From 23c832b10ca9ab2685d7d3e0990800ffc846fc92 Mon Sep 17 00:00:00 2001 From: Al Viro Date: Wed, 12 Oct 2016 19:23:50 -0400 Subject: [PATCH 1/4] remove spd_release_page() no users left Signed-off-by: Al Viro --- fs/splice.c | 5 ----- include/linux/splice.h | 1 - 2 files changed, 6 deletions(-) diff --git a/fs/splice.c b/fs/splice.c index 873d83104e79..bf17a92e26c3 100644 --- a/fs/splice.c +++ b/fs/splice.c @@ -244,11 +244,6 @@ ssize_t add_to_pipe(struct pipe_inode_info *pipe, struct pipe_buffer *buf) } EXPORT_SYMBOL(add_to_pipe); -void spd_release_page(struct splice_pipe_desc *spd, unsigned int i) -{ - put_page(spd->pages[i]); -} - /* * Check if we need to grow the arrays holding pages and partial page * descriptions. diff --git a/include/linux/splice.h b/include/linux/splice.h index 00a21166e268..647243bdd9d7 100644 --- a/include/linux/splice.h +++ b/include/linux/splice.h @@ -82,7 +82,6 @@ extern ssize_t splice_direct_to_actor(struct file *, struct splice_desc *, */ extern int splice_grow_spd(const struct pipe_inode_info *, struct splice_pipe_desc *); extern void splice_shrink_spd(struct splice_pipe_desc *); -extern void spd_release_page(struct splice_pipe_desc *, unsigned int); extern const struct pipe_buf_operations page_cache_pipe_buf_ops; extern const struct pipe_buf_operations default_pipe_buf_ops; From f81dc7d7d5a2528f98f26a0b9406e822d0b35011 Mon Sep 17 00:00:00 2001 From: Al Viro Date: Mon, 31 Oct 2016 16:47:15 -0400 Subject: [PATCH 2/4] splice_pipe_desc: kill ->flags no users left Signed-off-by: Al Viro --- include/linux/splice.h | 1 - kernel/relay.c | 1 - kernel/trace/trace.c | 2 -- net/core/skbuff.c | 1 - 4 files changed, 5 deletions(-) diff --git a/include/linux/splice.h b/include/linux/splice.h index 647243bdd9d7..3c98dad93bf3 100644 --- a/include/linux/splice.h +++ b/include/linux/splice.h @@ -55,7 +55,6 @@ struct splice_pipe_desc { struct partial_page *partial; /* pages[] may not be contig */ int nr_pages; /* number of populated pages in map */ unsigned int nr_pages_max; /* pages[] & partial[] arrays size */ - unsigned int flags; /* splice flags */ const struct pipe_buf_operations *ops;/* ops associated with output pipe */ void (*spd_release)(struct splice_pipe_desc *, unsigned int); }; diff --git a/kernel/relay.c b/kernel/relay.c index 8f18d314a96a..9b48284eac56 100644 --- a/kernel/relay.c +++ b/kernel/relay.c @@ -1212,7 +1212,6 @@ static ssize_t subbuf_splice_actor(struct file *in, .nr_pages = 0, .nr_pages_max = PIPE_DEF_BUFFERS, .partial = partial, - .flags = flags, .ops = &relay_pipe_buf_ops, .spd_release = relay_page_release, }; diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c index d7449783987a..77c2d9bcb40f 100644 --- a/kernel/trace/trace.c +++ b/kernel/trace/trace.c @@ -5536,7 +5536,6 @@ static ssize_t tracing_splice_read_pipe(struct file *filp, .partial = partial_def, .nr_pages = 0, /* This gets updated below. */ .nr_pages_max = PIPE_DEF_BUFFERS, - .flags = flags, .ops = &tracing_pipe_buf_ops, .spd_release = tracing_spd_release_pipe, }; @@ -6434,7 +6433,6 @@ tracing_buffers_splice_read(struct file *file, loff_t *ppos, .pages = pages_def, .partial = partial_def, .nr_pages_max = PIPE_DEF_BUFFERS, - .flags = flags, .ops = &buffer_pipe_buf_ops, .spd_release = buffer_spd_release, }; diff --git a/net/core/skbuff.c b/net/core/skbuff.c index 5a03730fbc1a..0835ac93a4b1 100644 --- a/net/core/skbuff.c +++ b/net/core/skbuff.c @@ -1976,7 +1976,6 @@ int skb_splice_bits(struct sk_buff *skb, struct sock *sk, unsigned int offset, .pages = pages, .partial = partial, .nr_pages_max = MAX_SKB_FRAGS, - .flags = flags, .ops = &nosteal_pipe_buf_ops, .spd_release = sock_spd_release, }; From 3d6ea290f337cc64cf44290482e36306fc8aaa31 Mon Sep 17 00:00:00 2001 From: Al Viro Date: Sat, 10 Dec 2016 13:17:32 -0500 Subject: [PATCH 3/4] splice/tee/vmsplice: validate flags Long overdue... Signed-off-by: Al Viro --- fs/splice.c | 8 ++++++++ include/linux/splice.h | 2 ++ 2 files changed, 10 insertions(+) diff --git a/fs/splice.c b/fs/splice.c index bf17a92e26c3..1af65632c371 100644 --- a/fs/splice.c +++ b/fs/splice.c @@ -1351,6 +1351,8 @@ SYSCALL_DEFINE4(vmsplice, int, fd, const struct iovec __user *, iov, struct fd f; long error; + if (unlikely(flags & ~SPLICE_F_ALL)) + return -EINVAL; if (unlikely(nr_segs > UIO_MAXIOV)) return -EINVAL; else if (unlikely(!nr_segs)) @@ -1401,6 +1403,9 @@ SYSCALL_DEFINE6(splice, int, fd_in, loff_t __user *, off_in, if (unlikely(!len)) return 0; + if (unlikely(flags & ~SPLICE_F_ALL)) + return -EINVAL; + error = -EBADF; in = fdget(fd_in); if (in.file) { @@ -1729,6 +1734,9 @@ SYSCALL_DEFINE4(tee, int, fdin, int, fdout, size_t, len, unsigned int, flags) struct fd in; int error; + if (unlikely(flags & ~SPLICE_F_ALL)) + return -EINVAL; + if (unlikely(!len)) return 0; diff --git a/include/linux/splice.h b/include/linux/splice.h index 3c98dad93bf3..db42746bdfea 100644 --- a/include/linux/splice.h +++ b/include/linux/splice.h @@ -20,6 +20,8 @@ #define SPLICE_F_MORE (0x04) /* expect more data */ #define SPLICE_F_GIFT (0x08) /* pages passed in are a gift */ +#define SPLICE_F_ALL (SPLICE_F_MOVE|SPLICE_F_NONBLOCK|SPLICE_F_MORE|SPLICE_F_GIFT) + /* * Passed to the actors */ From 13c0f52beb6310b9c08804c0929901f70abd211a Mon Sep 17 00:00:00 2001 From: Al Viro Date: Sat, 10 Dec 2016 13:20:53 -0500 Subject: [PATCH 4/4] make nr_pages calculation in default_file_splice_read() a bit less ugly It's an artifact of lousy calling conventions of iov_iter_get_pages_alloc(). Hopefully, we'll get something saner come next cycle; for now that'll do. Signed-off-by: Al Viro --- fs/splice.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/fs/splice.c b/fs/splice.c index 1af65632c371..712bc902e414 100644 --- a/fs/splice.c +++ b/fs/splice.c @@ -385,7 +385,7 @@ static ssize_t default_file_splice_read(struct file *in, loff_t *ppos, struct iov_iter to; struct page **pages; unsigned int nr_pages; - size_t offset, dummy, copied = 0; + size_t offset, base, copied = 0; ssize_t res; int i; @@ -400,12 +400,11 @@ static ssize_t default_file_splice_read(struct file *in, loff_t *ppos, iov_iter_pipe(&to, ITER_PIPE | READ, pipe, len + offset); - res = iov_iter_get_pages_alloc(&to, &pages, len + offset, &dummy); + res = iov_iter_get_pages_alloc(&to, &pages, len + offset, &base); if (res <= 0) return -ENOMEM; - BUG_ON(dummy); - nr_pages = DIV_ROUND_UP(res, PAGE_SIZE); + nr_pages = DIV_ROUND_UP(res + base, PAGE_SIZE); vec = __vec; if (nr_pages > PIPE_DEF_BUFFERS) {