[PATCH net-next v2 1/6] splice, net: Fix MSG_MORE signalling in splice_direct_to_actor()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



splice_direct_to_actor() doesn't manage SPLICE_F_MORE correctly - and, as a
result, incorrectly signals MSG_MORE when splicing to a socket.  The
problem happens when a short splice occurs because we got a short read due
to hitting the EOF on a file.  Because the length read (read_len) is less
than the remaining size to be spliced (len), SPLICE_F_MORE is set.

This causes MSG_MORE to be set by pipe_to_sendpage(), indicating to the
network protocol that more data is to be expected.  With the changes I want
to make to switch from using sendpage to using sendmsg(MSG_SPLICE_PAGES),
MSG_MORE needs to work properly.

This was observed with the multi_chunk_sendfile tests in the tls kselftest
program.  Some of those tests would hang and time out when the last chunk
of file was less than the sendfile request size.

This has been observed before[1] and worked around in AF_TLS[2].

Fix this by checking to see if the source file is seekable if we get a
short read and, if it is, checking to see if we hit the file size.  This
should also work for block devices.

This won't help procfiles and suchlike as they're zero length files that
can be read from[3].  To handle that, should splice make a zero-length call
with SPLICE_F_MORE cleared (assuming it wasn't set by userspace via
splice()) if it gets a zero-length read?

Signed-off-by: David Howells <dhowells@xxxxxxxxxx>
cc: Jakub Kicinski <kuba@xxxxxxxxxx>
cc: Jens Axboe <axboe@xxxxxxxxx>
cc: Christoph Hellwig <hch@xxxxxx>
cc: Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx>
cc: Al Viro <viro@xxxxxxxxxxxxxxxxxx>
cc: Matthew Wilcox <willy@xxxxxxxxxxxxx>
cc: Jan Kara <jack@xxxxxxx>
cc: Jeff Layton <jlayton@xxxxxxxxxx>
cc: David Hildenbrand <david@xxxxxxxxxx>
cc: Christian Brauner <brauner@xxxxxxxxxx>
cc: Chuck Lever <chuck.lever@xxxxxxxxxx>
cc: Boris Pismenny <borisp@xxxxxxxxxx>
cc: John Fastabend <john.fastabend@xxxxxxxxx>
cc: Eric Dumazet <edumazet@xxxxxxxxxx>
cc: "David S. Miller" <davem@xxxxxxxxxxxxx>
cc: Paolo Abeni <pabeni@xxxxxxxxxx>
cc: linux-fsdevel@xxxxxxxxxxxxxxx
cc: linux-block@xxxxxxxxxxxxxxx
cc: linux-mm@xxxxxxxxx
cc: netdev@xxxxxxxxxxxxxxx

Link: https://lore.kernel.org/netdev/1591392508-14592-1-git-send-email-pooja.trivedi@xxxxxxxxxxxxx/ [1]
Link: https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next.git/commit/?id=d452d48b9f8b1a7f8152d33ef52cfd7fe1735b0a [2]
Link: https://lore.kernel.org/r/CAHk-=wjDq5_wLWrapzFiJ3ZNn6aGFWeMJpAj5q+4z-Ok8DD9dA@xxxxxxxxxxxxxx/ [3]
---
 fs/splice.c | 17 ++++++++++++++---
 1 file changed, 14 insertions(+), 3 deletions(-)

diff --git a/fs/splice.c b/fs/splice.c
index 3e06611d19ae..a7cf216c02a7 100644
--- a/fs/splice.c
+++ b/fs/splice.c
@@ -982,10 +982,21 @@ ssize_t splice_direct_to_actor(struct file *in, struct splice_desc *sd,
 		 * If this is the last data and SPLICE_F_MORE was not set
 		 * initially, clears it.
 		 */
-		if (read_len < len)
-			sd->flags |= SPLICE_F_MORE;
-		else if (!more)
+		if (read_len < len) {
+			struct inode *ii = in->f_mapping->host;
+
+			if (ii->i_fop->llseek != noop_llseek &&
+			    pos >= i_size_read(ii)) {
+				if (!more)
+					sd->flags &= ~SPLICE_F_MORE;
+			} else {
+				sd->flags |= SPLICE_F_MORE;
+			}
+
+		} else if (!more) {
 			sd->flags &= ~SPLICE_F_MORE;
+		}
+
 		/*
 		 * NOTE: nonblocking mode only applies to the input. We
 		 * must not do the output in nonblocking mode as then we




[Index of Archives]     [Linux RAID]     [Linux SCSI]     [Linux ATA RAID]     [IDE]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Device Mapper]

  Powered by Linux