From patchwork Thu Dec 21 03:08:45 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: =?utf-8?q?Ahelenia_Ziemia=C5=84ska?=
 <nabijaczleweli@nabijaczleweli.xyz>
X-Patchwork-Id: 13500913
Received: from tarta.nabijaczleweli.xyz (tarta.nabijaczleweli.xyz
 [139.28.40.42])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 7C7224404;
	Thu, 21 Dec 2023 03:08:48 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=nabijaczleweli.xyz
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=nabijaczleweli.xyz
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=nabijaczleweli.xyz
 header.i=@nabijaczleweli.xyz header.b="ediueyH5"
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=nabijaczleweli.xyz;
	s=202305; t=1703128126;
	bh=ybIdi0gMPgMmtj3200db5CwiLm00xeI7NHXtjlFkAIo=;
	h=Date:From:Cc:Subject:References:In-Reply-To:From;
	b=ediueyH5QEM2+HRkyZx4r28DFAwiicXxhNwbwe+bf/itVrncIEDncK2IBL+WyxqsB
	 WYQZaksBXFw8HKQyinNsue1UzUlAJDZmTfXW3mK7LckZfT+NZFPGKsAzVIubWuVTSa
	 7oD6Jr1u+OWvSjYK7r7jriaN6hUqfLfDexIcD8DNn8GVIRaAc9cOlpp9AkMzp8pq1+
	 gS/DzMM8Yl1z8jnWZLBE4McHEy+z4IqXKZayA/MANTXJvVGkWsdDD1wvykD9aKpfl4
	 ApOnk0BTRUEP3hXTrOlt6irzt2KC1KVqJdYwmzxYjErRDb8nhu0cnKgfT9yPNhmIdh
	 /zoRAlkZpkvaA==
Received: from tarta.nabijaczleweli.xyz (unknown [192.168.1.250])
	by tarta.nabijaczleweli.xyz (Postfix) with ESMTPSA id F318313DAE;
	Thu, 21 Dec 2023 04:08:45 +0100 (CET)
Date: Thu, 21 Dec 2023 04:08:45 +0100
From: Ahelenia =?utf-8?q?Ziemia=C5=84ska?= <nabijaczleweli@nabijaczleweli.xyz>
Cc: Jens Axboe <axboe@kernel.dk>, Christian Brauner <brauner@kernel.org>,
	Alexander Viro <viro@zeniv.linux.org.uk>, linux-fsdevel@vger.kernel.org,
 linux-kernel@vger.kernel.org
Subject: [PATCH v2 01/11] splice: copy_splice_read: do the I/O with
 IOCB_NOWAIT
Message-ID: 
 <d87ac02081f2d698dde10da7da51336afc59b480.1703126594.git.nabijaczleweli@nabijaczleweli.xyz>
References: <cover.1703126594.git.nabijaczleweli@nabijaczleweli.xyz>
Precedence: bulk
X-Mailing-List: linux-fsdevel@vger.kernel.org
List-Id: <linux-fsdevel.vger.kernel.org>
List-Subscribe: <mailto:linux-fsdevel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-fsdevel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <cover.1703126594.git.nabijaczleweli@nabijaczleweli.xyz>
User-Agent: NeoMutt/20231103-116-3b855e-dirty

Otherwise we risk sleeping with the pipe locked for indeterminate
lengths of time ‒ given:
	cat > udp.c <<^D
	#define _GNU_SOURCE
	#include <fcntl.h>
	#include <sys/socket.h>
	#include <netinet/in.h>
	#include <netinet/udp.h>
	int main()
	{
		int s = socket(AF_INET, SOCK_DGRAM, 0);
		bind(s,
		     &(struct sockaddr_in){ .sin_family = AF_INET,
					    .sin_addr.s_addr = htonl(INADDR_ANY) },
		     sizeof(struct sockaddr_in));
		for (;;)
			splice(s, 0, 1, 0, 128 * 1024 * 1024, 0);
	}
	^D
	cc udp.c -o udp
	mkfifo fifo
	./udp > fifo &
	read -r _ < fifo &
	sleep 0.1
	echo zupa > fifo
udp used to sleep in splice and the shell used to enter an
uninterruptible sleep in open("fifo");
now the splice returns -EAGAIN and the whole program completes.

Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz>
---
 fs/splice.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/fs/splice.c b/fs/splice.c
index d983d375ff11..9d29664f23ee 100644
--- a/fs/splice.c
+++ b/fs/splice.c
@@ -361,6 +361,7 @@ ssize_t copy_splice_read(struct file *in, loff_t *ppos,
 	iov_iter_bvec(&to, ITER_DEST, bv, npages, len);
 	init_sync_kiocb(&kiocb, in);
 	kiocb.ki_pos = *ppos;
+	kiocb.ki_flags |= IOCB_NOWAIT;
 	ret = call_read_iter(in, &kiocb, &to);
 
 	if (ret > 0) {

From patchwork Thu Dec 21 03:08:51 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: =?utf-8?q?Ahelenia_Ziemia=C5=84ska?=
 <nabijaczleweli@nabijaczleweli.xyz>
X-Patchwork-Id: 13500914
Received: from tarta.nabijaczleweli.xyz (tarta.nabijaczleweli.xyz
 [139.28.40.42])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 03422AD4B;
	Thu, 21 Dec 2023 03:08:53 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=nabijaczleweli.xyz
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=nabijaczleweli.xyz
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=nabijaczleweli.xyz
 header.i=@nabijaczleweli.xyz header.b="dSrYc8hG"
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=nabijaczleweli.xyz;
	s=202305; t=1703128132;
	bh=eAEZKuHticwVYxrh9ppCMct1OB8vV2MAUTSowqzWAZ8=;
	h=Date:From:Cc:Subject:References:In-Reply-To:From;
	b=dSrYc8hG+4fSy0WFWd9aZsqSwDNE4gGjB3V5Qw1jR5c2AUkMmUdNDUVzE1Fe9+45G
	 y//sDt54gWQYIvIR/B5mXHUKki0Ca2X4hMpymSj+1073lc8INhpYVQpbAw6bISFAOA
	 92s6NHFQw/rg3Prjt9JAsN4UgZf6L8ELbsPCO53JVe4cbsssKs19jqzNYtrLmOI6Hc
	 y42k5X73W9gUZNZOMYA5rCn2UwZvfJvAolnMdhdAyYLek71D24c5TqS5XjvYCbUY0L
	 cDXTpFHzEvxJVo9G7A7vG3DrM5zAaez2GiIKUUPOvnxXjMPSvVzAuaIG6jQvb+q2Oa
	 H/aURzGp3PWaA==
Received: from tarta.nabijaczleweli.xyz (unknown [192.168.1.250])
	by tarta.nabijaczleweli.xyz (Postfix) with ESMTPSA id 15D4F13DB0;
	Thu, 21 Dec 2023 04:08:52 +0100 (CET)
Date: Thu, 21 Dec 2023 04:08:51 +0100
From: Ahelenia =?utf-8?q?Ziemia=C5=84ska?= <nabijaczleweli@nabijaczleweli.xyz>
Cc: Jens Axboe <axboe@kernel.dk>, Christian Brauner <brauner@kernel.org>,
	Alexander Viro <viro@zeniv.linux.org.uk>, linux-fsdevel@vger.kernel.org,
	"David S. Miller" <davem@davemloft.net>, Eric Dumazet <edumazet@google.com>,
	Jakub Kicinski <kuba@kernel.org>, Paolo Abeni <pabeni@redhat.com>,
	Kuniyuki Iwashima <kuniyu@amazon.com>, David Howells <dhowells@redhat.com>,
	Alexander Mikhalitsyn <alexander@mihalicyn.com>,
 John Fastabend <john.fastabend@gmail.com>,
	Daan De Meyer <daan.j.demeyer@gmail.com>, netdev@vger.kernel.org,
 linux-kernel@vger.kernel.org
Subject: [PATCH v2 02/11] af_unix: unix_stream_splice_read: always request
 MSG_DONTWAIT
Message-ID: 
 <8309aff7e55f0c7fe973bb2d1e6b6b3a80ac5a99.1703126594.git.nabijaczleweli@nabijaczleweli.xyz>
References: <cover.1703126594.git.nabijaczleweli@nabijaczleweli.xyz>
Precedence: bulk
X-Mailing-List: linux-fsdevel@vger.kernel.org
List-Id: <linux-fsdevel.vger.kernel.org>
List-Subscribe: <mailto:linux-fsdevel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-fsdevel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <cover.1703126594.git.nabijaczleweli@nabijaczleweli.xyz>
User-Agent: NeoMutt/20231103-116-3b855e-dirty

