* PATCH: sendfile() checks f_op.sendpage() instead of f_op.splice_write() wrongly @ 2009-10-19 7:56 Changli Gao 2009-10-19 8:25 ` Jens Axboe 2009-10-19 9:20 ` Changli Gao 0 siblings, 2 replies; 4+ messages in thread From: Changli Gao @ 2009-10-19 7:56 UTC (permalink / raw) To: Linus Torvalds; +Cc: Linux Kernel Mailing List, xiaosuo sendfile(2) checks f_op.sendpage() instead of f_op.splice_write() wrongly. sendfile(2) was reworked with the splice infrastructure, but it still checks f_op.sendpage() instead of f_op.splice_write() wrongly. Although if f_op.sendpage() exists, f_op.splice_write() always exists at the same time currently, the assumption will be broken in future silently. This patch also brings a side effect: sendfile(2) can work with any output file, which supports splice_write() not only mmap(2). Signed-off-by: Changli Gao <xiaosuo@gmail.com> ---- fs/read_write.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/fs/read_write.c +++ b/fs/read_write.c @@ -826,7 +826,7 @@ static ssize_t do_sendfile(int out_fd, int in_fd, loff_t *ppos, if (!(out_file->f_mode & FMODE_WRITE)) goto fput_out; retval = -EINVAL; - if (!out_file->f_op || !out_file->f_op->sendpage) + if (!out_file->f_op || !out_file->f_op->splice_write) goto fput_out; in_inode = in_file->f_path.dentry->d_inode; out_inode = out_file->f_path.dentry->d_inode; ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: PATCH: sendfile() checks f_op.sendpage() instead of f_op.splice_write() wrongly 2009-10-19 7:56 PATCH: sendfile() checks f_op.sendpage() instead of f_op.splice_write() wrongly Changli Gao @ 2009-10-19 8:25 ` Jens Axboe 2009-10-19 8:48 ` Changli Gao 2009-10-19 9:20 ` Changli Gao 1 sibling, 1 reply; 4+ messages in thread From: Jens Axboe @ 2009-10-19 8:25 UTC (permalink / raw) To: Changli Gao; +Cc: Linus Torvalds, Linux Kernel Mailing List On Mon, Oct 19 2009, Changli Gao wrote: > sendfile(2) checks f_op.sendpage() instead of f_op.splice_write() wrongly. > > sendfile(2) was reworked with the splice infrastructure, but it still > checks f_op.sendpage() instead of f_op.splice_write() wrongly. Although > if f_op.sendpage() exists, f_op.splice_write() always exists at the same > time currently, the assumption will be broken in future silently. This > patch also brings a side effect: sendfile(2) can work with any output > file, which supports splice_write() not only mmap(2). Question is, if the check should just be dropped completely, since we use fallback default handlers if the fs doesn't have ->splice_read/->splice_write(). -- Jens Axboe ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: PATCH: sendfile() checks f_op.sendpage() instead of f_op.splice_write() wrongly 2009-10-19 8:25 ` Jens Axboe @ 2009-10-19 8:48 ` Changli Gao 0 siblings, 0 replies; 4+ messages in thread From: Changli Gao @ 2009-10-19 8:48 UTC (permalink / raw) To: Jens Axboe; +Cc: Linus Torvalds, Linux Kernel Mailing List On Mon, Oct 19, 2009 at 4:25 PM, Jens Axboe <jens.axboe@oracle.com> wrote: > On Mon, Oct 19 2009, Changli Gao wrote: > > Question is, if the check should just be dropped completely, since we > use fallback default handlers if the fs doesn't have > ->splice_read/->splice_write(). Agree with you. I think we can drop it. -- Regards, Changli Gao(xiaosuo@gmail.com) ^ permalink raw reply [flat|nested] 4+ messages in thread
* PATCH: sendfile() checks f_op.sendpage() instead of f_op.splice_write() wrongly 2009-10-19 7:56 PATCH: sendfile() checks f_op.sendpage() instead of f_op.splice_write() wrongly Changli Gao 2009-10-19 8:25 ` Jens Axboe @ 2009-10-19 9:20 ` Changli Gao 1 sibling, 0 replies; 4+ messages in thread From: Changli Gao @ 2009-10-19 9:20 UTC (permalink / raw) To: Linus Torvalds; +Cc: Jens Axboe, Linux Kernel Mailing List, xiaosuo sendfile(2) checks f_op.sendpage() instead of f_op.splice_write() wrongly. sendfile(2) was reworked with the splice infrastructure, but it still checks f_op.sendpage() instead of f_op.splice_write() wrongly. Although if f_op.sendpage() exists, f_op.splice_write() always exists at the same time currently, the assumption will be broken in future silently. This patch also brings a side effect: sendfile(2) can work with any output file. Some security checks related to f_op are added too. Signed-off-by: Changli Gao <xiaosuo@gmail.com> ---- read_write.c | 2 -- splice.c | 24 +++++++++++++++--------- 2 files changed, 15 insertions(+), 11 deletions(-) diff --git a/fs/read_write.c b/fs/read_write.c index 3ac2898..b7f4a1f 100644 --- a/fs/read_write.c +++ b/fs/read_write.c @@ -826,8 +826,6 @@ static ssize_t do_sendfile(int out_fd, int in_fd, loff_t *ppos, if (!(out_file->f_mode & FMODE_WRITE)) goto fput_out; retval = -EINVAL; - if (!out_file->f_op || !out_file->f_op->sendpage) - goto fput_out; in_inode = in_file->f_path.dentry->d_inode; out_inode = out_file->f_path.dentry->d_inode; retval = rw_verify_area(WRITE, out_file, &out_file->f_pos, count); diff --git a/fs/splice.c b/fs/splice.c index 7394e9e..5724845 100644 --- a/fs/splice.c +++ b/fs/splice.c @@ -648,9 +648,11 @@ static int pipe_to_sendpage(struct pipe_inode_info *pipe, ret = buf->ops->confirm(pipe, buf); if (!ret) { more = (sd->flags & SPLICE_F_MORE) || sd->len < sd->total_len; - - ret = file->f_op->sendpage(file, buf->page, buf->offset, - sd->len, &pos, more); + if (file->f_op && file->f_op->sendpage) + ret = file->f_op->sendpage(file, buf->page, buf->offset, + sd->len, &pos, more); + else + ret = -EINVAL; } return ret; @@ -1068,8 +1070,9 @@ static long do_splice_from(struct pipe_inode_info *pipe, struct file *out, if (unlikely(ret < 0)) return ret; - splice_write = out->f_op->splice_write; - if (!splice_write) + if (out->f_op && out->f_op->splice_write) + splice_write = out->f_op->splice_write; + else splice_write = default_file_splice_write; return splice_write(pipe, out, ppos, len, flags); @@ -1093,8 +1096,9 @@ static long do_splice_to(struct file *in, loff_t *ppos, if (unlikely(ret < 0)) return ret; - splice_read = in->f_op->splice_read; - if (!splice_read) + if (in->f_op && in->f_op->splice_read) + splice_read = in->f_op->splice_read; + else splice_read = default_file_splice_read; return splice_read(in, ppos, pipe, len, flags); @@ -1316,7 +1320,8 @@ static long do_splice(struct file *in, loff_t __user *off_in, if (off_in) return -ESPIPE; if (off_out) { - if (out->f_op->llseek == no_llseek) + if (!out->f_op || !out->f_op->llseek || + out->f_op->llseek == no_llseek) return -EINVAL; if (copy_from_user(&offset, off_out, sizeof(loff_t))) return -EFAULT; @@ -1336,7 +1341,8 @@ static long do_splice(struct file *in, loff_t __user *off_in, if (off_out) return -ESPIPE; if (off_in) { - if (in->f_op->llseek == no_llseek) + if (!in->f_op || !in->f_op->llseek || + in->f_op->llseek == no_llseek) return -EINVAL; if (copy_from_user(&offset, off_in, sizeof(loff_t))) return -EFAULT; ^ permalink raw reply related [flat|nested] 4+ messages in thread
end of thread, other threads:[~2009-10-19 9:28 UTC | newest] Thread overview: 4+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2009-10-19 7:56 PATCH: sendfile() checks f_op.sendpage() instead of f_op.splice_write() wrongly Changli Gao 2009-10-19 8:25 ` Jens Axboe 2009-10-19 8:48 ` Changli Gao 2009-10-19 9:20 ` Changli Gao
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.