summaryrefslogtreecommitdiff
path: root/fs/splice.c
diff options
context:
space:
mode:
authorJens Axboe <jens.axboe@oracle.com>2007-07-16 14:41:49 +0200
committerJens Axboe <jens.axboe@oracle.com>2007-07-16 15:02:48 +0200
commitbcd4f3acbaec102e2b8000c977ecc38dcd0fe367 (patch)
tree03134513c5f47540814ee2d86cbb31523f722efa /fs/splice.c
parent56a68a500fcab9e3a9a49ca7fbef14230ab7d144 (diff)
downloadlinux-stable-bcd4f3acbaec102e2b8000c977ecc38dcd0fe367.tar.gz
linux-stable-bcd4f3acbaec102e2b8000c977ecc38dcd0fe367.tar.bz2
linux-stable-bcd4f3acbaec102e2b8000c977ecc38dcd0fe367.zip
splice: direct splicing updates ppos twice
OGAWA Hirofumi <hirofumi@mail.parknet.co.jp> reported that he's noticed nfsd read corruption in recent kernels, and did the hard work of discovering that it's due to splice updating the file position twice. This means that the next operation would start further ahead than it should. nfsd_vfs_read() splice_direct_to_actor() while(len) { do_splice_to() [update sd->pos] -> generic_file_splice_read() [read from sd->pos] nfsd_direct_splice_actor() -> __splice_from_pipe() [update sd->pos] There's nothing wrong with the core splice code, but the direct splicing is an addon that calls both input and output paths. So it has to take care in locally caching offset so it remains correct. Signed-off-by: Jens Axboe <jens.axboe@oracle.com>
Diffstat (limited to 'fs/splice.c')
-rw-r--r--fs/splice.c4
1 files changed, 3 insertions, 1 deletions
diff --git a/fs/splice.c b/fs/splice.c
index 6c9828651e6f..53fc2082a468 100644
--- a/fs/splice.c
+++ b/fs/splice.c
@@ -1061,8 +1061,9 @@ ssize_t splice_direct_to_actor(struct file *in, struct splice_desc *sd,
while (len) {
size_t read_len;
+ loff_t pos = sd->pos;
- ret = do_splice_to(in, &sd->pos, pipe, len, flags);
+ ret = do_splice_to(in, &pos, pipe, len, flags);
if (unlikely(ret <= 0))
goto out_release;
@@ -1080,6 +1081,7 @@ ssize_t splice_direct_to_actor(struct file *in, struct splice_desc *sd,
bytes += ret;
len -= ret;
+ sd->pos = pos;
if (ret < read_len)
goto out_release;