On Fri, Feb 12, 2021 at 10:22:16AM +0200, Amir Goldstein wrote: > On Fri, Feb 12, 2021 at 9:49 AM Greg KH <gregkh@xxxxxxxxxxxxxxxxxxx> wrote: > > > > On Fri, Feb 12, 2021 at 12:44:00PM +0800, Nicolas Boichat wrote: > > > Filesystems such as procfs and sysfs generate their content at > > > runtime. This implies the file sizes do not usually match the > > > amount of data that can be read from the file, and that seeking > > > may not work as intended. > > > > > > This will be useful to disallow copy_file_range with input files > > > from such filesystems. > > > > > > Signed-off-by: Nicolas Boichat <drinkcat@xxxxxxxxxxxx> > > > --- > > > I first thought of adding a new field to struct file_operations, > > > but that doesn't quite scale as every single file creation > > > operation would need to be modified. > > > > Even so, you missed a load of filesystems in the kernel with this patch > > series, what makes the ones you did mark here different from the > > "internal" filesystems that you did not? > > > > This feels wrong, why is userspace suddenly breaking? What changed in > > the kernel that caused this? Procfs has been around for a _very_ long > > time :) > > That would be because of (v5.3): > > 5dae222a5ff0 vfs: allow copy_file_range to copy across devices > > The intention of this change (series) was to allow server side copy > for nfs and cifs via copy_file_range(). > This is mostly work by Dave Chinner that I picked up following requests > from the NFS folks. > > But the above change also includes this generic change: > > - /* this could be relaxed once a method supports cross-fs copies */ > - if (file_inode(file_in)->i_sb != file_inode(file_out)->i_sb) > - return -EXDEV; > - This isn't the problem. The problem is that proc sets the file size to zero length, so if you attempt to CFR from one proc file to another it will still report "zero bytes copied" because the source file is zero length. The other problem is that if the write fails, the generated data from the /proc file gets thrown away - the splice code treats write failures like a short read and hence the data sent to the failed write is consumed and lost. This has nothing to do with cross-fs cfr support - it's just one mechanism that can be used to expose the problems that using CFR on pipes that masquerade as regular files causes. Userspace can't even tell that CFR failed incorrectly, because the files that it returns immediate EOF on are zero length. Nor can userspace know taht a short read tossed away data, because it might actually be a short read rather than a write failure... > Our option now are: > - Restore the cross-fs restriction into generic_copy_file_range() > - Explicitly opt-out of CFR per-fs and/or per-file as Nicolas' patch does - Stop trying using cfr for things it was never intended for. Anyone using cfr has to be prepared for it to fail and do the copy manually themselves. If you can't tell from userspace if a file has data in it without actually calling read(), then you can't use copy_file_range() on it... Cheers, Dave. -- Dave Chinner david@xxxxxxxxxxxxx
