From patchwork Thu Jun 29 15:54:29 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Howells X-Patchwork-Id: 13297121 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6F146EB64DC for ; Thu, 29 Jun 2023 15:55:15 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 0C05B8D0007; Thu, 29 Jun 2023 11:55:15 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 048B98D0006; Thu, 29 Jun 2023 11:55:14 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id E2C9F8D0007; Thu, 29 Jun 2023 11:55:14 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id D05178D0006 for ; Thu, 29 Jun 2023 11:55:14 -0400 (EDT) Received: from smtpin10.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay05.hostedemail.com (Postfix) with ESMTP id 8A0064039D for ; Thu, 29 Jun 2023 15:55:14 +0000 (UTC) X-FDA: 80956234548.10.35B4DD2 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by imf29.hostedemail.com (Postfix) with ESMTP id 90933120014 for ; Thu, 29 Jun 2023 15:55:12 +0000 (UTC) Authentication-Results: imf29.hostedemail.com; dkim=pass header.d=redhat.com header.s=mimecast20190719 header.b="T1/irE/U"; dmarc=pass (policy=none) header.from=redhat.com; spf=pass (imf29.hostedemail.com: domain of dhowells@redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=dhowells@redhat.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1688054112; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-transfer-encoding:content-transfer-encoding: in-reply-to:references:dkim-signature; bh=PJTMFc9g/FcB+GfidiZQxCNWZ+z9h8cPcCOIg+nZLcc=; b=uCJ8Y0oCt/LLva6wcRx/21o+emMOD46K4fcoJlFjFmjOyrRim9JXa2JGM/J5bx5CiixYX4 KKrjfxjRgsjZhcT+/S1Y5J/MZsPA7lYtFzm4yWTp6v1fRlk4QePVn01uujuMFNynzASLrU LvmyyIW6Xsei7NdrCI9JaN0YVOhBkAw= ARC-Authentication-Results: i=1; imf29.hostedemail.com; dkim=pass header.d=redhat.com header.s=mimecast20190719 header.b="T1/irE/U"; dmarc=pass (policy=none) header.from=redhat.com; spf=pass (imf29.hostedemail.com: domain of dhowells@redhat.com designates 170.10.133.124 as permitted sender) smtp.mailfrom=dhowells@redhat.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1688054112; a=rsa-sha256; cv=none; b=yKWZacCLlmTUuHlKMz3AGSfT2rCTLV9WxKHV79eY/1yzjdT8yFddWBdaprlSaY0zv+7vc5 Kx0Fetn2DK4DYNLnoTOBzRCq9hlJtwl+upu1bCCqbFbHeGDqYqiRsiJpz1WDmbkYfirfP/ BhvBteJIYg/gRmo903ZG95xfk9xbGVg= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1688054111; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=PJTMFc9g/FcB+GfidiZQxCNWZ+z9h8cPcCOIg+nZLcc=; b=T1/irE/UYpM+wzs9/YQASeC5ffp/sRHsBmG6We7sxThTM9kTBpJ15h/rHFfFa6EFBLNZfp vhwlwIhmeXIuw+waaNWMtOCEzNhntQu8ha+MlSaCZ9+wxQYHWnmbJVZM+JjDy2m3cuHmdR hk5UT0tx1CUjprWQfBvzTQtE3VHiN0U= Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-96-3nKpmEotMPGZC29BjvTnQw-1; Thu, 29 Jun 2023 11:55:06 -0400 X-MC-Unique: 3nKpmEotMPGZC29BjvTnQw-1 Received: from smtp.corp.redhat.com (int-mx10.intmail.prod.int.rdu2.redhat.com [10.11.54.10]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 7A3F3382C991; Thu, 29 Jun 2023 15:54:37 +0000 (UTC) Received: from warthog.procyon.org.uk.com (unknown [10.42.28.4]) by smtp.corp.redhat.com (Postfix) with ESMTP id 457474CD0C3; Thu, 29 Jun 2023 15:54:36 +0000 (UTC) From: David Howells To: netdev@vger.kernel.org Cc: David Howells , Matthew Wilcox , Dave Chinner , Matt Whitlock , Linus Torvalds , Jens Axboe , linux-fsdevel@kvack.org, linux-mm@kvack.org, linux-kernel@vger.kernel.org Subject: [RFC PATCH 0/4] splice: Fix corruption in data spliced to pipe Date: Thu, 29 Jun 2023 16:54:29 +0100 Message-ID: <20230629155433.4170837-1-dhowells@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.1 on 10.11.54.10 X-Rspam-User: X-Stat-Signature: 