Otherwise we risk sleeping with the pipe locked for indeterminate
lengths of time ‒ given:
	cat > unix.c <<^D
	#define _GNU_SOURCE
	#include <fcntl.h>
	#include <sys/socket.h>
	#include <sys/un.h>
	int main()
	{
		int sp[2];
		socketpair(AF_UNIX, SOCK_STREAM, 0, sp);
		for (;;)
			splice(sp[0], 0, 1, 0, 128 * 1024 * 1024, 0);
	}
	^D
	cc unix.c -o unix
	mkfifo fifo
	./unix > fifo &
	read -r _ < fifo &
	sleep 0.1
	echo zupa > fifo
unix used to sleep in splice and the shell used to enter an
uninterruptible sleep in open("fifo");
now the splice returns -EAGAIN and the whole program completes.

Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz>
---
 net/unix/af_unix.c | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c
index ac1f2bc18fc9..bae84552bf58 100644
--- a/net/unix/af_unix.c
+++ b/net/unix/af_unix.c
@@ -2921,15 +2921,12 @@ static ssize_t unix_stream_splice_read(struct socket *sock,  loff_t *ppos,
 		.pipe = pipe,
 		.size = size,
 		.splice_flags = flags,
+		.flags = MSG_DONTWAIT,
 	};
 
 	if (unlikely(*ppos))
 		return -ESPIPE;
 
-	if (sock->file->f_flags & O_NONBLOCK ||
-	    flags & SPLICE_F_NONBLOCK)
-		state.flags = MSG_DONTWAIT;
-
 	return unix_stream_read_generic(&state, false);
 }
 

From patchwork Thu Dec 21 03:08:56 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: =?utf-8?q?Ahelenia_Ziemia=C5=84ska?=
 <nabijaczleweli@nabijaczleweli.xyz>
X-Patchwork-Id: 13500915
Received: from tarta.nabijaczleweli.xyz (tarta.nabijaczleweli.xyz
 [139.28.40.42])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id A8639BA43;
	Thu, 21 Dec 2023 03:08:58 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=nabijaczleweli.xyz
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=nabijaczleweli.xyz
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=nabijaczleweli.xyz
 header.i=@nabijaczleweli.xyz header.b="TEAPKzrb"
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=nabijaczleweli.xyz;
	s=202305; t=1703128137;
	bh=1D/Y9tw4haAsoW32bBmlqxPIXSiFb95Jx1COnFxB8BE=;
	h=Date:From:Cc:Subject:References:In-Reply-To:From;
	b=TEAPKzrbGh/rmIZmTSBDQD0YPex0RlH5LAnlgnm2XRnDcZlcPFqXsdwpczOmz2YPy
	 7S/iyHyo92fgR1f1Ano8nsQHuBUsJkSrcOFI/60cy+VnSJ/1A/S70vldPUG7hnBXyd
	 K+/+9XpfGeXvEH7ELM1A5AGG+03D/lgwqFGvx10Jt4DaHHNzyGahdxlONGfaFni4uN
	 NXBdHLL+vi6pgfYDHhdd5lvJ84bT0Un+3M8OpIl5kCIhD1wNC2WLeukcmafu9+PwTz
	 Zzp9KqAFJsO9Wp7oF174uuBMGtEp+B4wnwtZonopTLPiKp4552LFR0pdXFAmqtu8Sh
	 +6QpItt1+GA8w==
Received: from tarta.nabijaczleweli.xyz (unknown [192.168.1.250])
	by tarta.nabijaczleweli.xyz (Postfix) with ESMTPSA id F0FFB13C50;
	Thu, 21 Dec 2023 04:08:56 +0100 (CET)
Date: Thu, 21 Dec 2023 04:08:56 +0100
From: Ahelenia =?utf-8?q?Ziemia=C5=84ska?= <nabijaczleweli@nabijaczleweli.xyz>
Cc: Jens Axboe <axboe@kernel.dk>, Christian Brauner <brauner@kernel.org>,
	Alexander Viro <viro@zeniv.linux.org.uk>, linux-fsdevel@vger.kernel.org,
	Miklos Szeredi <miklos@szeredi.hu>, linux-kernel@vger.kernel.org
Subject: [PATCH v2 03/11] fuse: fuse_dev_splice_read: use nonblocking I/O
Message-ID: 
 <b6ae6cc54272011a24130723f3344616602ebb55.1703126594.git.nabijaczleweli@nabijaczleweli.xyz>
References: <cover.1703126594.git.nabijaczleweli@nabijaczleweli.xyz>
Precedence: bulk
X-Mailing-List: linux-fsdevel@vger.kernel.org
List-Id: <linux-fsdevel.vger.kernel.org>
List-Subscribe: <mailto:linux-fsdevel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-fsdevel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <cover.1703126594.git.nabijaczleweli@nabijaczleweli.xyz>
User-Agent: NeoMutt/20231103-116-3b855e-dirty

Otherwise we risk sleeping with the pipe locked for indeterminate
lengths of time ‒ since FUSE is usually installed with the fusermount
helper suid, given
	cat > fusedev.c <<^D
	#define _GNU_SOURCE
	#include <fcntl.h>
	#define FUSE_USE_VERSION 30
	#include <fuse.h>
	static void *fop_init(struct fuse_conn_info *conn, struct fuse_config *cfg)
	{
		for (;;)
			splice(3, 0, 4, 0, 128 * 1024 * 1024, 0);
	}
	static const struct fuse_operations fops = { .init = fop_init };
	int main(int argc, char **argv)
	{
		return fuse_main(argc, argv, &fops, NULL);
	}
	^D
	cc nullsleep.c $(pkg-config fuse3 --cflags --libs) -o nullsleep
	mkfifo fifo
	mkdir dir
	./nullsleep dir 4>fifo &
	read -r _ < fifo &
	sleep 0.1
	echo zupa > fifo
nullsleep used to sleep in splice and the shell used to enter an
uninterruptible sleep in open("fifo");
now the splice returns -EAGAIN and the whole program completes.

Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz>
---
 fs/fuse/dev.c | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/fs/fuse/dev.c b/fs/fuse/dev.c
index 1a8f82f478cb..4e8caf66c01e 100644
--- a/fs/fuse/dev.c
+++ b/fs/fuse/dev.c
@@ -1202,7 +1202,8 @@ __releases(fiq->lock)
  * the 'sent' flag.
  */
 static ssize_t fuse_dev_do_read(struct fuse_dev *fud, struct file *file,
-				struct fuse_copy_state *cs, size_t nbytes)
+				struct fuse_copy_state *cs, size_t nbytes,
+				bool nonblock)
 {
 	ssize_t err;
 	struct fuse_conn *fc = fud->fc;
@@ -1238,7 +1239,7 @@ static ssize_t fuse_dev_do_read(struct fuse_dev *fud, struct file *file,
 			break;
 		spin_unlock(&fiq->lock);
 
-		if (file->f_flags & O_NONBLOCK)
+		if (nonblock)
 			return -EAGAIN;
 		err = wait_event_interruptible_exclusive(fiq->waitq,
 				!fiq->connected || request_pending(fiq));
@@ -1364,7 +1365,8 @@ static ssize_t fuse_dev_read(struct kiocb *iocb, struct iov_iter *to)
 
 	fuse_copy_init(&cs, 1, to);
 
