ux-foundation.org, linux-fsdevel@...r.kernel.org,
	linux-kernel@...r.kernel.org, linux-mm@...ck.org
Subject: Re: [patch v3] splice: fix race with page invalidation

On Wednesday 30 July 2008 19:43, Miklos Szeredi wrote:
> Jens,
>
> Please apply or ack this for 2.6.27.
>
> [v3: respun against 2.6.27-rc1]
>
> Thanks,
> Miklos
>
> ----
> From: Miklos Szeredi <mszeredi@...e.cz>
>
> Brian Wang reported that a FUSE filesystem exported through NFS could
> return I/O errors on read.  This was traced to splice_direct_to_actor()
> returning a short or zero count when racing with page invalidation.
>
> However this is not FUSE or NFSD specific, other filesystems (notably NFS)
> also call invalidate_inode_pages2() to purge stale data from the cache.
>
> If this happens while such pages are sitting in a pipe buffer, then
> splice(2) from the pipe can return zero, and read(2) from the pipe can
> return ENODATA.
>
> The zero return is especially bad, since it implies end-of-file or
> disconnected pipe/socket, and is documented as such for splice.  But
> returning an error for read() is also nasty, when in fact there was no
> error (data becoming stale is not an error).

Hmm, the PageError case is a similar one which cannot be avoided, so
it kind of indicates to me that the splice async API is slightly
lacking (and provides me with some confirmation about my dislike of
removing ClearPageUptodate from invalidate...)

Returning -EIO at the pipe read I don't think quite make sense because
it is conceptually an IO error for the splicer, not the reader (who
is reading from a pipe, not from the file causing the error).

It seems like the right way to fix this would be to allow the splicing
process to be notified of a short read, in which case it could try to
refill the pipe with the unread bytes...
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