[1/1] backing-file: covert to using fops->splice_write

Message ID	20240705081642.12032-1-ed.tsai@mediatek.com (mailing list archive)
State	New
Headers	show Received: from mailgw01.mediatek.com (unknown [60.244.123.138]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1C54F2BD18; Fri, 5 Jul 2024 08:17:40 +0000 (UTC) From: <ed.tsai@mediatek.com> To: Miklos Szeredi <miklos@szeredi.hu>, Amir Goldstein <amir73il@gmail.com>, Alexander Viro <viro@zeniv.linux.org.uk>, Christian Brauner <brauner@kernel.org>, Jan Kara <jack@suse.cz>, Matthias Brugger <matthias.bgg@gmail.com>, AngeloGioacchino Del Regno <angelogioacchino.delregno@collabora.com> CC: <wsd_upstream@mediatek.com>, <chun-hung.wu@mediatek.com>, <casper.li@mediatek.com>, Ed Tsai <ed.tsai@mediatek.com>, <linux-fsdevel@vger.kernel.org>, <linux-unionfs@vger.kernel.org>, <linux-kernel@vger.kernel.org>, <linux-arm-kernel@lists.infradead.org>, <linux-mediatek@lists.infradead.org> Subject: [PATCH 1/1] backing-file: covert to using fops->splice_write Date: Fri, 5 Jul 2024 16:16:39 +0800 Message-ID: <20240705081642.12032-1-ed.tsai@mediatek.com> Precedence: bulk MIME-Version: 1.0 Content-Type: text/plain
Series	[1/1] backing-file: covert to using fops->splice_write \| expand [1/1] backing-file: covert to using fops->splice_write

Message ID

20240705081642.12032-1-ed.tsai@mediatek.com (mailing list archive)

State

New

Headers

From: <ed.tsai@mediatek.com>
To: Miklos Szeredi <miklos@szeredi.hu>, Amir Goldstein <amir73il@gmail.com>,
	Alexander Viro <viro@zeniv.linux.org.uk>, Christian Brauner
	<brauner@kernel.org>, Jan Kara <jack@suse.cz>, Matthias Brugger
	<matthias.bgg@gmail.com>, AngeloGioacchino Del Regno
	<angelogioacchino.delregno@collabora.com>
CC: <wsd_upstream@mediatek.com>, <chun-hung.wu@mediatek.com>,
	<casper.li@mediatek.com>, Ed Tsai <ed.tsai@mediatek.com>,
	<linux-fsdevel@vger.kernel.org>, <linux-unionfs@vger.kernel.org>,
	<linux-kernel@vger.kernel.org>, <linux-arm-kernel@lists.infradead.org>,
	<linux-mediatek@lists.infradead.org>
Subject: [PATCH 1/1] backing-file: covert to using fops->splice_write
Date: Fri, 5 Jul 2024 16:16:39 +0800
Message-ID: <20240705081642.12032-1-ed.tsai@mediatek.com>
Precedence: bulk
MIME-Version: 1.0
Content-Type: text/plain

Series

[1/1] backing-file: covert to using fops->splice_write | expand

Commit Message

Ed Tsai (蔡宗軒) July 5, 2024, 8:16 a.m. UTC

From: Ed Tsai <ed.tsai@mediatek.com>

Filesystems may define their own splice write. Therefore, use file
fops instead of invoking iter_file_splice_write() directly.

