From: "David Hildenbrand (Arm)" <david@kernel.org>
To: Joanne Koong <joannelkoong@gmail.com>,
Askar Safin <safinaskar@gmail.com>
Cc: akpm@linux-foundation.org, axboe@kernel.dk, bernd@bsbernd.com,
brauner@kernel.org, dhowells@redhat.com,
fuse-devel@lists.linux.dev, hch@infradead.org, jack@suse.cz,
linux-api@vger.kernel.org, linux-fsdevel@vger.kernel.org,
linux-kernel@vger.kernel.org, linux-mm@kvack.org,
miklos@szeredi.hu, netdev@vger.kernel.org,
patches@lists.linux.dev, pfalcato@suse.de, rostedt@goodmis.org,
torvalds@linux-foundation.org, val@packett.cool,
viro@zeniv.linux.org.uk, willy@infradead.org
Subject: Re: [PATCH 0/3] vmsplice: make vmsplice a trivial wrapper for preadv2/pwritev2
Date: Tue, 16 Jun 2026 09:38:14 +0200 [thread overview]
Message-ID: <cae757f2-4e29-48ae-b4b4-90944552a2aa@kernel.org> (raw)
In-Reply-To: <CAJnrk1Z_V8TShvWV6zwTMQqXra3J4J5CL5ofFMm9DGoLj9whEw@mail.gmail.com>
On 6/16/26 08:38, Joanne Koong wrote:
> On Mon, Jun 15, 2026 at 9:15 PM Askar Safin <safinaskar@gmail.com> wrote:
>>
>> Joanne Koong <joannelkoong@gmail.com>:
>>>
>>> I think this is because of how libfuse handles eof / short reads. When
>>> it detects a short read, it fixes up the header length after the
>>> header was already vmspliced to the pipe because it assumes vmsplice
>>> mapped the header's page into the pipe by reference. It assumes that
>>> modifying the header length in place gets then reflected in what the
>>> pipe later splices out.
>>>
>>> The logic for this happens in fuse_send_data_iov() [1]:
>>> a) sets out->len = headerlen (16) + len (16384) = 16400 in the
>>> stack-allocated fuse_out_header
>>> b) vmsplices the header to the pipe
>>> c) splices the backing file to the pipe. if this hits EOF, it'll get
>>> back 15510 instead of 16384
>>> d) detects the short read [2], fixes up the stack out->len = 16 + 15510 = 15526
>>> e) splices the pipe to /dev/fuse
>>>
>>> After this patch, step b) is a straight copy which means step d)'s
>>> fixup doesn't modify what's in the pipe. This could be fixed up in
>>> libfuse to not depend on modify-after-vmsplice, but I don't think this
>>> helps for applications using already-released libfuse versions. I
>>> think this patch needs to be reverted.
>>>
>>> Thanks,
>>> Joanne
>>>
>>> [1] https://github.com/libfuse/libfuse/blob/master/lib/fuse_lowlevel.c#L846
>>> [2] https://github.com/libfuse/libfuse/blob/master/lib/fuse_lowlevel.c#L956
>>
>> Uh, this is very unfortunate. But I still want to remove vmsplice.
>> Maybe we can somehow save my patchsets? For example, let's return EINVAL
>> for this particular combination (writable pipe + SPLICE_F_NONBLOCK).
>
> writable pipe + SPLICE_F_NONBLOCK is a valid vmsplice call today, so I
> think returning -EINVAL would still cause regressions.
I recall that, after the vmsplice vs. fork security issue happened, vmsplice was
blocked in some container runtimes. e.g., [1] still seems to disable it, added
in 2021 [2].
So maybe one could at least assume that many containerized workloads should be
able to deal with vmsplice not being available nowadays. But in the general case
I'm afraid Joanne is right.
[1] https://github.com/containers/common/blob/main/pkg/seccomp/seccomp.json
[2]
https://github.com/containers/common/commit/7ced5daafa0e36102eb931050ba3ff99f42bdfac
--
Cheers,
David
next prev parent reply other threads:[~2026-06-16 7:38 UTC|newest]
Thread overview: 103+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-05-31 1:01 [PATCH 0/3] vmsplice: make vmsplice a trivial wrapper for preadv2/pwritev2 Askar Safin
2026-05-31 1:01 ` [PATCH 1/3] tee: fs/splice.c: remove unused parameter "flags" from "link_pipe" Askar Safin
2026-05-31 1:01 ` [PATCH 2/3] vmsplice: make vmsplice a trivial wrapper for preadv2/pwritev2 Askar Safin
2026-06-03 20:56 ` Stefan Metzmacher
2026-06-03 21:17 ` Askar Safin
2026-06-04 9:06 ` David Laight
2026-06-04 14:17 ` Linus Torvalds
2026-06-04 17:38 ` David Laight
2026-06-04 19:30 ` Linus Torvalds
2026-06-04 21:32 ` David Laight
2026-06-04 21:42 ` Linus Torvalds
