splice: fix offset mangling with direct splicing (sendfile)
If the output actor doesn't transfer the full amount of data, we will increment ppos too much. Two related bugs in there: - We need to break out and return actor() retval if it is shorted than what we spliced into the pipe. - Adjust ppos only according to actor() return. Also fix loop problem in generic_file_splice_read(), it should not keep going when data has already been transferred. Signed-off-by: Jens Axboe <jens.axboe@oracle.com>
This commit is contained in:
parent
29ce20586b
commit
51a92c0f6c
34
fs/splice.c
34
fs/splice.c
|
@ -492,7 +492,7 @@ ssize_t generic_file_splice_read(struct file *in, loff_t *ppos,
|
||||||
|
|
||||||
ret = 0;
|
ret = 0;
|
||||||
spliced = 0;
|
spliced = 0;
|
||||||
while (len) {
|
while (len && !spliced) {
|
||||||
ret = __generic_file_splice_read(in, ppos, pipe, len, flags);
|
ret = __generic_file_splice_read(in, ppos, pipe, len, flags);
|
||||||
|
|
||||||
if (ret < 0)
|
if (ret < 0)
|
||||||
|
@ -1060,15 +1060,10 @@ ssize_t splice_direct_to_actor(struct file *in, struct splice_desc *sd,
|
||||||
sd->flags &= ~SPLICE_F_NONBLOCK;
|
sd->flags &= ~SPLICE_F_NONBLOCK;
|
||||||
|
|
||||||
while (len) {
|
while (len) {
|
||||||
size_t read_len, max_read_len;
|
size_t read_len;
|
||||||
|
|
||||||
/*
|
ret = do_splice_to(in, &sd->pos, pipe, len, flags);
|
||||||
* Do at most PIPE_BUFFERS pages worth of transfer:
|
if (unlikely(ret <= 0))
|
||||||
*/
|
|
||||||
max_read_len = min(len, (size_t)(PIPE_BUFFERS*PAGE_SIZE));
|
|
||||||
|
|
||||||
ret = do_splice_to(in, &sd->pos, pipe, max_read_len, flags);
|
|
||||||
if (unlikely(ret < 0))
|
|
||||||
goto out_release;
|
goto out_release;
|
||||||
|
|
||||||
read_len = ret;
|
read_len = ret;
|
||||||
|
@ -1080,26 +1075,17 @@ ssize_t splice_direct_to_actor(struct file *in, struct splice_desc *sd,
|
||||||
* could get stuck data in the internal pipe:
|
* could get stuck data in the internal pipe:
|
||||||
*/
|
*/
|
||||||
ret = actor(pipe, sd);
|
ret = actor(pipe, sd);
|
||||||
if (unlikely(ret < 0))
|
if (unlikely(ret <= 0))
|
||||||
goto out_release;
|
goto out_release;
|
||||||
|
|
||||||
bytes += ret;
|
bytes += ret;
|
||||||
len -= ret;
|
len -= ret;
|
||||||
|
|
||||||
/*
|
if (ret < read_len)
|
||||||
* In nonblocking mode, if we got back a short read then
|
goto out_release;
|
||||||
* that was due to either an IO error or due to the
|
|
||||||
* pagecache entry not being there. In the IO error case
|
|
||||||
* the _next_ splice attempt will produce a clean IO error
|
|
||||||
* return value (not a short read), so in both cases it's
|
|
||||||
* correct to break out of the loop here:
|
|
||||||
*/
|
|
||||||
if ((flags & SPLICE_F_NONBLOCK) && (read_len < max_read_len))
|
|
||||||
break;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
pipe->nrbufs = pipe->curbuf = 0;
|
pipe->nrbufs = pipe->curbuf = 0;
|
||||||
|
|
||||||
return bytes;
|
return bytes;
|
||||||
|
|
||||||
out_release:
|
out_release:
|
||||||
|
@ -1161,10 +1147,12 @@ long do_splice_direct(struct file *in, loff_t *ppos, struct file *out,
|
||||||
.pos = *ppos,
|
.pos = *ppos,
|
||||||
.u.file = out,
|
.u.file = out,
|
||||||
};
|
};
|
||||||
size_t ret;
|
long ret;
|
||||||
|
|
||||||
ret = splice_direct_to_actor(in, &sd, direct_splice_actor);
|
ret = splice_direct_to_actor(in, &sd, direct_splice_actor);
|
||||||
*ppos = sd.pos;
|
if (ret > 0)
|
||||||
|
*ppos += ret;
|
||||||
|
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue