From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1751286AbdAMUQj (ORCPT <rfc822;w@1wt.eu>);
        Fri, 13 Jan 2017 15:16:39 -0500
Received: from zeniv.linux.org.uk ([195.92.253.2]:56336 "EHLO
        ZenIV.linux.org.uk" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1750923AbdAMUQh (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 13 Jan 2017 15:16:37 -0500
Date: Fri, 13 Jan 2017 20:16:35 +0000
From: Al Viro <viro@ZenIV.linux.org.uk>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: "Alan J. Wylie" <alan@wylie.me.uk>,
        Thorsten Leemhuis <regressions@leemhuis.info>,
        linux-kernel <linux-kernel@vger.kernel.org>
Subject: Re: 4.9.0 regression in pipe-backed iov_iter with systemd-nspawn
Message-ID: <20170113201635.GR1555@ZenIV.linux.org.uk>
References: <CA+55aFy+sj1SmPrTPAon-=M=DRtiS5ak0DJtQe0TMBU3sMJ0kg@mail.gmail.com>
 <22648.1838.747474.51727@wylie.me.uk>
 <CA+55aFybndhA_RPd6gAPmbYYzOL5Le1tCjb2GYVGgFVU8xoD+g@mail.gmail.com>
 <22648.32903.752857.203733@wylie.me.uk>
 <20170113093359.GJ1555@ZenIV.linux.org.uk>
 <22648.41914.351371.678606@wylie.me.uk>
 <20170113102019.GK1555@ZenIV.linux.org.uk>
 <20170113111842.GL1555@ZenIV.linux.org.uk>
 <CA+55aFw0T1wARr8kLvcuHkA4bDE+YJ18wKtPaxc1vFHWPgfQQg@mail.gmail.com>
 <CA+55aFx8hPMx033K6E1Jz0zjx0uM0g_h-Un=mGyQMfWW-7w4fw@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <CA+55aFx8hPMx033K6E1Jz0zjx0uM0g_h-Un=mGyQMfWW-7w4fw@mail.gmail.com>
User-Agent: Mutt/1.7.1 (2016-10-04)
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Fri, Jan 13, 2017 at 12:08:44PM -0800, Linus Torvalds wrote:
> On Fri, Jan 13, 2017 at 11:33 AM, Linus Torvalds
> <torvalds@linux-foundation.org> wrote:
> > This function looks so broken that I must be missing something. Why
> > doesn't pipe_advance() just look like the following:
> >
> >   static void pipe_advance(struct iov_iter *i, size_t size)
> >   {
> ...
> >                 pipe_buf_release(pipe, buf);
> >                 pipe->nrbufs--;
> ...
> 
> I think this part needs to update "curbufs" too, so something like
> 
>                 pipe->curbuf = (pipe->curbuf + 1) & (pipe->buffers - 1);
> 
> although I think that "idx" has to track curbuf here anyway, so I
> guess it could just be combined with the idx update and look something
> like
> 
>                 pipe->curbuf = idx = next_idx(idx, pipe);
> 
> in there. Otherwise we get out of sync with the pipe state.

You are looking at the wrong end of that cyclic buffer.  ->curbuf is where
the data begins (and it might be well prior to anything we'd pushed there -
pipe might've been non-empty).  Then we have ->nrbufs allocated buffers and
i->idx points to the place where copy_to_iter() will put the data.

We want pipe_advance() to
	* move the point where copy_to_iter() would go by this much
	* free all preallocated buffers past that point.

->curbuf is for pipe readers; we are dealing with writing to pipe here.