6hc3ssb776rrdn5qwaeu8p1gehujgzfr X-Rspamd-Server: rspam07 X-Rspamd-Queue-Id: 90933120014 X-HE-Tag: 1688054112-605308 X-HE-Meta: U2FsdGVkX19tnB9vRsIlvDrCibU/FQRvj2X7Nv1NcSwtbOhyciTfAxthhPKgn6I9fx4Xo7RVaFDQ/1w6VjL6Kh5gPko2KSwM1e6/zTuUrX7VVcSTVv3QmASGo4D79VuG1CZ1yqxut35O8zW5CKWG50zIMLVa3qWawx8/+ZoJLAc8jgEnuDMt4EF+DQPjOEviZBoOHwPYJenTJH67KEvyupS7u7onq3mxuQzpx8o6rXDB4B17seW1g9AmaAHJAd/qMV4vCD0f5aJB+amQnUUZydWaX12APUD8bMCmVyS21LeuwQyV9ZYGErrgxqoR6maPxkUz3S3CoFMUhWoHmMeTlX/UlmKqdB3es/40I9BfjIWqUXLz/PKWAGt3owpUWdeGsGDopqfJz3PmQK6hrte4AM9C94t32tju0U7KkcaNqEgjCAAVR+mUoSlxEO+RkpThhrZF/TbUH/Fu7CDN3JO0czxsAqmRkjfxwepbKMIl69GVy8tASwPjiarRv2UOlRJuhTHhJQx7v1VFuK928j1hQ4bXzXQR8OwARnqfBfG047CIZhrMaBP7sJ94YMUVl/7EyxBgErvMd1f7i/6RrN7eVHaUNNlJSUWdIK94t6OzSbj7CctxkN7wNpDwHMC5HB+OvJq7jbnTUVDOlHtY78kHowlKZGA91P2FQAQ6CIrc5T2YLSHARAUsrXU1wouK8vi9BO7t7JiIEZ/oFUTWstwGMxvK8gRl6y6IxbjExQmO3AVrNXiCHFLI+ocMjCBb/LHp0gkYGzbuchdX5azX4u6Xw6hrYQasGzJAVGUn2M545vlm6smLPT6gEAoqmzV5Zj9WaxpcT1NEPTolJk2BItbhYo6vNTKqaaVuy+f9PAa2EMvX7tBJNuWTtL/03DcEHEIssD81HP9e4zqc5V9NryVoV9axX5JqGSFdmXgOQ3h0TgY8vYmo9dbU2OPu+d/XO/K2CUgUj9gDvpSXMvFePv5 jVcguZLf Iei8GaG20WRsUw8abtjBvtWoMsSFGpaFcfqWBMcOrdyYTIGlEHWMDnARBKpRJnfSPyFs7u3bglDXdBCF1fzOWwKMx17/xny1IDy6N4g6TZQLUVg4Mcytwo483BCNrCwyyrBcO2QghMkIYoCYZfV/zlUI+0FgNkbt4hGUaNEUERUYSql7FyxdsJuHJRPolhMOufYNeoNUhsnpFmUl9AuBdfFRJpw== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Due to the way splice() and vmsplice() currently splice active pages from the pagecache or process VM into the intermediary pipe, changes to the data in those pages can occur whilst they're held in the pipe by such as write(), writing through a shared-writable mmap or using fallocate() to mangle the file[1] change the data. Matt Whitlock, Matthew Wilcox and Dave Chinner are of the opinion that data in the pipe must not be seen to change and that if it does, this is a bug. Apart from in one specific instance (vmsplice() with SPLICE_F_GIFT), the manual pages agree with them. I'm more inclined to adjust the documentation since the behaviour we have has been that way since 2005, I think. These patches attempt to fix this by stealing a page if possible and copying the data if not before splice() or vmsplice() adds it to the pipe. Whilst this does allow the code to be somewhat simplified, it also results in a loss of performance: stolen pages have to be reloaded in accessed again; more data has to be copied. Ideally, this should result in all pages in the pipe belonging solely to the pipe and so they can be removed from the pipe and spliced into pagecaches or process VM immediately with no further checking required. Note that this conversion is incomplete. It does not simplify fuse and virtio_console and it does not clean up the splicing into pipes from relayfs, watch_queue and sockets. There's also a bug in the vmsplice() page stealing. It mostly works but after splicing a bunch of pages, it will oops somewhere in the interval tree's macros. I've pushed the patches here also: https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/log/?h=splice-fix-corruption David Link: https://lore.kernel.org/r/ec804f26-fa76-4fbe-9b1c-8fbbd829b735@mattwhitlock.name/ [1] David Howells (4): splice: Fix corruption of spliced data after splice() returns splice: Make vmsplice() steal or copy splice: Remove some now-unused bits splice: Record some statistics fs/fuse/dev.c | 37 ----- fs/pipe.c | 12 -- fs/splice.c | 304 ++++++++++++++++++-------------------- include/linux/pipe_fs_i.h | 14 -- include/linux/splice.h | 4 +- mm/filemap.c | 98 +++++++++++- mm/internal.h | 4 +- mm/shmem.c | 8 +- 8 files changed, 245 insertions(+), 236 deletions(-)