From nobody Tue Dec 16 14:20:12 2025 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id CA7991DFE3A for ; Mon, 10 Feb 2025 11:41:16 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.133.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1739187679; cv=none; b=emJg1EFkb+1M/A1hhGCU08BHi7QqZD/3pjXceC6XTbjxE2XKMMxd/6700b6HaHzoy4hH3OPS3bHLH108jC+gRrCPxUCaySRVZFxPTEuT5dtwcDQB0KVVVPn1RxCKvJSJdPBYK1I/QT9w6D6gdnIP/mQYjhP/UgrTCcJwPdQgsBs= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1739187679; c=relaxed/simple; bh=A0Z5p7jAtcJP+bUxNWQBTn+qyqsJKGT8czafy7DAnfs=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=fuwuVbjfHj1huu9UKgLRl1044yHNmEvoiLUb+pIElA3E3rT4h/JlcZfDk97AsDcsOEaJK05INcl/AYDxYLSdz+HSx55dtbeA7TgbkYSShHwzh9Qh9/dzTjKPdxkmvAh+BL+0k7hnIzIEwry0yWS3hxBEAHnnCnI70QvFEnAOg5w= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=IhOoeCRC; arc=none smtp.client-ip=170.10.133.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="IhOoeCRC" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1739187675; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=ClbELSS8AwfbHSwnhY5LOEfcBwAX2tRaVpjOvrMpwf0=; b=IhOoeCRCIv8yQz9ky65A7bcfIu5qF/QoQL3QzUv4nmQe9d1TqMD1Ub3PTl/27xsUYZIM9y MF4pYoL5IH7JVsxE8SPUHRnKCvWRyoDPV6k25lUIYkdoHHsy9yWkOclVBnLk2kLd3ui2i+ w7BBc8LApq0g1LJvWVZR60wtKRsVBWI= Received: from mx-prod-mc-04.mail-002.prod.us-west-2.aws.redhat.com (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-682-Qa8SLWEQPIG-s5zBQCTFAw-1; Mon, 10 Feb 2025 06:41:14 -0500 X-MC-Unique: Qa8SLWEQPIG-s5zBQCTFAw-1 X-Mimecast-MFC-AGG-ID: Qa8SLWEQPIG-s5zBQCTFAw Received: from mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.93]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-04.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id D3E6F1955DB8; Mon, 10 Feb 2025 11:41:11 +0000 (UTC) Received: from dhcp-27-174.brq.redhat.com (unknown [10.45.224.113]) by mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with SMTP id 383721800570; Mon, 10 Feb 2025 11:41:06 +0000 (UTC) Received: by dhcp-27-174.brq.redhat.com (nbSMTP-1.00) for uid 1000 oleg@redhat.com; Mon, 10 Feb 2025 12:40:45 +0100 (CET) Date: Mon, 10 Feb 2025 12:40:39 +0100 From: Oleg Nesterov To: Christian Brauner , Jeff Layton , Linus Torvalds Cc: David Howells , "Gautham R. Shenoy" , K Prateek Nayak , Mateusz Guzik , Neeraj Upadhyay , Oliver Sang , Swapnil Sapkal , WangYuli , linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v2 1/1] pipe: change pipe_write() to never add a zero-sized buffer Message-ID: <20250210114039.GA3588@redhat.com> References: <20250209150718.GA17013@redhat.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <20250209150718.GA17013@redhat.com> User-Agent: Mutt/1.5.24 (2015-08-30) X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.93 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" a194dfe6e6f6 ("pipe: Rearrange sequence in pipe_write() to preallocate slot= ") changed pipe_write() to increment pipe->head in advance. IIUC to avoid the race with the post_one_notification()-like code which can add another buffer under pipe->rd_wait.lock without pipe->mutex. This is no longer necessary after c73be61cede5 ("pipe: Add general notifica= tion queue support"), pipe_write() checks pipe_has_watch_queue() and returns -EX= DEV at the start. And can't help in any case, pipe_write() no longer takes this rd_wait.lock spinlock. Change pipe_write() to call copy_page_from_iter() first and do nothing if it fails. This way pipe_write() can't add a zero-sized buffer and we can simpl= ify pipe_read() which currently has to take care of this very unlikely case. Also, with this patch we can probably kill eat_empty_buffer() and more "is this buffer empty" checks in fs/splice.c later. Link: https://lore.kernel.org/all/20250209150718.GA17013@redhat.com/ Signed-off-by: Oleg