-	return fuse_dev_do_read(fud, file, &cs, iov_iter_count(to));
+	return fuse_dev_do_read(fud, file, &cs, iov_iter_count(to),
+				file->f_flags & O_NONBLOCK);
 }
 
 static ssize_t fuse_dev_splice_read(struct file *in, loff_t *ppos,
@@ -1388,7 +1390,7 @@ static ssize_t fuse_dev_splice_read(struct file *in, loff_t *ppos,
 	fuse_copy_init(&cs, 1, NULL);
 	cs.pipebufs = bufs;
 	cs.pipe = pipe;
-	ret = fuse_dev_do_read(fud, in, &cs, len);
+	ret = fuse_dev_do_read(fud, in, &cs, len, true);
 	if (ret < 0)
 		goto out;
 

From patchwork Thu Dec 21 03:09:00 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: =?utf-8?q?Ahelenia_Ziemia=C5=84ska?=
 <nabijaczleweli@nabijaczleweli.xyz>
X-Patchwork-Id: 13500916
Received: from tarta.nabijaczleweli.xyz (tarta.nabijaczleweli.xyz
 [139.28.40.42])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2771046B5;
	Thu, 21 Dec 2023 03:09:01 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=nabijaczleweli.xyz
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=nabijaczleweli.xyz
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=nabijaczleweli.xyz
 header.i=@nabijaczleweli.xyz header.b="BIL6JbTv"
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=nabijaczleweli.xyz;
	s=202305; t=1703128140;
	bh=rt0AEnnzw/E9eyte+sfYqKcDzKN6TKrOk/5CzjvNe7s=;
	h=Date:From:Cc:Subject:References:In-Reply-To:From;
	b=BIL6JbTvgXjrABthVY0jcMbCt19zMUjX4k54dfyXJIc/Y4RVTGC+gix4NQLV1c5Si
	 m75xgd9AhG5ESQDY10f/8CxmRNrT8/UczSC0W5zsHcSkJi3hp99ecCNWBvpEv8h1C7
	 3RVtyLsMkNskWwos4UWDLcqGyiGb6TyWBC75cpycTIZxbDtZL2x8RXuiNAU4N3xWyS
	 +zIOInw+oBlHINKWcGbIf06mRq1WcuHYIE3cIwdlWzi/jxIH1C6QP4EQEAKoKLJD2O
	 YnbRNbJTiv95+VS+56TJXpJJUAJPlCOWQeiEBTfHikSe0csefBFY629mK5XL0HWc1h
	 jmImqQTZPtOtw==
Received: from tarta.nabijaczleweli.xyz (unknown [192.168.1.250])
	by tarta.nabijaczleweli.xyz (Postfix) with ESMTPSA id 5352913774;
	Thu, 21 Dec 2023 04:09:00 +0100 (CET)
Date: Thu, 21 Dec 2023 04:09:00 +0100
From: Ahelenia =?utf-8?q?Ziemia=C5=84ska?= <nabijaczleweli@nabijaczleweli.xyz>
Cc: Jens Axboe <axboe@kernel.dk>, Christian Brauner <brauner@kernel.org>,
	Alexander Viro <viro@zeniv.linux.org.uk>, linux-fsdevel@vger.kernel.org,
	Wenjia Zhang <wenjia@linux.ibm.com>, Jan Karcher <jaka@linux.ibm.com>,
	"D. Wythe" <alibuda@linux.alibaba.com>, Tony Lu <tonylu@linux.alibaba.com>,
	Wen Gu <guwen@linux.alibaba.com>, "David S. Miller" <davem@davemloft.net>,
	Eric Dumazet <edumazet@google.com>, Jakub Kicinski <kuba@kernel.org>,
	Paolo Abeni <pabeni@redhat.com>, linux-s390@vger.kernel.org,
 netdev@vger.kernel.org,
	linux-kernel@vger.kernel.org
Subject: [PATCH v2 04/11] net/smc: smc_splice_read: always request
 MSG_DONTWAIT
Message-ID: 
 <38e20a4939603718232859ee2170f54d8bcd8ddf.1703126594.git.nabijaczleweli@nabijaczleweli.xyz>
References: <cover.1703126594.git.nabijaczleweli@nabijaczleweli.xyz>
Precedence: bulk
X-Mailing-List: linux-fsdevel@vger.kernel.org
List-Id: <linux-fsdevel.vger.kernel.org>
List-Subscribe: <mailto:linux-fsdevel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-fsdevel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <cover.1703126594.git.nabijaczleweli@nabijaczleweli.xyz>
User-Agent: NeoMutt/20231103-116-3b855e-dirty

Otherwise we risk sleeping with the pipe locked for indeterminate
lengths of time ‒ this meant that splice(smc -> pipe) with no data
would hold the pipe lock, and any open/read/write/close on the pipe
would enter uninterruptible sleep.

Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz>
---
 net/smc/af_smc.c | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/net/smc/af_smc.c b/net/smc/af_smc.c
index 73eebddbbf41..a11a966d031a 100644
--- a/net/smc/af_smc.c
+++ b/net/smc/af_smc.c
@@ -3248,12 +3248,8 @@ static ssize_t smc_splice_read(struct socket *sock, loff_t *ppos,
 			rc = -ESPIPE;
 			goto out;
 		}
-		if (flags & SPLICE_F_NONBLOCK)
-			flags = MSG_DONTWAIT;
-		else
-			flags = 0;
 		SMC_STAT_INC(smc, splice_cnt);
-		rc = smc_rx_recvmsg(smc, NULL, pipe, len, flags);
+		rc = smc_rx_recvmsg(smc, NULL, pipe, len, MSG_DONTWAIT);
 	}
 out:
 	release_sock(sk);

From patchwork Thu Dec 21 03:09:03 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: =?utf-8?q?Ahelenia_Ziemia=C5=84ska?=
 <nabijaczleweli@nabijaczleweli.xyz>
X-Patchwork-Id: 13500917
Received: from tarta.nabijaczleweli.xyz (tarta.nabijaczleweli.xyz
 [139.28.40.42])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 9B53C11733;
	Thu, 21 Dec 2023 03:09:06 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=nabijaczleweli.xyz
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=nabijaczleweli.xyz
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=nabijaczleweli.xyz
 header.i=@nabijaczleweli.xyz header.b="nkTFe+Uc"
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=nabijaczleweli.xyz;
	s=202305; t=1703128143;
	bh=6cAMXGnL8xft83SbIhEKbKmwbcXCq5q+4GH8QxHM/tU=;
	h=Date:From:Cc:Subject:References:In-Reply-To:From;
	b=nkTFe+UcamJPNdAUF84BUUelHqg5p0U2NAf/DySmBvEG1zMkvmE8aQS/RngAaN4Kz
	 zC5+ksKX3o+01b3rHDWmjsUPIBqXUwr3xzsNHXotTXW4jdRFqHlhE9rm/Zsq9V1AiA
	 5lURoPVM0hVQz/fQN2B+ZOeK1vzk+UD962C8pCjJr2FU0KLs+EcbZDBIgDIcbwG0tU
	 vs2YV9lOSzqMm3wKj3T5mo9w7pWrHmRIYG4lNbVOm7PNGIpf7IqR/UXlNdTtDoVOFH
	 OSTHH3079/bf8upcZ4UjTbYiO9zGahq4NJr275pKX86OKXmpB8JBMEBkkpUFLqy5xq
	 UNIiRVnlOhrXA==
Received: from tarta.nabijaczleweli.xyz (unknown [192.168.1.250])
	by tarta.nabijaczleweli.xyz (Postfix) with ESMTPSA id 5C10313776;
	Thu, 21 Dec 2023 04:09:03 +0100 (CET)
Date: Thu, 21 Dec 2023 04:09:03 +0100
From: Ahelenia =?utf-8?q?Ziemia=C5=84ska?= <nabijaczleweli@nabijaczleweli.xyz>
Cc: Jens Axboe <axboe@kernel.dk>, Christian Brauner <brauner@kernel.org>,
	Alexander Viro <viro@zeniv.linux.org.uk>, linux-fsdevel@vger.kernel.org,
	"David S. Miller" <davem@davemloft.net>, Eric Dumazet <edumazet@google.com>,
	Jakub Kicinski <kuba@kernel.org>, Paolo Abeni <pabeni@redhat.com>,
	David Howells <dhowells@redhat.com>, Shigeru Yoshida <syoshida@redhat.com>,
	Kuniyuki Iwashima <kuniyu@amazon.com>, Peilin Ye <peilin.ye@bytedance.com>,
 netdev@vger.kernel.org,
	linux-kernel@vger.kernel.org
Subject: [PATCH v2 05/11] kcm: kcm_splice_read: always request MSG_DONTWAIT
Message-ID: 
 <0d8847df2f13e0831ee2f5504d06d5d12036d8f9.1703126594.git.nabijaczleweli@nabijaczleweli.xyz>
References: <cover.1703126594.git.nabijaczleweli@nabijaczleweli.xyz>
Precedence: bulk
X-Mailing-List: linux-fsdevel@vger.kernel.org
List-Id: <linux-fsdevel.vger.kernel.org>
List-Subscribe: <mailto:linux-fsdevel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-fsdevel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <cover.1703126594.git.nabijaczleweli@nabijaczleweli.xyz>
User-Agent: NeoMutt/20231103-116-3b855e-dirty