Signed-off-by: Ed Tsai <ed.tsai@mediatek.com>
---
 fs/backing-file.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

Comments

Ed Tsai (蔡宗軒) July 5, 2024, 8:20 a.m. UTC | #1

On Fri, 2024-07-05 at 16:16 +0800, ed.tsai@mediatek.com wrote:
> From: Ed Tsai <ed.tsai@mediatek.com>
> 
> Filesystems may define their own splice write. Therefore, use file
> fops instead of invoking iter_file_splice_write() directly.
> 
> Signed-off-by: Ed Tsai <ed.tsai@mediatek.com>
> ---
>  fs/backing-file.c | 5 ++++-
>  1 file changed, 4 insertions(+), 1 deletion(-)
> 
> diff --git a/fs/backing-file.c b/fs/backing-file.c
> index 740185198db3..687a7fae7d25 100644
> --- a/fs/backing-file.c
> +++ b/fs/backing-file.c
> @@ -280,13 +280,16 @@ ssize_t backing_file_splice_write(struct
> pipe_inode_info *pipe,
>  	if (WARN_ON_ONCE(!(out->f_mode & FMODE_BACKING)))
>  		return -EIO;
>  
> +	if (out->f_op->splice_write)
> +		return -EINVAL;
> +
>  	ret = file_remove_privs(ctx->user_file);
>  	if (ret)
>  		return ret;
>  
>  	old_cred = override_creds(ctx->cred);
>  	file_start_write(out);
> -	ret = iter_file_splice_write(pipe, out, ppos, len, flags);
> +	ret = out->f_op->splice_write(pipe, out, ppos, len, flags);
>  	file_end_write(out);
>  	revert_creds(old_cred);
>  

s/covert/convert/ for subject

Amir Goldstein July 5, 2024, 12:27 p.m. UTC | #2

On Fri, Jul 5, 2024 at 11:17 AM <ed.tsai@mediatek.com> wrote:
>
> From: Ed Tsai <ed.tsai@mediatek.com>
>
> Filesystems may define their own splice write. Therefore, use file
> fops instead of invoking iter_file_splice_write() directly.

This looks sane, but can you share the scenario where you ran into this?
or did you find this via code audit?

I can think of these cases:
1. overlayfs with fuse (virtiofs) upper
2. fuse passthrough over fuse
3. fuse passthrough over overlayfs
4. fuse passthrough over gfs2 or some out of tree fs

The first two will not cause any harm,
In case #3, according to the comment above ovl_splice_write()
the current code could even deadlock.

So do you have a reproduction?

Thanks,
Amir.

>
> Signed-off-by: Ed Tsai <ed.tsai@mediatek.com>
> ---
>  fs/backing-file.c | 5 ++++-
>  1 file changed, 4 insertions(+), 1 deletion(-)
>
> diff --git a/fs/backing-file.c b/fs/backing-file.c
> index 740185198db3..687a7fae7d25 100644
> --- a/fs/backing-file.c
> +++ b/fs/backing-file.c
> @@ -280,13 +280,16 @@ ssize_t backing_file_splice_write(struct pipe_inode_info *pipe,
>         if (WARN_ON_ONCE(!(out->f_mode & FMODE_BACKING)))
>                 return -EIO;
>
> +       if (out->f_op->splice_write)
> +               return -EINVAL;
> +
>         ret = file_remove_privs(ctx->user_file);
>         if (ret)
>                 return ret;
>
>         old_cred = override_creds(ctx->cred);
>         file_start_write(out);
> -       ret = iter_file_splice_write(pipe, out, ppos, len, flags);
> +       ret = out->f_op->splice_write(pipe, out, ppos, len, flags);
>         file_end_write(out);
>         revert_creds(old_cred);
>
> --
> 2.18.0
>

Matthew Wilcox July 7, 2024, 8:42 p.m. UTC | #3

On Fri, Jul 05, 2024 at 04:16:39PM +0800, ed.tsai@mediatek.com wrote:
> +++ b/fs/backing-file.c
> @@ -280,13 +280,16 @@ ssize_t backing_file_splice_write(struct pipe_inode_info *pipe,
>  	if (WARN_ON_ONCE(!(out->f_mode & FMODE_BACKING)))
>  		return -EIO;
>  
> +	if (out->f_op->splice_write)
> +		return -EINVAL;

Umm ... shouldn't this have been !out->f_op->splice_write?

