On 5/20/20 6:42 PM, Jens Axboe wrote:
> The patch converting pipes to head and tail pointers mistakenly
> turned the splice pipe-to-pipe opipe check into something
> nonsensical. It's supposed to check if we have room in the pipe,
> and return success if we do. If not, wait for room in the pipe.
> Instead it's now returning success for a full pipe, and entering
> the slow path for a non-full pipe.
Forgot to CC Linus - Linus, could you pick this up, or do you want
me to queue it up. Moving to 5.6 internally at FB triggers this
pretty easily, causing a hard hang as we'll get stuck in an infinite
busy loop in splice_pipe_to_pipe().
>
> Cc: sta...@vger.kernel.org
> Fixes: 8cefc107ca54 ("pipe: Use head and tail pointers for the ring, not
> cursor and length")
> Signed-off-by: Jens Axboe <ax...@kernel.dk>
>
> ---
>
> I didn't check if the offending commit had other logical fumbles.
>
> diff --git a/fs/splice.c b/fs/splice.c
> index fd0a1e7e5959..4e53efbd621d 100644
> --- a/fs/splice.c
> +++ b/fs/splice.c
> @@ -1494,7 +1494,7 @@ static int opipe_prep(struct pipe_inode_info *pipe,
> unsigned int flags)
> * Check pipe occupancy without the inode lock first. This function
> * is speculative anyways, so missing one is ok.
> */
> - if (pipe_full(pipe->head, pipe->tail, pipe->max_usage))
> + if (!pipe_full(pipe->head, pipe->tail, pipe->max_usage))
> return 0;
>
> ret = 0;
>
--
Jens Axboe