Otherwise we risk sleeping with the pipe locked for indeterminate
lengths of time ‒ given:
	cat > kcm.c <<^D
	#define _GNU_SOURCE
	#include <fcntl.h>
	#include <sys/socket.h>
	#include <netinet/in.h>
	#include <linux/kcm.h>
	int main()
	{
		int kcm = socket(AF_KCM, SOCK_SEQPACKET, KCMPROTO_CONNECTED);
		for (;;)
			splice(kcm, 0, 1, 0, 128 * 1024 * 1024, 0);
	}
	^D
	cc kcm.c -o kcm
	mkfifo fifo
	./kcm > fifo &
	read -r _ < fifo &
	sleep 0.1
	echo zupa > fifo
kcm used to sleep in splice and the shell used to enter an
uninterruptible sleep in open("fifo");
now the splice returns -EAGAIN and the whole program completes.

Also: don't pass the SPLICE_F_*-style flags argument to
skb_recv_datagram(), which expects MSG_*-style flags.
This fixes SPLICE_F_NONBLOCK not having worked.

Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz>
---
 net/kcm/kcmsock.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/net/kcm/kcmsock.c b/net/kcm/kcmsock.c
index 65d1f6755f98..ccfc46f31891 100644
--- a/net/kcm/kcmsock.c
+++ b/net/kcm/kcmsock.c
@@ -1028,7 +1028,7 @@ static ssize_t kcm_splice_read(struct socket *sock, loff_t *ppos,
 
 	/* Only support splice for SOCKSEQPACKET */
 
-	skb = skb_recv_datagram(sk, flags, &err);
+	skb = skb_recv_datagram(sk, MSG_DONTWAIT, &err);
 	if (!skb)
 		goto err_out;
 

From patchwork Thu Dec 21 03:09:05 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: =?utf-8?q?Ahelenia_Ziemia=C5=84ska?=
 <nabijaczleweli@nabijaczleweli.xyz>
X-Patchwork-Id: 13500918
Received: from tarta.nabijaczleweli.xyz (tarta.nabijaczleweli.xyz
 [139.28.40.42])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id D1A5011C8F;
	Thu, 21 Dec 2023 03:09:07 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=nabijaczleweli.xyz
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=nabijaczleweli.xyz
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=nabijaczleweli.xyz
 header.i=@nabijaczleweli.xyz header.b="hrXydvLU"
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=nabijaczleweli.xyz;
	s=202305; t=1703128146;
	bh=qAmWyUoU8YkxZBfMhksVxnOF3K/+1yNv2stDp0bUYaU=;
	h=Date:From:Cc:Subject:References:In-Reply-To:From;
	b=hrXydvLUYIdw/FBFstYDD0jtvpmYHx7nxxp9isDfxsq73gon5fgyFx5bfxnW3/Avt
	 TRS26FntbCF27nt03x2dC7y8lqLSb8Wb9/KZ28RgGNo2I2EespxvKECab83zycPPAO
	 SRSk37HAGLPApY/QUvIqy67G4DmZvN0nFAEeea0qmhYUYPtIJ3s6Ep7PFj0Kz0x/ul
	 SQ3Rx+4PZnCnNpbibiFfc/jBNw9C8+Lz8aDRL8fcTbFUwr45cnLqEBEzfEolTEsuwm
	 frH/s4dgzX1JbwALRgvlMANY91NuJV4w6tAP8xYVCtRzlfeYKZkCAEa85Hl/MMO4kl
	 P60Bb3mQsTUcg==
Received: from tarta.nabijaczleweli.xyz (unknown [192.168.1.250])
	by tarta.nabijaczleweli.xyz (Postfix) with ESMTPSA id 10E8D13DB2;
	Thu, 21 Dec 2023 04:09:06 +0100 (CET)
Date: Thu, 21 Dec 2023 04:09:05 +0100
From: Ahelenia =?utf-8?q?Ziemia=C5=84ska?= <nabijaczleweli@nabijaczleweli.xyz>
Cc: Jens Axboe <axboe@kernel.dk>, Christian Brauner <brauner@kernel.org>,
	Alexander Viro <viro@zeniv.linux.org.uk>, linux-fsdevel@vger.kernel.org,
	Boris Pismenny <borisp@nvidia.com>,
 John Fastabend <john.fastabend@gmail.com>,
	Jakub Kicinski <kuba@kernel.org>, "David S. Miller" <davem@davemloft.net>,
	Eric Dumazet <edumazet@google.com>, Paolo Abeni <pabeni@redhat.com>,
 netdev@vger.kernel.org,
	linux-kernel@vger.kernel.org
Subject: [PATCH v2 06/11] tls/sw: tls_sw_splice_read: always request
 non-blocking I/O
Message-ID: 
 <f14a9bee9658d8aced8cd0a951bbc962c6a7bd5b.1703126594.git.nabijaczleweli@nabijaczleweli.xyz>
References: <cover.1703126594.git.nabijaczleweli@nabijaczleweli.xyz>
Precedence: bulk
X-Mailing-List: linux-fsdevel@vger.kernel.org
List-Id: <linux-fsdevel.vger.kernel.org>
List-Subscribe: <mailto:linux-fsdevel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-fsdevel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <cover.1703126594.git.nabijaczleweli@nabijaczleweli.xyz>
User-Agent: NeoMutt/20231103-116-3b855e-dirty

Otherwise we risk sleeping with the pipe locked for indeterminate
lengths of time ‒ given
	cat > tls_sw.c <<^D
	#define _GNU_SOURCE
	#include <fcntl.h>
	#include <unistd.h>
	#include <sys/socket.h>
	#include <netinet/in.h>
	#include <netinet/tcp.h>
	#include <linux/tls.h>
	int main()
	{
		int s = socket(AF_INET, SOCK_STREAM, 0);
		struct sockaddr_in addr = {
			.sin_family = AF_INET,
			.sin_addr = { htonl(INADDR_LOOPBACK) },
			.sin_port = htons(getpid() % (0xFFFF - 1000) + 1000)
		};
		bind(s, &addr, sizeof(addr));
		listen(s, 1);
		if (!fork()) {
			connect(socket(AF_INET, SOCK_STREAM, 0), &addr, sizeof(addr));
			sleep(100);
			return 0;
		}

		s = accept(s, NULL, NULL);
		setsockopt(s, SOL_TCP, TCP_ULP, "tls", sizeof("tls"));
		setsockopt(s, SOL_TLS, TLS_RX,
			   &(struct tls12_crypto_info_aes_gcm_128){
				   .info.version = TLS_1_2_VERSION,
				   .info.cipher_type = TLS_CIPHER_AES_GCM_128 },
			   sizeof(struct tls12_crypto_info_aes_gcm_128));

		for (;;)
			splice(s, 0, 1, 0, 128 * 1024 * 1024, 0);
	}
	^D
	cc tls_sw.c -o tls_sw
	mkfifo fifo
	./tls_sw > fifo &
	read -r _ < fifo &
	sleep 0.1
	echo zupa > fifo
tls_sw used to sleep in splice and the shell used to enter an
uninterruptible sleep in open("fifo");
now the splice returns -EAGAIN and the whole program completes.

Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz>
---
 net/tls/tls_sw.c | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/net/tls/tls_sw.c b/net/tls/tls_sw.c
index e37b4d2e2acd..3f474deed94d 100644
--- a/net/tls/tls_sw.c
+++ b/net/tls/tls_sw.c
@@ -2157,7 +2157,7 @@ ssize_t tls_sw_splice_read(struct socket *sock,  loff_t *ppos,
 	int chunk;
 	int err;
 
-	err = tls_rx_reader_lock(sk, ctx, flags & SPLICE_F_NONBLOCK);
+	err = tls_rx_reader_lock(sk, ctx, true);
 	if (err < 0)
 		return err;
 
@@ -2166,8 +2166,7 @@ ssize_t tls_sw_splice_read(struct socket *sock,  loff_t *ppos,
 	} else {
 		struct tls_decrypt_arg darg;
 
-		err = tls_rx_rec_wait(sk, NULL, flags & SPLICE_F_NONBLOCK,
-				      true);
+		err = tls_rx_rec_wait(sk, NULL, true, true);
 		if (err <= 0)
 			goto splice_read_end;
 

From patchwork Thu Dec 21 03:09:08 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: =?utf-8?q?Ahelenia_Ziemia=C5=84ska?=
 <nabijaczleweli@nabijaczleweli.xyz>
X-Patchwork-Id: 13500919
Received: from tarta.nabijaczleweli.xyz (tarta.nabijaczleweli.xyz
 [139.28.40.42])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 893EB15AE7;
	Thu, 21 Dec 2023 03:09:10 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=nabijaczleweli.xyz
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=nabijaczleweli.xyz
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=nabijaczleweli.xyz
 header.i=@nabijaczleweli.xyz header.b="pHDgVoMi"
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=nabijaczleweli.xyz;
	s=202305; t=1703128148;
	bh=fnKQoYZiI85fSTbAEaSEfBVSSLGdtMQnakutCuLUGCM=;
	h=Date:From:Cc:Subject:References:In-Reply-To:From;
	b=pHDgVoMizVeq6S9MWjn6uFDxllWq6WcSq2K7TB4c041J+twDbF2NTE2zhwr+5oIWW
	 xUVV0a6x46nlrs3++bVB4Js/bq9at4BnjVdo47lP9XATAs1HW6dGqc6harEIdxtpmd
	 jOhuYtMKj4wfmnBPgcRGljdUZb4XZuwCNYqr5jaC+WtzeauWCGDZg5wyqt4a0Q+7zD
	 aGX3tGEKc9P6eFLqcyDq7T1iigA0PaarDSCMdYsn2C4CjU/6rAcHqh5juofkXC1su6
	 sFxQLeyNa77hwQHmvHZnzMHkOVZIJBgpYyAS4upsU1UAO1pi5r/lvKYw6bl0evc+r1
	 8GzCAWdNZe/5g==
Received: from tarta.nabijaczleweli.xyz (unknown [192.168.1.250])
	by tarta.nabijaczleweli.xyz (Postfix) with ESMTPSA id 9AA7313D42;
	Thu, 21 Dec 2023 04:09:08 +0100 (CET)
Date: Thu, 21 Dec 2023 04:09:08 +0100
From: Ahelenia =?utf-8?q?Ziemia=C5=84ska?= <nabijaczleweli@nabijaczleweli.xyz>
Cc: Jens Axboe <axboe@kernel.dk>, Christian Brauner <brauner@kernel.org>,
	Alexander Viro <viro@zeniv.linux.org.uk>, linux-fsdevel@vger.kernel.org,
	Eric Dumazet <edumazet@google.com>, "David S. Miller" <davem@davemloft.net>,
	David Ahern <dsahern@kernel.org>, Jakub Kicinski <kuba@kernel.org>,
	Paolo Abeni <pabeni@redhat.com>, netdev@vger.kernel.org,
 linux-kernel@vger.kernel.org
Subject: [PATCH v2 07/11] net/tcp: tcp_splice_read: always do non-blocking
 reads
Message-ID: 
 <d2d856ed990f713d03e72c72dc81097467cbf983.1703126594.git.nabijaczleweli@nabijaczleweli.xyz>
References: <cover.1703126594.git.nabijaczleweli@nabijaczleweli.xyz>
Precedence: bulk
X-Mailing-List: linux-fsdevel@vger.kernel.org
List-Id: <linux-fsdevel.vger.kernel.org>
List-Subscribe: <mailto:linux-fsdevel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-fsdevel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <cover.1703126594.git.nabijaczleweli@nabijaczleweli.xyz>
User-Agent: NeoMutt/20231103-116-3b855e-dirty

Otherwise we risk sleeping with the pipe locked for indeterminate
lengths of time ‒ given:
	cat > tcp.c <<^D
	#define _GNU_SOURCE
	#include <fcntl.h>
	#include <unistd.h>
	#include <sys/socket.h>
	#include <netinet/in.h>
	#include <linux/tls.h>
	int main()
	{
		int s = socket(AF_INET, SOCK_STREAM, 0);
		struct sockaddr_in addr = {
			.sin_family = AF_INET,
			.sin_addr = { htonl(INADDR_LOOPBACK) },
			.sin_port = htons(getpid() % (0xFFFF - 1000) + 1000)
		};
		bind(s, &addr, sizeof(addr));
		listen(s, 1);
		if (!fork()) {
			connect(socket(AF_INET, SOCK_STREAM, 0), &addr, sizeof(addr));
			sleep(100);
			return 0;
		}

		s = accept(s, NULL, NULL);
		for (;;)
			splice(s, 0, 1, 0, 128 * 1024 * 1024, 0);
	}
	^D
	cc tcp.c -o tcp
	mkfifo fifo
	./tcp > fifo &
	read -r _ < fifo &
	sleep 0.1
	echo zupa > fifo
tcp used to sleep in splice and the shell used to enter an
uninterruptible sleep in open("fifo");
now the splice returns -EAGAIN and the whole program completes.

sock_rcvtimeo() returns 0 if the second argument is true, so the
explicit re-try loop for empty read conditions can be removed
entirely.

Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz>
---
 net/ipv4/tcp.c | 32 +++-----------------------------
 1 file changed, 3 insertions(+), 29 deletions(-)

diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c
index ff6838ca2e58..17a0e2a766b7 100644
--- a/net/ipv4/tcp.c
+++ b/net/ipv4/tcp.c
@@ -782,7 +782,6 @@ ssize_t tcp_splice_read(struct socket *sock, loff_t *ppos,
 		.len = len,
 		.flags = flags,
 	};
-	long timeo;
 	ssize_t spliced;
 	int ret;
 
@@ -797,7 +796,6 @@ ssize_t tcp_splice_read(struct socket *sock, loff_t *ppos,
 
 	lock_sock(sk);
 
-	timeo = sock_rcvtimeo(sk, sock->file->f_flags & O_NONBLOCK);
 	while (tss.len) {
 		ret = __tcp_splice_read(sk, &tss);
 		if (ret < 0)
@@ -821,37 +819,13 @@ ssize_t tcp_splice_read(struct socket *sock, loff_t *ppos,
 				ret = -ENOTCONN;
 				break;
 			}
-			if (!timeo) {
-				ret = -EAGAIN;
-				break;
-			}
-			/* if __tcp_splice_read() got nothing while we have
-			 * an skb in receive queue, we do not want to loop.
-			 * This might happen with URG data.
-			 */
-			if (!skb_queue_empty(&sk->sk_receive_queue))
-				break;
-			ret = sk_wait_data(sk, &timeo, NULL);
-			if (ret < 0)
-				break;
-			if (signal_pending(current)) {
-				ret = sock_intr_errno(timeo);
-				break;
-			}
-			continue;
+			ret = -EAGAIN;
+			break;
 		}
 		tss.len -= ret;
 		spliced += ret;
 
