[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <cc017cbc-9c28-66bb-8af6-4390b5110aa9@kernel.dk>
Date: Wed, 20 May 2020 18:58:52 -0600
From: Jens Axboe <axboe@...nel.dk>
To: David Howells <dhowells@...hat.com>
Cc: "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
Linus Torvalds <torvalds@...ux-foundation.org>
Subject: Re: [PATCH]: splice fix opipe_prep() full check
On 5/20/20 6:42 PM, Jens Axboe wrote:
> The patch converting pipes to head and tail pointers mistakenly
> turned the splice pipe-to-pipe opipe check into something
> nonsensical. It's supposed to check if we have room in the pipe,
> and return success if we do. If not, wait for room in the pipe.
> Instead it's now returning success for a full pipe, and entering
> the slow path for a non-full pipe.
Forgot to CC Linus - Linus, could you pick this up, or do you want
me to queue it up. Moving to 5.6 internally at FB triggers this
pretty easily, causing a hard hang as we'll get stuck in an infinite
busy loop in splice_pipe_to_pipe().
>
> Cc: stable@...r.kernel.org
> Fixes: 8cefc107ca54 ("pipe: Use head and tail pointers for the ring, not cursor and length")
> Signed-off-by: Jens Axboe <axboe@...nel.dk>
>
> ---
>
> I didn't check if the offending commit had other logical fumbles.
>
> diff --git a/fs/splice.c b/fs/splice.c
> index fd0a1e7e5959..4e53efbd621d 100644
> --- a/fs/splice.c
> +++ b/fs/splice.c
> @@ -1494,7 +1494,7 @@ static int opipe_prep(struct pipe_inode_info *pipe, unsigned int flags)
> * Check pipe occupancy without the inode lock first. This function
> * is speculative anyways, so missing one is ok.
> */
> - if (pipe_full(pipe->head, pipe->tail, pipe->max_usage))
> + if (!pipe_full(pipe->head, pipe->tail, pipe->max_usage))
> return 0;
>
> ret = 0;
>
--
Jens Axboe
Powered by blists - more mailing lists