Nesterov Tested-by: K Prateek Nayak --- fs/pipe.c | 45 +++++++++------------------------------------ 1 file changed, 9 insertions(+), 36 deletions(-) diff --git a/fs/pipe.c b/fs/pipe.c index 2ae75adfba64..b0641f75b1ba 100644 --- a/fs/pipe.c +++ b/fs/pipe.c @@ -360,29 +360,9 @@ anon_pipe_read(struct kiocb *iocb, struct iov_iter *to) break; } mutex_unlock(&pipe->mutex); - /* * We only get here if we didn't actually read anything. * - * However, we could have seen (and removed) a zero-sized - * pipe buffer, and might have made space in the buffers - * that way. - * - * You can't make zero-sized pipe buffers by doing an empty - * write (not even in packet mode), but they can happen if - * the writer gets an EFAULT when trying to fill a buffer - * that already got allocated and inserted in the buffer - * array. - * - * So we still need to wake up any pending writers in the - * _very_ unlikely case that the pipe was full, but we got - * no data. - */ - if (unlikely(wake_writer)) - wake_up_interruptible_sync_poll(&pipe->wr_wait, EPOLLOUT | EPOLLWRNORM); - kill_fasync(&pipe->fasync_writers, SIGIO, POLL_OUT); - - /* * But because we didn't read anything, at this point we can * just return directly with -ERESTARTSYS if we're interrupted, * since we've done any required wakeups and there's no need @@ -391,7 +371,6 @@ anon_pipe_read(struct kiocb *iocb, struct iov_iter *to) if (wait_event_interruptible_exclusive(pipe->rd_wait, pipe_readable(pipe= )) < 0) return -ERESTARTSYS; =20 - wake_writer =3D false; wake_next_reader =3D true; mutex_lock(&pipe->mutex); } @@ -526,33 +505,27 @@ anon_pipe_write(struct kiocb *iocb, struct iov_iter *= from) pipe->tmp_page =3D page; } =20 - /* Allocate a slot in the ring in advance and attach an - * empty buffer. If we fault or otherwise fail to use - * it, either the reader will consume it or it'll still - * be there for the next write. - */ - pipe->head =3D head + 1; + copied =3D copy_page_from_iter(page, 0, PAGE_SIZE, from); + if (unlikely(copied < PAGE_SIZE && iov_iter_count(from))) { + if (!ret) + ret =3D -EFAULT; + break; + } =20 + pipe->head =3D head + 1; + pipe->tmp_page =3D NULL; /* Insert it into the buffer array */ buf =3D &pipe->bufs[head & mask]; buf->page =3D page; buf->ops =3D &anon_pipe_buf_ops; buf->offset =3D 0; - buf->len =3D 0; if (is_packetized(filp)) buf->flags =3D PIPE_BUF_FLAG_PACKET; else buf->flags =3D PIPE_BUF_FLAG_CAN_MERGE; - pipe->tmp_page =3D NULL; =20 - copied =3D copy_page_from_iter(page, 0, PAGE_SIZE, from); - if (unlikely(copied < PAGE_SIZE && iov_iter_count(from))) { - if (!ret) - ret =3D -EFAULT; - break; - } - ret +=3D copied; buf->len =3D copied; + ret +=3D copied; =20 if (!iov_iter_count(from)) break; --=20 2.25.1.362.g51ebf55 From nobody Tue Dec 16 14:20:12 2025 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D3D16F9FE for ; Sun, 9 Feb 2025 15:08:29 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.129.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1739113711; cv=none; b=tm0Fv1vpo2Hs8vbOt4qMoLtnvUC69jZju94prBBYIB44wvS/EK6F05Z2mN13i1dWKhosx4j09kJZ670mp+5ysLhCzzrPo7K5FfQnYn0Nh1vdlyVMknlnNZhPl4pfqt6DPv951j2CDK9Ir5QR0iHzrSlaB6cCiaZZF3+WkSNrFQk= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1739113711; c=relaxed/simple; bh=M1AQ2hEM2O1Zv6CQ05LKHpVqombgKaio3Q2iO2ZuBxs=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=YnKWLIS5xWQJcTsqA1eaumajoMZq4+WDzrB1p8Gy1jEHIg2/IKsZHk6qew0gAbGKmtaPPPoZKRs6/yfy2+BGomcTmYcdWOlP/6WjaS8U5yPIzAdQ5aAq6BCh7++qneB4z2x1FTavFGP/OyKthQD4LfRVF55X8R79jVjKdvtcun8= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=dNRrfA0n; arc=none smtp.client-ip=170.10.129.