splice: __generic_file_splice_read: fix read/truncate race

Original patch and description from Neil Brown <neilb@suse.de>, merged and adapted to splice branch by me. Neils text follows: __generic_file_splice_read() currently samples the i_size at the start and doesn't do so again unless it needs to call ->readpage to load a page. After ->readpage it has to re-sample i_size as a truncate may have caused that page to be filled with zeros, and the read() call should not see these. However there are other activities that might cause ->readpage to be called on a page between the time that __generic_file_splice_read() samples i_size and when it finds that it has an uptodate page. These include at least read-ahead and possibly another thread performing a read So we must sample i_size *after* it has an uptodate page. Thus the current sampling at the start and after a read can be replaced with a sampling before page addition into spd. Signed-off-by: Jens Axboe <jens.axboe@oracle.com>
author: Jens Axboe <jens.axboe@oracle.com> 2007-06-07 03:39:42 -0400
committer: Jens Axboe <jens.axboe@oracle.com> 2007-06-08 02:34:11 -0400
commit: 620a324b744a7d66c3c45a83042f8e7fc9fc5a04 (patch)
tree: 07bf593206a2f38a28ba97811572d036c32b7927 /fs
parent: 475ecade683566b19ebb84972de864039ac5fce3 (diff)
1 files changed, 23 insertions, 23 deletions
diff --git a/fs/splice.c b/fs/splice.c
index 123fcdb2e4d9..cb211360273a 100644
--- a/fs/splice.c
+++ b/fs/splice.c
@@ -413,37 +413,37 @@ __generic_file_splice_read(struct file *in, loff_t *ppos,
                                break;
                        }
+                }
+fill_it:
+                /*
+                 * i_size must be checked after PageUptodate.
+                 */
+                isize = i_size_read(mapping->host);
+                end_index = (isize - 1) >> PAGE_CACHE_SHIFT;
+                if (unlikely(!isize || index > end_index))
+                        break;
+                /*
+                 * if this is the last page, see if we need to shrink
+                 * the length and stop
+                 */
+                if (end_index == index) {
+                        unsigned int plen;
                        /*
-                         * i_size must be checked after ->readpage().
+                         * max good bytes in this page
                         */
-                        isize = i_size_read(mapping->host);
+                        plen = ((isize - 1) & ~PAGE_CACHE_MASK) + 1;
-                        end_index = (isize - 1) >> PAGE_CACHE_SHIFT;
+                        if (plen <= loff)
-                        if (unlikely(!isize || index > end_index))
                                break;
                        /*
-                         * if this is the last page, see if we need to shrink
+                         * force quit after adding this page
-                         * the length and stop
                         */
-                        if (end_index == index) {
+                        this_len = min(this_len, plen - loff);
-                                unsigned int plen;
+                        len = this_len;
-                                /*
-                                 * max good bytes in this page
-                                 */
-                                plen = ((isize - 1) & ~PAGE_CACHE_MASK) + 1;
-                                if (plen <= loff)
-                                        break;
-                                /*
-                                 * force quit after adding this page
-                                 */
-                                this_len = min(this_len, plen - loff);
-                                len = this_len;
-                        }
                }
-fill_it:
                partial[page_nr].offset = loff;
                partial[page_nr].len = this_len;
                len -= this_len;
author	Jens Axboe <jens.axboe@oracle.com>	2007-06-07 03:39:42 -0400
committer	Jens Axboe <jens.axboe@oracle.com>	2007-06-08 02:34:11 -0400
commit	620a324b744a7d66c3c45a83042f8e7fc9fc5a04 (patch)
tree	07bf593206a2f38a28ba97811572d036c32b7927 /fs
parent	475ecade683566b19ebb84972de864039ac5fce3 (diff)

diff --git a/fs/splice.c b/fs/splice.c index 123fcdb2e4d9..cb211360273a 100644 --- a/fs/splice.c +++ b/fs/splice.c
@@ -413,37 +413,37 @@ __generic_file_splice_read(struct file in, loff_t ppos,
413		413
414	break;	414	break;
415	}	415	}
		416	}
		417	fill_it:
		418	/*
		419	* i_size must be checked after PageUptodate.
		420	*/
		421	isize = i_size_read(mapping->host);
		422	end_index = (isize - 1) >> PAGE_CACHE_SHIFT;
		423	if (unlikely(!isize \|\| index > end_index))
		424	break;
		425
		426	/*
		427	* if this is the last page, see if we need to shrink
		428	* the length and stop
		429	*/
		430	if (end_index == index) {
		431	unsigned int plen;
416		432
417	/*	433	/*
418	* i_size must be checked after ->readpage().	434	* max good bytes in this page
419	*/	435	*/
420	isize = i_size_read(mapping->host);	436	plen = ((isize - 1) & ~PAGE_CACHE_MASK) + 1;
421	end_index = (isize - 1) >> PAGE_CACHE_SHIFT;	437	if (plen <= loff)
422	if (unlikely(!isize \|\| index > end_index))
423	break;	438	break;
424		439
425	/*	440	/*
426	* if this is the last page, see if we need to shrink	441	* force quit after adding this page
427	* the length and stop
428	*/	442	*/
429	if (end_index == index) {	443	this_len = min(this_len, plen - loff);
430	unsigned int plen;	444	len = this_len;
431
432	/*
433	* max good bytes in this page
434	*/
435	plen = ((isize - 1) & ~PAGE_CACHE_MASK) + 1;
436	if (plen <= loff)
437	break;
438
439	/*
440	* force quit after adding this page
441	*/
442	this_len = min(this_len, plen - loff);
443	len = this_len;
444	}
445	}	445	}
446	fill_it:	446
447	partial[page_nr].offset = loff;	447	partial[page_nr].offset = loff;
448	partial[page_nr].len = this_len;	448	partial[page_nr].len = this_len;
449	len -= this_len;	449	len -= this_len;