2026-06-05 9:32 ` Florian Weimer
2026-06-05 15:54 ` Linus Torvalds
2026-06-05 16:27 ` Linus Torvalds
2026-06-05 16:30 ` Florian Weimer
2026-06-05 17:12 ` Linus Torvalds
2026-06-06 9:16 ` David Laight
2026-06-05 1:57 ` Nathan Chancellor
2026-06-05 8:23 ` David Laight
2026-06-04 23:25 ` Askar Safin
2026-06-05 11:02 ` Mark Brown
2026-06-05 16:02 ` Linus Torvalds
2026-06-05 16:26 ` Mark Brown
2026-06-05 17:21 ` David Hildenbrand (Arm)
2026-06-08 17:19 ` Alexander Gordeev
2026-06-08 18:42 ` David Hildenbrand (Arm)
2026-06-16 0:36 ` Askar Safin
2026-05-31 1:01 ` [PATCH 3/3] splice: remove PIPE_BUF_FLAG_GIFT Askar Safin
2026-05-31 8:54 ` [PATCH 0/3] vmsplice: make vmsplice a trivial wrapper for preadv2/pwritev2 Pedro Falcato
2026-05-31 21:21 ` Askar Safin
2026-06-01 16:16 ` Christian Brauner
2026-06-02 21:12 ` Askar Safin
2026-06-02 21:37 ` Pedro Falcato
2026-06-02 22:06 ` Linus Torvalds
2026-06-02 22:41 ` Pedro Falcato
2026-06-02 23:07 ` Askar Safin
2026-06-02 22:54 ` Askar Safin
2026-06-03 0:05 ` Linus Torvalds
2026-06-03 1:08 ` Askar Safin
2026-06-03 3:51 ` Andy Lutomirski
2026-06-03 4:20 ` Linus Torvalds
2026-06-03 6:45 ` Christian Brauner
2026-06-03 13:40 ` Christian Brauner
2026-06-03 15:26 ` Linus Torvalds
2026-06-03 18:10 ` Andy Lutomirski
2026-06-03 18:28 ` Linus Torvalds
2026-06-03 19:22 ` David Howells
2026-06-03 19:59 ` Linus Torvalds
2026-06-03 21:31 ` Andy Lutomirski
2026-06-03 21:36 ` Linus Torvalds
2026-06-03 21:38 ` Linus Torvalds
2026-06-03 22:23 ` Andy Lutomirski
2026-06-03 22:53 ` Linus Torvalds
2026-06-05 15:15 ` Stefan Metzmacher
2026-06-05 15:58 ` Linus Torvalds
2026-06-10 5:14 ` Herbert Xu
2026-06-10 14:17 ` Linus Torvalds
2026-06-10 5:09 ` Herbert Xu
2026-06-10 9:55 ` David Laight
2026-06-03 22:43 ` Askar Safin
2026-06-03 22:49 ` Andy Lutomirski
2026-06-03 23:00 ` Askar Safin
2026-06-04 0:01 ` Linus Torvalds
2026-06-03 18:12 ` Jakub Kicinski
2026-06-05 9:43 ` Stefan Metzmacher
2026-06-05 12:19 ` David Laight
2026-06-05 15:20 ` Stefan Metzmacher
2026-06-06 10:22 ` David Laight
2026-06-03 11:43 ` Pedro Falcato
2026-06-03 18:14 ` Jakub Kicinski
2026-06-01 3:11 ` Andy Lutomirski
2026-06-01 15:36 ` Matthew Wilcox
2026-06-01 15:50 ` Linus Torvalds
2026-06-01 16:17 ` Christian Brauner
2026-06-01 16:22 ` Linus Torvalds
2026-06-03 19:24 ` David Howells
2026-06-01 16:23 ` Christian Brauner
2026-06-01 17:17 ` Linus Torvalds
2026-06-01 17:33 ` Al Viro
2026-06-01 20:04 ` Steven Rostedt
2026-06-02 0:28 ` Andrew Morton
2026-06-02 8:25 ` David Hildenbrand (Arm)
2026-06-02 18:44 ` Eric Biggers
2026-06-03 7:50 ` David Hildenbrand (Arm)
2026-06-04 6:32 ` Willy Tarreau
2026-06-04 14:31 ` Linus Torvalds
2026-06-04 15:53 ` Willy Tarreau
2026-06-04 15:58 ` Linus Torvalds
2026-06-04 16:15 ` Willy Tarreau
2026-06-05 15:41 ` Willy Tarreau
2026-06-05 20:54 ` The 8472
2026-06-04 15:53 ` Andy Lutomirski
2026-06-04 16:09 ` Willy Tarreau
2026-06-04 17:25 ` Andy Lutomirski
2026-06-03 9:57 ` Miklos Szeredi
2026-06-15 6:25 ` Val Packett
2026-06-15 13:11 ` Joanne Koong
2026-06-16 1:15 ` Askar Safin
2026-06-16 6:38 ` Joanne Koong
2026-06-16 7:38 ` David Hildenbrand (Arm) [this message]
2026-06-05 8:35 ` Collin Funk
2026-06-04 0:45 ` [PATCH 0/3] vmsplice: make vmsplice a trivial wrapper for preadv2/pwritev2 Askar Safin
2026-06-04 1:52 ` Linus Torvalds
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cae757f2-4e29-48ae-b4b4-90944552a2aa@kernel.org \
--to=david@kernel.org \
--cc=akpm@linux-foundation.org \
--cc=axboe@kernel.dk \
--cc=bernd@bsbernd.com \
--cc=brauner@kernel.org \
--cc=dhowells@redhat.com \
--cc=fuse-devel@lists.linux.dev \
--cc=hch@infradead.org \
--cc=jack@suse.cz \
--cc=joannelkoong@gmail.com \
--cc=linux-api@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=miklos@szeredi.hu \
--cc=netdev@vger.kernel.org \
--cc=patches@lists.linux.dev \
--cc=pfalcato@suse.de \
--cc=rostedt@goodmis.org \
--cc=safinaskar@gmail.com \
--cc=torvalds@linux-foundation.org \
--cc=val@packett.cool \
--cc=viro@zeniv.linux.org.uk \
--cc=willy@infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox