@@ -453,7 +453,7 @@ static int splice_from_pipe_feed(struct pipe_inode_info *pipe, struct splice_des
while (!pipe_empty(head, tail)) {
struct pipe_buffer *buf = &pipe->bufs[tail & mask];
- sd->len = buf->len;
+ sd->len = pipe_buf_assert_len(buf);
if (sd->len > sd->total_len)
sd->len = sd->total_len;
@@ -494,13 +494,11 @@ static int splice_from_pipe_feed(struct pipe_inode_info *pipe, struct splice_des
/* We know we have a pipe buffer, but maybe it's empty? */
static inline bool eat_empty_buffer(struct pipe_inode_info *pipe)
{
- unsigned int tail = pipe->tail;
- unsigned int mask = pipe->ring_size - 1;
- struct pipe_buffer *buf = &pipe->bufs[tail & mask];
+ struct pipe_buffer *buf = pipe_buf(pipe, pipe->tail);
- if (unlikely(!buf->len)) {
+ if (unlikely(!pipe_buf_assert_len(buf))) {
pipe_buf_release(pipe, buf);
- pipe->tail = tail+1;
+ pipe->tail++;
return true;
}
@@ -717,7 +715,7 @@ iter_file_splice_write(struct pipe_inode_info *pipe, struct file *out,
left = sd.total_len;
for (n = 0; !pipe_empty(head, tail) && left && n < nbufs; tail++) {
struct pipe_buffer *buf = &pipe->bufs[tail & mask];
- size_t this_len = buf->len;
+ size_t this_len = pipe_buf_assert_len(buf);
/* zero-length bvecs are not supported, skip them */
if (!this_len)
@@ -852,7 +850,7 @@ ssize_t splice_to_socket(struct pipe_inode_info *pipe, struct file *out,
struct pipe_buffer *buf = &pipe->bufs[tail & mask];
size_t seg;
- if (!buf->len) {
+ if (!pipe_buf_assert_len(buf)) {
tail++;
continue;
}
After the previous patch the readers can't (hopefully) hit a zero-sized buffer, add a few pipe_buf_assert_len() debugging checks. pipe_buf_assert_len() can probably have more users, including the writers which update pipe->head. While at it, simplify eat_empty_buffer(), it can use pipe_buf(pipe->tail). Signed-off-by: Oleg Nesterov <oleg@redhat.com> --- fs/splice.c | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-)