From: Andrew Morton <akpm@linux-foundation.org>
To: Miklos Szeredi <miklos@szeredi.hu>
Cc: jens.axboe@oracle.com, linux-kernel@vger.kernel.org,
linux-fsdevel@vger.kernel.org, Allard Hoeve <allard@byte.nl>,
Neil Brown <neilb@suse.de>
Subject: Re: [patch] fix infinite loop in generic_file_splice_read()
Date: Wed, 9 Apr 2008 11:57:02 -0700 [thread overview]
Message-ID: <20080409115702.79737d7f.akpm@linux-foundation.org> (raw)
In-Reply-To: <E1JjcgO-0004q2-VJ@pomaz-ex.szeredi.hu>
On Wed, 09 Apr 2008 17:57:56 +0200
Miklos Szeredi <miklos@szeredi.hu> wrote:
> generic_file_splice_read() goes into an infinite loop if it races with
> truncation. I've found this with fsx-linux on NFS over fuse.
>
> Perhaps the whole while() loop is bogus, but I can't tell from a
> cursory glance at __generic_file_splice_read() if it will return zero
> only on EOF, or it can do that for other reasons as well. In the
> latter case the loop is obviously needed.
>
> This simplistic patch fixes the issue for me.
>
We found suspicious-looking code in generic_file_splice_read() back in
February. See http://lkml.org/lkml/2008/2/29/443. I suspect that patch
(if it works) will address the truncate lockup as well - it zaps the loop
entirely.
Unfortunately Allard never got back to us (probably because he's running
2.6.24 which has a quite different generic_file_splice_read()) and the
patch didn't get anywhere.
Here it is again.
It needs a changelog.
Nobody has tested this at all, to my knowledge.
It's going to take some serious and sudden effort to get these bugs fixed
for 2.6.25.
fs/splice.c | 31 ++++++-------------------------
1 file changed, 6 insertions(+), 25 deletions(-)
diff -puN fs/splice.c~generic_file_splice_read-fix-lockups fs/splice.c
--- a/fs/splice.c~generic_file_splice_read-fix-lockups
+++ a/fs/splice.c
@@ -370,8 +370,10 @@ __generic_file_splice_read(struct file *
* for an in-flight io page
*/
if (flags & SPLICE_F_NONBLOCK) {
- if (TestSetPageLocked(page))
+ if (TestSetPageLocked(page)) {
+ error = -EAGAIN;
break;
+ }
} else
lock_page(page);
@@ -479,9 +481,8 @@ ssize_t generic_file_splice_read(struct
struct pipe_inode_info *pipe, size_t len,
unsigned int flags)
{
- ssize_t spliced;
- int ret;
loff_t isize, left;
+ int ret;
isize = i_size_read(in->f_mapping->host);
if (unlikely(*ppos >= isize))
@@ -491,29 +492,9 @@ ssize_t generic_file_splice_read(struct
if (unlikely(left < len))
len = left;
- ret = 0;
- spliced = 0;
- while (len && !spliced) {
- ret = __generic_file_splice_read(in, ppos, pipe, len, flags);
-
- if (ret < 0)
- break;
- else if (!ret) {
- if (spliced)
- break;
- if (flags & SPLICE_F_NONBLOCK) {
- ret = -EAGAIN;
- break;
- }
- }
-
+ ret = __generic_file_splice_read(in, ppos, pipe, len, flags);
+ if (ret > 0)
*ppos += ret;
- len -= ret;
- spliced += ret;
- }
-
- if (spliced)
- return spliced;
return ret;
}
_
next prev parent reply other threads:[~2008-04-09 18:58 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-04-09 15:57 [patch] fix infinite loop in generic_file_splice_read() Miklos Szeredi
2008-04-09 17:05 ` Oliver Pinter
2008-04-09 17:05 ` Oliver Pinter
2008-04-09 18:57 ` Andrew Morton [this message]
2008-04-09 19:25 ` Miklos Szeredi
2008-04-09 19:52 ` Jens Axboe
2008-04-10 6:29 ` Allard Hoeve
2008-04-10 19:51 ` nfs: infinite loop in fcntl(F_SETLKW) Miklos Szeredi
2008-04-10 21:02 ` Trond Myklebust
2008-04-10 21:07 ` Trond Myklebust
[not found] ` <1207861661.8180.18.camel-rJ7iovZKK19ZJLDQqaL3InhyD016LWXt@public.gmane.org>
2008-04-10 21:20 ` Trond Myklebust
2008-04-10 21:20 ` Trond Myklebust
2008-04-10 21:20 ` Trond Myklebust
2008-04-10 21:54 ` J. Bruce Fields
2008-04-11 19:12 ` Miklos Szeredi
2008-04-11 19:19 ` J. Bruce Fields
2008-04-11 19:22 ` Miklos Szeredi
2008-04-11 19:22 ` Miklos Szeredi
2008-04-13 0:08 ` J. Bruce Fields
2008-04-13 8:13 ` Miklos Szeredi
2008-04-13 8:13 ` Miklos Szeredi
2008-04-14 17:07 ` J. Bruce Fields
[not found] ` <E1JkxKz-0003A8-9V-8f8m9JG5TPIdUIPVzhDTVZP2KDSNp7ea@public.gmane.org>
2008-04-14 19:03 ` [PATCH] locks: fix possible infinite loop in fcntl(F_SETLKW) over nfs J. Bruce Fields
2008-04-14 19:03 ` J. Bruce Fields
2008-04-14 19:03 ` J. Bruce Fields
2008-04-13 8:28 ` nfs: infinite loop in fcntl(F_SETLKW) Miklos Szeredi
2008-04-13 8:28 ` Miklos Szeredi
2008-04-14 17:19 ` J. Bruce Fields
2008-04-14 21:15 ` Miklos Szeredi
2008-04-15 18:58 ` J. Bruce Fields
2008-04-16 16:28 ` Miklos Szeredi
2008-04-17 22:26 ` J. Bruce Fields
2008-04-18 12:47 ` Miklos Szeredi
2008-04-18 12:47 ` Miklos Szeredi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20080409115702.79737d7f.akpm@linux-foundation.org \
--to=akpm@linux-foundation.org \
--cc=allard@byte.nl \
--cc=jens.axboe@oracle.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=miklos@szeredi.hu \
--cc=neilb@suse.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.