-		if (!tss.len || !timeo)
-			break;
-		release_sock(sk);
-		lock_sock(sk);
-
-		if (sk->sk_err || sk->sk_state == TCP_CLOSE ||
-		    (sk->sk_shutdown & RCV_SHUTDOWN) ||
-		    signal_pending(current))
-			break;
+		break;
 	}
 
 	release_sock(sk);

From patchwork Thu Dec 21 03:09:10 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: =?utf-8?q?Ahelenia_Ziemia=C5=84ska?=
 <nabijaczleweli@nabijaczleweli.xyz>
X-Patchwork-Id: 13500920
Received: from tarta.nabijaczleweli.xyz (tarta.nabijaczleweli.xyz
 [139.28.40.42])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 52D4118035;
	Thu, 21 Dec 2023 03:09:12 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=nabijaczleweli.xyz
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=nabijaczleweli.xyz
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=nabijaczleweli.xyz
 header.i=@nabijaczleweli.xyz header.b="WnvVBEoU"
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=nabijaczleweli.xyz;
	s=202305; t=1703128150;
	bh=Jm7XzHnqDG9iwaDHGTe5ldutgziwWY+ScUPkOH8HCS0=;
	h=Date:From:Cc:Subject:References:In-Reply-To:From;
	b=WnvVBEoUJFMt79/ZV/pfyW1Dj4U9GOMXgiBmZdAw8p9y5MsOYMkGKNgVs3tq+RU6q
	 kGnfCNltQC7vfNESPY2wuggMkbwywOgPLzEnOk1DdWumqI+LIGHIr0QpVwln7sXyjB
	 lKQorhc2w9446jX2cHwSLOOu71JnHxShnnPyuhXTaZ8pvYdiQeRgdn1bj8E2c9kY5F
	 Fn6w3hCwRNqO0qeq2ZHQ45u+XzoiSBMDe/lVVvxBHuXNTfwGnlJfDohjOydzALdzpY
	 22tTHAkwi0hnuRAlEnPYbDsIC+ZZaBuZBmd7AmHAROo5cxShp3A7BwkHLstbwXqFc9
	 iIY5IRYM8cZiA==
Received: from tarta.nabijaczleweli.xyz (unknown [192.168.1.250])
	by tarta.nabijaczleweli.xyz (Postfix) with ESMTPSA id CB40D13778;
	Thu, 21 Dec 2023 04:09:10 +0100 (CET)
Date: Thu, 21 Dec 2023 04:09:10 +0100
From: Ahelenia =?utf-8?q?Ziemia=C5=84ska?= <nabijaczleweli@nabijaczleweli.xyz>
Cc: Jens Axboe <axboe@kernel.dk>, Christian Brauner <brauner@kernel.org>,
	Alexander Viro <viro@zeniv.linux.org.uk>, linux-fsdevel@vger.kernel.org,
	Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
 Jiri Slaby <jirislaby@kernel.org>, linux-kernel@vger.kernel.org,
	linux-serial@vger.kernel.org
Subject: [PATCH v2 08/11] tty: splice_read: disable
Message-ID: 
 <4dec932dcd027aa5836d70a6d6bedd55914c84c2.1703126594.git.nabijaczleweli@nabijaczleweli.xyz>
References: <cover.1703126594.git.nabijaczleweli@nabijaczleweli.xyz>
Precedence: bulk
X-Mailing-List: linux-fsdevel@vger.kernel.org
List-Id: <linux-fsdevel.vger.kernel.org>
List-Subscribe: <mailto:linux-fsdevel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-fsdevel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <cover.1703126594.git.nabijaczleweli@nabijaczleweli.xyz>
User-Agent: NeoMutt/20231103-116-3b855e-dirty

We request non-blocking I/O in the generic copy_splice_read, but
"the tty layer doesn't actually honor the IOCB_NOWAIT flag for
various historical reasons.". This means that a tty->pipe splice
will happily sleep with the pipe locked forever, and any process
trying to take it (due to an open/read/write/&c.) will enter
uninterruptible sleep.

This also masks inconsistent wake-ups (usually every second line)
when splicing from ttys in icanon mode.

Link: https://lore.kernel.org/linux-fsdevel/CAHk-=wimmqG_wvSRtMiKPeGGDL816n65u=Mq2+H3-=uM2U6FmA@mail.gmail.com/
Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz>
Acked-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/tty/tty_io.c | 2 --
 1 file changed, 2 deletions(-)

diff --git a/drivers/tty/tty_io.c b/drivers/tty/tty_io.c
index 06414e43e0b5..50c2957a9c7f 100644
--- a/drivers/tty/tty_io.c
+++ b/drivers/tty/tty_io.c
@@ -465,7 +465,6 @@ static const struct file_operations tty_fops = {
 	.llseek		= no_llseek,
 	.read_iter	= tty_read,
 	.write_iter	= tty_write,
-	.splice_read	= copy_splice_read,
 	.splice_write	= iter_file_splice_write,
 	.poll		= tty_poll,
 	.unlocked_ioctl	= tty_ioctl,
@@ -480,7 +479,6 @@ static const struct file_operations console_fops = {
 	.llseek		= no_llseek,
 	.read_iter	= tty_read,
 	.write_iter	= redirected_tty_write,
-	.splice_read	= copy_splice_read,
 	.splice_write	= iter_file_splice_write,
 	.poll		= tty_poll,
 	.unlocked_ioctl	= tty_ioctl,

From patchwork Thu Dec 21 03:09:13 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: =?utf-8?q?Ahelenia_Ziemia=C5=84ska?=
 <nabijaczleweli@nabijaczleweli.xyz>
X-Patchwork-Id: 13500921
Received: from tarta.nabijaczleweli.xyz (tarta.nabijaczleweli.xyz
 [139.28.40.42])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id C7AF97465;
	Thu, 21 Dec 2023 03:09:14 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=nabijaczleweli.xyz
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=nabijaczleweli.xyz
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=nabijaczleweli.xyz
 header.i=@nabijaczleweli.xyz header.b="QZmoX77V"
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=nabijaczleweli.xyz;
	s=202305; t=1703128153;
	bh=Th4fa7MCjmNnRPOCcYkriGTTe1mzhXYl0tas+sW0PFs=;
	h=Date:From:Cc:Subject:References:In-Reply-To:From;
	b=QZmoX77VwzQxQHIG1I56OoFEDolsC6mQnhbznWXo6F2+hmH01F3MkkiwHN9SXcwzJ
	 g0QW/nQrIqn41sTciSQNp7k1k2PfnQ99LjtiwdJSr/g6T31J/41WDWbRaOQc9fUCrX
	 U3SOYC7eBBoXhVWDZPomuDCJU8gtlUwOnfDTgBvFcTC5dSOLfepH/1EdkurAwN7DqW
	 HY1ui1CQ/r2/R8oX3lE2APrABJuAvFGhimZHGma1oxyaePZP8+80wxo7peqNlLXJ5l
	 pEV43tDp8/0XgbfVtoJyAFCaWSk2k/2meqF0FfbFhjcFEYbu9Wf5qkF9fuIjw25XeS
	 n00zYlXNJ/HNA==
Received: from tarta.nabijaczleweli.xyz (unknown [192.168.1.250])
	by tarta.nabijaczleweli.xyz (Postfix) with ESMTPSA id 44BF813DB4;
	Thu, 21 Dec 2023 04:09:13 +0100 (CET)
Date: Thu, 21 Dec 2023 04:09:13 +0100
From: Ahelenia =?utf-8?q?Ziemia=C5=84ska?= <nabijaczleweli@nabijaczleweli.xyz>
Cc: Jens Axboe <axboe@kernel.dk>, Christian Brauner <brauner@kernel.org>,
	Alexander Viro <viro@zeniv.linux.org.uk>, linux-fsdevel@vger.kernel.org,
	Miklos Szeredi <miklos@szeredi.hu>, Vivek Goyal <vgoyal@redhat.com>,
	Stefan Hajnoczi <stefanha@redhat.com>, linux-kernel@vger.kernel.org,
 virtualization@lists.linux.dev
Subject: [PATCH v2 09/11] fuse: file: limit splice_read to virtiofs
Message-ID: 
 <9b5cd13bc9e9c570978ec25b25ba5e4081b3d56b.1703126594.git.nabijaczleweli@nabijaczleweli.xyz>
References: <cover.1703126594.git.nabijaczleweli@nabijaczleweli.xyz>
Precedence: bulk
X-Mailing-List: linux-fsdevel@vger.kernel.org
List-Id: <linux-fsdevel.vger.kernel.org>
List-Subscribe: <mailto:linux-fsdevel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-fsdevel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <cover.1703126594.git.nabijaczleweli@nabijaczleweli.xyz>
User-Agent: NeoMutt/20231103-116-3b855e-dirty

Potentially-blocking splice_reads are allowed for normal filesystems
like NFS because they're blessed by root.