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="dNRrfA0n" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1739113708; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=tb/tj8BCDUnG6L/Z2jvQ7trDD1By4diGpHFGxOH14oY=; b=dNRrfA0nnBHAtAfuSKtGf5QEIbM9hPrVJ64baipLYqaPO9DIfP0fClpOGei24YrCNu5kX8 9q314EjC66RLd/z37q/DMUj65GJxlIpbIBczRGQB5OeDIXEoipfF0mhWgqAgrz18442BJK 6Om9VDR2pXQwb0aXkExHzPE3CvW6Vc0= Received: from mx-prod-mc-06.mail-002.prod.us-west-2.aws.redhat.com (ec2-35-165-154-97.us-west-2.compute.amazonaws.com [35.165.154.97]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-215-bXUnPjQ-PkmhEVVTGpf3YA-1; Sun, 09 Feb 2025 10:08:24 -0500 X-MC-Unique: bXUnPjQ-PkmhEVVTGpf3YA-1 X-Mimecast-MFC-AGG-ID: bXUnPjQ-PkmhEVVTGpf3YA Received: from mx-prod-int-03.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-03.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.12]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 22C581800360; Sun, 9 Feb 2025 15:08:22 +0000 (UTC) Received: from dhcp-27-174.brq.redhat.com (unknown [10.45.224.8]) by mx-prod-int-03.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with SMTP id 1710019560A3; Sun, 9 Feb 2025 15:08:16 +0000 (UTC) Received: by dhcp-27-174.brq.redhat.com (nbSMTP-1.00) for uid 1000 oleg@redhat.com; Sun, 9 Feb 2025 16:07:55 +0100 (CET) Date: Sun, 9 Feb 2025 16:07:49 +0100 From: Oleg Nesterov To: Christian Brauner , Jeff Layton , Linus Torvalds Cc: David Howells , "Gautham R. Shenoy" , K Prateek Nayak , Mateusz Guzik , Neeraj Upadhyay , Oliver Sang , Swapnil Sapkal , WangYuli , linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH 1/2] pipe: change pipe_write() to never add a zero-sized buffer Message-ID: <20250209150749.GA16999@redhat.com> References: <20250209150718.GA17013@redhat.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <20250209150718.GA17013@redhat.com> User-Agent: Mutt/1.5.24 (2015-08-30) X-Scanned-By: MIMEDefang 3.0 on 10.30.177.12 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" a194dfe6e6f6 ("pipe: Rearrange sequence in pipe_write() to preallocate slot= ") changed pipe_write() to increment pipe->head in advance. IIUC to avoid the race with the post_one_notification()-like code which can add another buffer under pipe->rd_wait.lock without pipe->mutex. This is no longer necessary after c73be61cede5 ("pipe: Add general notifica= tion queue support"), pipe_write() checks pipe_has_watch_queue() and returns -EX= DEV at the start. And can't help in any case, pipe_write() no longer takes this rd_wait.lock spinlock. Change pipe_write() to call copy_page_from_iter() first and do nothing if it fails. This way pipe_write() can't add a zero-sized buffer and we can simpl= ify pipe_read() which currently has to take care of this very unlikely case. Signed-off-by: Oleg Nesterov Tested-by: K Prateek Nayak --- fs/pipe.c | 47 +++++++++------------------------------ include/linux/pipe_fs_i.h | 6 +++++ 2 files changed, 16 insertions(+), 37 deletions(-) diff --git a/fs/pipe.c b/fs/pipe.c index 2ae75adfba64..7f24d707f6a1 100644 --- a/fs/pipe.c +++ b/fs/pipe.c @@ -303,7 +303,7 @@ anon_pipe_read(struct kiocb *iocb, struct iov_iter *to) =20 if (!pipe_empty(head, tail)) { struct pipe_buffer *buf =3D &pipe->bufs[tail & mask]; - size_t chars =3D buf->len; + size_t chars =3D pipe_buf_assert_len(buf); size_t written; int error; =20 @@ -360,29 +360,9 @@ anon_pipe_read(struct kiocb *iocb, struct iov_iter *to) break; } mutex_unlock(&pipe->mutex); - /* * We only get here if we didn't actually read anything. * - * However, we could have seen (and removed) a zero-sized - * pipe buffer, and might have made space in the buffers - * that way. - * - * You can't make zero-sized pipe buffers by doing an empty - * write (not even in packet mode), but they can happen if - * the writer gets an EFAULT when trying to fill a buffer - * that already got allocated and inserted in the buffer - * array. - * - * So we still need to wake up any pending writers in the - * _very_ unlikely case