>  	ret = file_remove_privs(ctx->user_file);
>  	if (ret)
>  		return ret;
>  
>  	old_cred = override_creds(ctx->cred);
>  	file_start_write(out);
> -	ret = iter_file_splice_write(pipe, out, ppos, len, flags);
> +	ret = out->f_op->splice_write(pipe, out, ppos, len, flags);
>  	file_end_write(out);
>  	revert_creds(old_cred);
>  
> -- 
> 2.18.0
> 
>

Ed Tsai (蔡宗軒) July 7, 2024, 11:52 p.m. UTC | #4

On Fri, 2024-07-05 at 15:27 +0300, Amir Goldstein wrote:
>  	 
> External email : Please do not click links or open attachments until
> you have verified the sender or the content.
>  On Fri, Jul 5, 2024 at 11:17 AM <ed.tsai@mediatek.com> wrote:
> >
> > From: Ed Tsai <ed.tsai@mediatek.com>
> >
> > Filesystems may define their own splice write. Therefore, use file
> > fops instead of invoking iter_file_splice_write() directly.
> 
> This looks sane, but can you share the scenario where you ran into
> this?
> or did you find this via code audit?
> 
> I can think of these cases:
> 1. overlayfs with fuse (virtiofs) upper
> 2. fuse passthrough over fuse
> 3. fuse passthrough over overlayfs
> 4. fuse passthrough over gfs2 or some out of tree fs
> 
> The first two will not cause any harm,
> In case #3, according to the comment above ovl_splice_write()
> the current code could even deadlock.
> 
> So do you have a reproduction?
> 
> Thanks,
> Amir.

I came across this while checking what's new in the next LTS kernel.

This appears to be taken from overlayfs, and currently, no one has
encountered any issus about this.



On Sun, 2024-07-07 at 21:42 +0100, Matthew Wilcox wrote:
> On Fri, Jul 05, 2024 at 04:16:39PM +0800, ed.tsai@mediatek.com wrote:
> > +++ b/fs/backing-file.c
> > @@ -280,13 +280,16 @@ ssize_t backing_file_splice_write(struct
> pipe_inode_info *pipe,
> >  if (WARN_ON_ONCE(!(out->f_mode & FMODE_BACKING)))
> >  return -EIO;
> >  
> > +if (out->f_op->splice_write)
> > +return -EINVAL;
> 
> Umm ... shouldn't this have been !out->f_op->splice_write?
> 

OMG... This is the wrong version. I will send the correct on later.

> >  ret = file_remove_privs(ctx->user_file);
> >  if (ret)
> >  return ret;
> >  
> >  old_cred = override_creds(ctx->cred);
> >  file_start_write(out);
> > -ret = iter_file_splice_write(pipe, out, ppos, len, flags);
> > +ret = out->f_op->splice_write(pipe, out, ppos, len, flags);
> >  file_end_write(out);
> >  revert_creds(old_cred);
> >  
> > -- 
> > 2.18.0
> > 
> > 
>

diff --git a/fs/backing-file.c b/fs/backing-file.c
index 740185198db3..687a7fae7d25 100644
--- a/fs/backing-file.c
+++ b/fs/backing-file.c
@@ -280,13 +280,16 @@  ssize_t backing_file_splice_write(struct pipe_inode_info *pipe,
 	if (WARN_ON_ONCE(!(out->f_mode & FMODE_BACKING)))
 		return -EIO;
 
+	if (out->f_op->splice_write)
+		return -EINVAL;
+
 	ret = file_remove_privs(ctx->user_file);
 	if (ret)
 		return ret;
 
 	old_cred = override_creds(ctx->cred);
 	file_start_write(out);
-	ret = iter_file_splice_write(pipe, out, ppos, len, flags);
+	ret = out->f_op->splice_write(pipe, out, ppos, len, flags);
 	file_end_write(out);
 	revert_creds(old_cred);

[1/1] backing-file: covert to using fops->splice_write

Commit Message

Comments

Patch