Re: [PATCH]: splice fix opipe_prep() full check

[Jens Axboe]

On 5/20/20 6:42 PM, Jens Axboe wrote:
> The patch converting pipes to head and tail pointers mistakenly
> turned the splice pipe-to-pipe opipe check into something
> nonsensical. It's supposed to check if we have room in the pipe,
> and return success if we do. If not, wait for room in the pipe.
> Instead it's now returning success for a full pipe, and entering
> the slow path for a non-full pipe.

Forgot to CC Linus - Linus, could you pick this up, or do you want
me to queue it up. Moving to 5.6 internally at FB triggers this
pretty easily, causing a hard hang as we'll get stuck in an infinite
busy loop in splice_pipe_to_pipe().

> 
> Cc: stable@xxxxxxxxxxxxxxx
> Fixes: 8cefc107ca54 ("pipe: Use head and tail pointers for the ring, not cursor and length")
> Signed-off-by: Jens Axboe <axboe@xxxxxxxxx>
> 
> ---
> 
> I didn't check if the offending commit had other logical fumbles.
> 
> diff --git a/fs/splice.c b/fs/splice.c
> index fd0a1e7e5959..4e53efbd621d 100644
> --- a/fs/splice.c
> +++ b/fs/splice.c
> @@ -1494,7 +1494,7 @@ static int opipe_prep(struct pipe_inode_info *pipe, unsigned int flags)
>  	 * Check pipe occupancy without the inode lock first. This function
>  	 * is speculative anyways, so missing one is ok.
>  	 */
> -	if (pipe_full(pipe->head, pipe->tail, pipe->max_usage))
> +	if (!pipe_full(pipe->head, pipe->tail, pipe->max_usage))
>  		return 0;
>  
>  	ret = 0;
> 


-- 
Jens Axboe