On Sat, Dec 10, 2016 at 02:38:49AM +0000, Al Viro wrote: > vmsplice() generates pipe_bufs with ->steal() set to > user_page_pipe_buf_steal(). What should happen when the source pages > had code from an mmapped area and why shouldn't their ->steal() > do what page_cache_pipe_buf_release() does in that case? > > As it is, e.g. fuse_dev_splice_write() getting fed that stuff could, > AFAICS, clear MappedToDisk on such a page, scream about weird pages > (upon noticing non-NULL ->mapping) and fall back to copying (thankfully). > We don't have that many ->steal() users (as the matter of fact, I've > discovered that while trying to debug the breakage in one I'd been > trying to add), but I really wonder about the intended semantics of > ->steal(). Hmm... Nope, the source of breakage is different, and these guys will simply fail ->steal() - pages present in page cache will have refcount >= 2 due to the buf->page contributing to it. My apologies... BTW, why doesn't page_cache_pipe_buf_steal() clear MappedToDisk on its own in case of success? -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