that the pipe was full, but we got - * no data. - */ - if (unlikely(wake_writer)) - wake_up_interruptible_sync_poll(&pipe->wr_wait, EPOLLOUT | EPOLLWRNORM); - kill_fasync(&pipe->fasync_writers, SIGIO, POLL_OUT); - - /* * But because we didn't read anything, at this point we can * just return directly with -ERESTARTSYS if we're interrupted, * since we've done any required wakeups and there's no need @@ -391,7 +371,6 @@ anon_pipe_read(struct kiocb *iocb, struct iov_iter *to) if (wait_event_interruptible_exclusive(pipe->rd_wait, pipe_readable(pipe= )) < 0) return -ERESTARTSYS; =20 - wake_writer =3D false; wake_next_reader =3D true; mutex_lock(&pipe->mutex); } @@ -526,33 +505,27 @@ anon_pipe_write(struct kiocb *iocb, struct iov_iter *= from) pipe->tmp_page =3D page; } =20 - /* Allocate a slot in the ring in advance and attach an - * empty buffer. If we fault or otherwise fail to use - * it, either the reader will consume it or it'll still - * be there for the next write. - */ - pipe->head =3D head + 1; + copied =3D copy_page_from_iter(page, 0, PAGE_SIZE, from); + if (unlikely(copied < PAGE_SIZE && iov_iter_count(from))) { + if (!ret) + ret =3D -EFAULT; + break; + } =20 + pipe->head =3D head + 1; + pipe->tmp_page =3D NULL; /* Insert it into the buffer array */ buf =3D &pipe->bufs[head & mask]; buf->page =3D page; buf->ops =3D &anon_pipe_buf_ops; buf->offset =3D 0; - buf->len =3D 0; if (is_packetized(filp)) buf->flags =3D PIPE_BUF_FLAG_PACKET; else buf->flags =3D PIPE_BUF_FLAG_CAN_MERGE; - pipe->tmp_page =3D NULL; =20 - copied =3D copy_page_from_iter(page, 0, PAGE_SIZE, from); - if (unlikely(copied < PAGE_SIZE && iov_iter_count(from))) { - if (!ret) - ret =3D -EFAULT; - break; - } - ret +=3D copied; buf->len =3D copied; + ret +=3D copied; =20 if (!iov_iter_count(from)) break; diff --git a/include/linux/pipe_fs_i.h b/include/linux/pipe_fs_i.h index 8ff23bf5a819..4174429a3e0e 100644 --- a/include/linux/pipe_fs_i.h +++ b/include/linux/pipe_fs_i.h @@ -31,6 +31,12 @@ struct pipe_buffer { unsigned long private; }; =20 +static inline unsigned int pipe_buf_assert_len(struct pipe_buffer *buf) +{ + WARN_ON_ONCE(!buf->len); + return buf->len; +} + /** * struct pipe_inode_info - a linux kernel pipe * @mutex: mutex protecting the whole thing --=20 2.25.1.362.g51ebf55 From nobody Tue Dec 16 14:20:12 2025 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 97473F9FE for ; Sun, 9 Feb 2025 15:08:50 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=170.10.133.124 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1739113733; cv=none; b=aspSR1Of/DruL//UwRh8ZMSlS3xXwadEakJGsaP7voELkda3OKATC08idOSHXnQVshnlEWjYBbGzMiLpkK7Tft4tDH+vM2GjsiiPeHsxMdyoC62ieN7Yjp3v5ikojif6eEbLU7NdDyjpGIQaI6hKzAEP1moZW0p8MFnVqimaddg= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1739113733; c=relaxed/simple; bh=3j7x4qb9+aqqiVdSCyBdk1Z4LwjXjaLTVNPhwIFVi4o=; h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version: Content-Type:Content-Disposition:In-Reply-To; b=fJY2yqxtdhD01CqSTRsJSrxWbUaz5Oq6w0pbT6GMyfhqoDjRy9KgwgM7iFyWZMQtsIcxuFK+hLIKRqJLFLA5oMhrV29SrSANQa99IQJGwz4pqbY2pX3kldz1iLRBbZzh+2Ged4lmB2P2UzaxYlyh0uy7UzxSyOUwRXMnj1pJhmw= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com; spf=pass smtp.mailfrom=redhat.com; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b=LaJhklru; arc=none smtp.client-ip=170.10.133.124 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=redhat.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=redhat.com header.i=@redhat.com header.b="LaJhklru" DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1739113729; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references; bh=WKq/GoVu8AJXvVETTB0hWEI/zu4QQM8xp88r2RP6yp8=; b=LaJhklruEaxDXxK+F9nUkQsbf9MbpyWsuTyYtE695oDFJlQ4WZKNruZVdvL61+wIpbJSUE Lwb0DRtsC4/pQ/GcpmusoNAqT1gh30cNUB9/7Rs4hMZddwhvhRzUvn7S/246cuHVbvZQ9f 202uGf93s7Db6SmF+LDjnUompfwsgOI= Received: from mx-prod-mc-03.mail-002.prod.us-west-2.aws.redhat.com (ec2-54-186-198-63.us-west-2.compute.amazonaws.com [54.186.198.63]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-410-9UA9-7n1O1-zziPgJBs_uw-1; Sun, 09 Feb 2025 10:08:46 -0500 X-MC-Unique: 9UA9-7n1O1-zziPgJBs_uw-1 X-Mimecast-MFC-AGG-ID: 9UA9-7n1O1-zziPgJBs_uw Received: from mx-prod-int-08.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-08.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.111]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-03.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id CF7A319560AA; Sun, 9 Feb 2025 15:08:43 +0000 (UTC) Received: from dhcp-27-174.brq.redhat.com (unknown [10.45.224.8]) by mx-prod-int-08.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with SMTP id 1A76B180087D; Sun, 9 Feb 2025 15:08:38 +0000 (UTC) Received: by dhcp-27-174.brq.redhat.com (nbSMTP-1.00) for uid 1000 oleg@redhat.com; Sun, 9 Feb 2025 16:08:16 +0100 (CET) Date: Sun, 9 Feb 2025 16:08:11 +0100 From: Oleg Nesterov To: Christian Brauner , Jeff Layton , Linus Torvalds Cc: David Howells , "Gautham R. Shenoy" , K Prateek Nayak , Mateusz Guzik , Neeraj Upadhyay , Oliver Sang , Swapnil Sapkal , WangYuli , linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH 2/2] splice: add some pipe_buf_assert_len() checks Message-ID: <20250209150811.GB16999@redhat.com> References: <20250209150718.GA17013@redhat.com> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: <20250209150718.GA17013@redhat.com> User-Agent: Mutt/1.5.24 (2015-08-30) X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.111 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" After the previous patch the readers can't (hopefully) hit a zero-sized buffer, add a few pipe_buf_assert_len() debugging checks. pipe_buf_assert_len() can probably have more users, including the writers which update pipe->head. While at it, simplify eat_empty_buffer(), it can use pipe_buf(pipe->tail). Signed-off-by: Oleg Nesterov --- fs/splice.c | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) diff --git a/fs/splice.c b/fs/splice.c index 28cfa63aa236..fb7841c07edd 100644 --- a/fs/splice.c +++ b/fs/splice.c @@ -453,7 +453,7 @@ static int splice_from_pipe_feed(struct pipe_inode_info= *pipe, struct splice_des while (!pipe_empty(head, tail)) { struct pipe_buffer *buf =3D &pipe->bufs[tail & mask]; =20 - sd->len =3D buf->len; + sd->len =3D pipe_buf_assert_len(buf); if (sd->len > sd->total_len) sd->len =3D sd->total_len; =20 @@ -494,13 +494,11 @@ static int splice_from_pipe_feed(struct pipe_inode_in= fo *pipe, struct splice_des /* We know we have a pipe buffer, but maybe it's empty? */ static inline bool eat_empty_buffer(struct pipe_inode_info *pipe) { - unsigned int tail =3D pipe->tail; - unsigned int mask =3D pipe->ring_size - 1; - struct pipe_buffer *buf =3D &pipe->bufs[tail & mask]; + struct pipe_buffer *buf =3D pipe_buf(pipe, pipe->tail); =20 - if (unlikely(!buf->len)) { + if (unlikely(!pipe_buf_assert_len(buf))) { pipe_buf_release(pipe, buf); - pipe->tail =3D tail+1; + pipe->tail++; return true; } =20 @@ -717,7 +715,7 @@ iter_file_splice_write(struct pipe_inode_info *pipe, st= ruct file *out, left =3D sd.total_len; for (n =3D 0; !pipe_empty(head, tail) && left && n < nbufs; tail++) { struct pipe_buffer *buf =3D &pipe->bufs[tail & mask]; - size_t this_len =3D buf->len; + size_t this_len =3D pipe_buf_assert_len(buf); =20 /* zero-length bvecs are not supported, skip them */ if (!this_len) @@ -852,7 +850,7 @@ ssize_t splice_to_socket(struct pipe_inode_info *pipe, = struct file *out, struct pipe_buffer *buf =3D &pipe->bufs[tail & mask]; size_t seg; =20 - if (!buf->len) { + if (!pipe_buf_assert_len(buf)) { tail++; continue; } --=20 2.25.1.362.g51ebf55