generic_remap_checks() can reduce the effective request length (i.e., after the reflink extend to EOF case is handled) down to zero. If this occurs, __generic_remap_file_range_prep() proceeds through dio serialization, file mapping flush calls, and may invoke file_modified() before returning back to the filesystem caller, all of which immediately check for len == 0 and return. While this is mostly harmless, it is spurious and not completely without side effect. A filemap write call can submit I/O (but not wait on it) when the specified end byte precedes the start but happens to land on the same aligned page boundary, which can occur from __generic_remap_file_range_prep() when len is 0. The dedupe path already has a len == 0 check to break out before doing range comparisons. Lift this check a bit earlier in the function to cover the general case of len == 0 and avoid the unnecessary work. While here, account for the case where generic_remap_check_len() may also reduce length to zero. Signed-off-by: Brian Foster <bfoster@xxxxxxxxxx> Reviewed-by: Darrick J. Wong <djwong@xxxxxxxxxx> --- v2: - Also handle generic_remap_check_len(). v1: https://lore.kernel.org/linux-fsdevel/20221128160813.3950889-1-bfoster@xxxxxxxxxx/ fs/remap_range.c | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/fs/remap_range.c b/fs/remap_range.c index 654912d06862..8741ecd616a7 100644 --- a/fs/remap_range.c +++ b/fs/remap_range.c @@ -304,7 +304,7 @@ __generic_remap_file_range_prep(struct file *file_in, loff_t pos_in, /* Check that we don't violate system file offset limits. */ ret = generic_remap_checks(file_in, pos_in, file_out, pos_out, len, remap_flags); - if (ret) + if (ret || *len == 0) return ret; /* Wait for the completion of any pending IOs on both files */ @@ -328,9 +328,6 @@ __generic_remap_file_range_prep(struct file *file_in, loff_t pos_in, if (remap_flags & REMAP_FILE_DEDUP) { bool is_same = false; - if (*len == 0) - return 0; - if (!IS_DAX(inode_in)) ret = vfs_dedupe_file_range_compare(file_in, pos_in, file_out, pos_out, *len, &is_same); @@ -348,7 +345,7 @@ __generic_remap_file_range_prep(struct file *file_in, loff_t pos_in, ret = generic_remap_check_len(inode_in, inode_out, pos_out, len, remap_flags); - if (ret) + if (ret || *len == 0) return ret; /* If can't alter the file contents, we're done. */ -- 2.37.3
