From 5b53647f2ce4829a0f54aa35a633c08c1f972296 Mon Sep 17 00:00:00 2001 From: "Darrick J. Wong" Date: Thu, 16 May 2019 15:42:52 +0800 Subject: [PATCH] iomap: partially revert 4721a601099 (simulated directio short read on EFAULT) mainline inclusion from mainline-4.20-rc6 commit 8f67b5adc030553fbc877124306f3f3bdab89aa8 category: bugfix bugzilla: 15775 CVE: NA --------------------------- In commit 4721a601099, we tried to fix a problem wherein directio reads into a splice pipe will bounce EFAULT/EAGAIN all the way out to userspace by simulating a zero-byte short read. This happens because some directio read implementations (xfs) will call bio_iov_iter_get_pages to grab pipe buffer pages and issue asynchronous reads, but as soon as we run out of pipe buffers that _get_pages call returns EFAULT, which the splice code translates to EAGAIN and bounces out to userspace. In that commit, the iomap code catches the EFAULT and simulates a zero-byte read, but that causes assertion errors on regular splice reads because xfs doesn't allow short directio reads. This causes infinite splice() loops and assertion failures on generic/095 on overlayfs because xfs only permit total success or total failure of a directio operation. The underlying issue in the pipe splice code has now been fixed by changing the pipe splice loop to avoid avoid reading more data than there is space in the pipe. Therefore, it's no longer necessary to simulate the short directio, so remove the hack from iomap. Fixes: 4721a601099 ("iomap: dio data corruption and spurious errors when pipes fill") Reported-by: Murphy Zhou Ranted-by: Amir Goldstein Reviewed-by: Christoph Hellwig Signed-off-by: Darrick J. Wong Signed-off-by: zhengbin Reviewed-by: Hou Tao Signed-off-by: Yang Yingliang --- fs/iomap.c | 9 --------- 1 file changed, 9 deletions(-) diff --git a/fs/iomap.c b/fs/iomap.c index 0ff0f8ca3b19..42253f937d14 100644 --- a/fs/iomap.c +++ b/fs/iomap.c @@ -1895,15 +1895,6 @@ iomap_dio_rw(struct kiocb *iocb, struct iov_iter *iter, wait_for_completion = true; ret = 0; } - - /* - * Splicing to pipes can fail on a full pipe. We have to - * swallow this to make it look like a short IO - * otherwise the higher splice layers will completely - * mishandle the error and stop moving data. - */ - if (ret == -EFAULT) - ret = 0; break; } pos += ret; -- GitLab