iter_file_splice_write() may spawn bvec segments with zero-length. In
preparation for prohibiting them, filter out by hand at splice level.
Signed-off-by: Pavel Begunkov <asml.sile...@gmail.com>
---
fs/splice.c | 9 +++++----
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/fs/splice.c b/fs/splice.c
index 866d5c2367b2..7299330c3270 100644
--- a/fs/splice.c
+++ b/fs/splice.c
@@ -644,7 +644,6 @@ iter_file_splice_write(struct pipe_inode_info *pipe, struct
file *out,
ret = splice_from_pipe_next(pipe, &sd);
if (ret <= 0)
break;
-
if (unlikely(nbufs < pipe->max_usage)) {
kfree(array);
nbufs = pipe->max_usage;
@@ -662,12 +661,13 @@ iter_file_splice_write(struct pipe_inode_info *pipe,
struct file *out,
/* build the vector */
left = sd.total_len;
- for (n = 0; !pipe_empty(head, tail) && left && n < nbufs;
tail++, n++) {
+ for (n = 0; !pipe_empty(head, tail) && left && n < nbufs;
tail++) {
struct pipe_buffer *buf = &pipe->bufs[tail & mask];
size_t this_len = buf->len;
- if (this_len > left)
- this_len = left;
+ if (!this_len)
+ continue;
+ this_len = min(this_len, left);
ret = pipe_buf_confirm(pipe, buf);
if (unlikely(ret)) {
@@ -680,6 +680,7 @@ iter_file_splice_write(struct pipe_inode_info *pipe, struct
file *out,
array[n].bv_len = this_len;
array[n].bv_offset = buf->offset;
left -= this_len;
+ n++;
}
iov_iter_bvec(&from, WRITE, array, n, sd.total_len - left);
--
2.24.0