FUSE is commonly used suid-root, and allows anyone to trivially create
a file that, when spliced from, will just sleep forever with the pipe
lock held.

The only way IPC to the fusing process could be avoided is if
!(ff->open_flags & FOPEN_DIRECT_IO) and the range was already cached
and we weren't past the end. Just refuse it.

virtiofs behaves like a normal filesystem and can only be mounted
by root, it's unaffected by use of a new "trusted" connection flag.
This may be extended to include real FUSE mounts by processes which
aren't suid, to match the semantics for normal filesystems.

Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz>
---
 fs/fuse/file.c      | 17 ++++++++++++++++-
 fs/fuse/fuse_i.h    |  3 +++
 fs/fuse/virtio_fs.c |  1 +
 3 files changed, 20 insertions(+), 1 deletion(-)

diff --git a/fs/fuse/file.c b/fs/fuse/file.c
index a660f1f21540..20bb16ddfcc9 100644
--- a/fs/fuse/file.c
+++ b/fs/fuse/file.c
@@ -3200,6 +3200,21 @@ static ssize_t fuse_copy_file_range(struct file *src_file, loff_t src_off,
 	return ret;
 }
 
+static long fuse_splice_read(struct file *in, loff_t *ppos,
+			     struct pipe_inode_info *pipe, size_t len,
+			     unsigned int flags)
+{
+	struct inode *inode = file_inode(in);
+
+	if (fuse_is_bad(inode))
+		return -EIO;
+
+	if (get_fuse_conn(inode)->trusted)
+		return filemap_splice_read(in, ppos, pipe, len, flags);
+
+	return -EINVAL;
+}
+
 static const struct file_operations fuse_file_operations = {
 	.llseek		= fuse_file_llseek,
 	.read_iter	= fuse_file_read_iter,
@@ -3212,7 +3227,7 @@ static const struct file_operations fuse_file_operations = {
 	.lock		= fuse_file_lock,
 	.get_unmapped_area = thp_get_unmapped_area,
 	.flock		= fuse_file_flock,
-	.splice_read	= filemap_splice_read,
+	.splice_read	= fuse_splice_read,
 	.splice_write	= iter_file_splice_write,
 	.unlocked_ioctl	= fuse_file_ioctl,
 	.compat_ioctl	= fuse_file_compat_ioctl,
diff --git a/fs/fuse/fuse_i.h b/fs/fuse/fuse_i.h
index 1df83eebda92..463c5d4ad8b4 100644
--- a/fs/fuse/fuse_i.h
+++ b/fs/fuse/fuse_i.h
@@ -818,6 +818,9 @@ struct fuse_conn {
 	/* Is statx not implemented by fs? */
 	unsigned int no_statx:1;
 
+	/* Do we trust this connection to always respond? */
+	bool trusted:1;
+
 	/** The number of requests waiting for completion */
 	atomic_t num_waiting;
 
diff --git a/fs/fuse/virtio_fs.c b/fs/fuse/virtio_fs.c
index 5f1be1da92ce..fce0fe24899a 100644
--- a/fs/fuse/virtio_fs.c
+++ b/fs/fuse/virtio_fs.c
@@ -1448,6 +1448,7 @@ static int virtio_fs_get_tree(struct fs_context *fsc)
 	fc->delete_stale = true;
 	fc->auto_submounts = true;
 	fc->sync_fs = true;
+	fc->trusted = true;
 
 	/* Tell FUSE to split requests that exceed the virtqueue's size */
 	fc->max_pages_limit = min_t(unsigned int, fc->max_pages_limit,

From patchwork Thu Dec 21 03:09:15 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: =?utf-8?q?Ahelenia_Ziemia=C5=84ska?=
 <nabijaczleweli@nabijaczleweli.xyz>
X-Patchwork-Id: 13500922
Received: from tarta.nabijaczleweli.xyz (tarta.nabijaczleweli.xyz
 [139.28.40.42])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id AA69C1C6A1;
	Thu, 21 Dec 2023 03:09:17 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=nabijaczleweli.xyz
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=nabijaczleweli.xyz
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=nabijaczleweli.xyz
 header.i=@nabijaczleweli.xyz header.b="am0OQY2u"
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=nabijaczleweli.xyz;
	s=202305; t=1703128155;
	bh=v1LDSBFECKp55cHcJgliRFwG+eK4aIOtUl+IUjCyXZY=;
	h=Date:From:Cc:Subject:References:In-Reply-To:From;
	b=am0OQY2uHQDPfoEgBreevZIYAovUOsivpLozXpHY6pDWjxDYLTNFj7NA0QFY2Vfx6
	 L/+q4JL2V27Lw/bDmDgn2EarKldnDeXiFRghJDXzVLw7ADErJaTDoVQv6YicHiC8kS
	 QRXkdMg5g3felN1IFwhEprDyplJ/m/QB5gBdiRDcKy5kOgcm16GOeUwGw/HF7SISk9
	 8W3AUt1HClvnSG5JqSMNiKlnkNorwtWjOiZo9IZMm1MouZvR8rFDfgptFyyYWSZsW7
	 njK2XgAtXofLjlKDiVQqFkCRtI9Oivf+FVruSRmFAaFPLgkqqnQ6bRc5VlVE2/cnyb
	 Mem/xPS8Kep7g==
Received: from tarta.nabijaczleweli.xyz (unknown [192.168.1.250])
	by tarta.nabijaczleweli.xyz (Postfix) with ESMTPSA id E2DA913D44;
	Thu, 21 Dec 2023 04:09:15 +0100 (CET)
Date: Thu, 21 Dec 2023 04:09:15 +0100
From: Ahelenia =?utf-8?q?Ziemia=C5=84ska?= <nabijaczleweli@nabijaczleweli.xyz>
Cc: Jens Axboe <axboe@kernel.dk>, Christian Brauner <brauner@kernel.org>,
	Alexander Viro <viro@zeniv.linux.org.uk>, linux-fsdevel@vger.kernel.org,
	Miklos Szeredi <miklos@szeredi.hu>, linux-kernel@vger.kernel.org
Subject: [PATCH v2 10/11] fuse: allow splicing from filesystems mounted by
 real root
Message-ID: 
 <7a160b52d8fa53a9257a2383021a5279d2628edb.1703126594.git.nabijaczleweli@nabijaczleweli.xyz>
References: <cover.1703126594.git.nabijaczleweli@nabijaczleweli.xyz>
Precedence: bulk
X-Mailing-List: linux-fsdevel@vger.kernel.org
List-Id: <linux-fsdevel.vger.kernel.org>
List-Subscribe: <mailto:linux-fsdevel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-fsdevel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <cover.1703126594.git.nabijaczleweli@nabijaczleweli.xyz>
User-Agent: NeoMutt/20231103-116-3b855e-dirty

FUSE tends to be installed suid 0: this allows normal users to mount
anything, including a program whose read implementation consists
of for(;;) sleep(1);, which, if splice were allowed, would sleep
forever with the pipe lock held.

Normal filesystems can only be mounted by root, and are thus deemed
safe. Extend this to when root mounts a FUSE filesystem with an
explicit check.

Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz>
---
 fs/fuse/fuse_i.h | 1 +
 fs/fuse/inode.c  | 2 ++
 2 files changed, 3 insertions(+)

diff --git a/fs/fuse/fuse_i.h b/fs/fuse/fuse_i.h
index 463c5d4ad8b4..a9ceaf10c1d2 100644
--- a/fs/fuse/fuse_i.h
+++ b/fs/fuse/fuse_i.h
@@ -532,6 +532,7 @@ struct fuse_fs_context {
 	bool no_control:1;
 	bool no_force_umount:1;
 	bool legacy_opts_show:1;
+	bool trusted:1;
 	enum fuse_dax_mode dax_mode;
 	unsigned int max_read;
 	unsigned int blksize;
diff --git a/fs/fuse/inode.c b/fs/fuse/inode.c
index 2a6d44f91729..91108ba9acec 100644
--- a/fs/fuse/inode.c
+++ b/fs/fuse/inode.c
@@ -1779,6 +1779,7 @@ static int fuse_get_tree(struct fs_context *fsc)
 
 	fuse_conn_init(fc, fm, fsc->user_ns, &fuse_dev_fiq_ops, NULL);
 	fc->release = fuse_free_conn;
+	fc->trusted = ctx->trusted;
 
 	fsc->s_fs_info = fm;
 
@@ -1840,6 +1841,7 @@ static int fuse_init_fs_context(struct fs_context *fsc)
 	ctx->max_read = ~0;
 	ctx->blksize = FUSE_DEFAULT_BLKSIZE;
 	ctx->legacy_opts_show = true;
+	ctx->trusted = uid_eq(current_uid(), GLOBAL_ROOT_UID);
 
 #ifdef CONFIG_BLOCK
 	if (fsc->fs_type == &fuseblk_fs_type) {

From patchwork Thu Dec 21 03:09:20 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: =?utf-8?q?Ahelenia_Ziemia=C5=84ska?=
 <nabijaczleweli@nabijaczleweli.xyz>
X-Patchwork-Id: 13500923
Received: from tarta.nabijaczleweli.xyz (tarta.nabijaczleweli.xyz
 [139.28.40.42])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 70CD81802F;
	Thu, 21 Dec 2023 03:09:22 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=nabijaczleweli.xyz
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=nabijaczleweli.xyz
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=nabijaczleweli.xyz
 header.i=@nabijaczleweli.xyz header.b="HINY7x7B"
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=nabijaczleweli.xyz;
	s=202305; t=1703128160;
	bh=eC4NraofFatu6EgrcpX+Ng78r0bAeuupM1IBexlD5Ys=;
	h=Date:From:Cc:Subject:References:In-Reply-To:From;
	b=HINY7x7BkBUHP9olDZg9BvZ7avlAArx1U47t/vMBnlm8bvXRPUqPOZGu4BP0calNW
	 +qP5WwTZ7m8A6P0Eq0SomxcbT3bjO6+HGgOP3fN8XBVcWzNmwFOfvjG7Sy7qSkxi95
	 UdNRo5p0d4TaG+0RL5UoMtpy5b0pXrCyKu3RtpYWkylfBHmzNcSw9W8ZERB9ODPDYR
	 omIHfyZXYy55TAZgy23srefzgvzBFACrKKO/7laPUDUgEnO8pbk/d/MzSRLofYJ8GQ
	 7GjOD2R6/n3A4BCOHdRplwqDvcVp2EjmqpFuxRRdwcDpkQxflvSW1R2lop763rEJCb
	 C6x+K8LGUIZTw==
Received: from tarta.nabijaczleweli.xyz (unknown [192.168.1.250])
	by tarta.nabijaczleweli.xyz (Postfix) with ESMTPSA id E02471377A;
	Thu, 21 Dec 2023 04:09:20 +0100 (CET)
Date: Thu, 21 Dec 2023 04:09:20 +0100
From: Ahelenia =?utf-8?q?Ziemia=C5=84ska?= <nabijaczleweli@nabijaczleweli.xyz>
Cc: Jens Axboe <axboe@kernel.dk>, Christian Brauner <brauner@kernel.org>,
	Alexander Viro <viro@zeniv.linux.org.uk>, linux-fsdevel@vger.kernel.org,
 linux-kernel@vger.kernel.org
Subject: [PATCH v2 11/11] splice: splice_to_socket: always request
 MSG_DONTWAIT
Message-ID: 
 <b169b3bb105b4691b778ccb991f58853c95d106c.1703126594.git.nabijaczleweli@nabijaczleweli.xyz>
References: <cover.1703126594.git.nabijaczleweli@nabijaczleweli.xyz>
Precedence: bulk
X-Mailing-List: linux-fsdevel@vger.kernel.org
List-Id: <linux-fsdevel.vger.kernel.org>
List-Subscribe: <mailto:linux-fsdevel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-fsdevel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <cover.1703126594.git.nabijaczleweli@nabijaczleweli.xyz>
User-Agent: NeoMutt/20231103-116-3b855e-dirty

The pipe is locked at the top of the function, so sock_sendmsg
sleeps for space with the pipe lock held ‒ given:
	cat > to_socket.c <<^D
	#define _GNU_SOURCE
	#include <fcntl.h>
	#include <unistd.h>
	#include <sys/socket.h>
	#include <sys/un.h>
	int main()
	{
		int sp[2];
		socketpair(AF_UNIX, SOCK_STREAM | SOCK_NONBLOCK, 0, sp);
		while(write(sp[1], sp, 1) == 1)
			;
		fcntl(sp[1], F_SETFL, 0);
		for (;;)
			splice(0, 0, sp[1], 0, 128 * 1024 * 1024, 0);
	}
	^D
	cc to_socket.c -o to_socket
	mkfifo fifo
	sleep 10 > fifo &
	./to_socket < fifo &
	echo zupa > fifo
to_socket used to sleep in splice and the shell used to enter an
uninterruptible sleep in closing the fifo in dup2(10, 1);
now the splice returns -EAGAIN and the whole program completes.

Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz>
---
 fs/splice.c | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/fs/splice.c b/fs/splice.c
index 9d29664f23ee..2871c6f9366f 100644
--- a/fs/splice.c
+++ b/fs/splice.c
@@ -869,13 +869,11 @@ ssize_t splice_to_socket(struct pipe_inode_info *pipe, struct file *out,
 		if (!bc)
 			break;
 
-		msg.msg_flags = MSG_SPLICE_PAGES;
+		msg.msg_flags = MSG_SPLICE_PAGES | MSG_DONTWAIT;
 		if (flags & SPLICE_F_MORE)
 			msg.msg_flags |= MSG_MORE;
 		if (remain && pipe_occupancy(pipe->head, tail) > 0)
 			msg.msg_flags |= MSG_MORE;
-		if (out->f_flags & O_NONBLOCK)
-			msg.msg_flags |= MSG_DONTWAIT;
 
 		iov_iter_bvec(&msg.msg_iter, ITER_SOURCE, bvec, bc,
 			      len - remain);

From patchwork Thu Dec 21 03:09:26 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: =?utf-8?q?Ahelenia_Ziemia=C5=84ska?=
 <nabijaczleweli@nabijaczleweli.xyz>
X-Patchwork-Id: 13500924
Received: from tarta.nabijaczleweli.xyz (tarta.nabijaczleweli.xyz
 [139.28.40.42])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id ED18722324;
	Thu, 21 Dec 2023 03:09:27 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=nabijaczleweli.xyz
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=nabijaczleweli.xyz
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=nabijaczleweli.xyz
 header.i=@nabijaczleweli.xyz header.b="F7gAnsMy"
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=nabijaczleweli.xyz;
	s=202305; t=1703128166;
	bh=QL0lddTMwRPoSZ6aTDIQu4Srn7Q11jih7quYd1vg0Vo=;
	h=Date:From:Cc:Subject:References:In-Reply-To:From;
	b=F7gAnsMyVXO678N+0p+QbMrYBWgojnKNsTIWjttkyfbMZ1MBMUxaIBde0RDt12APh
	 i3Jko7SRzsL1OmiSoIJ4SZ4H6msWH7exQvARD+Jv8HX13w0KORDjAXdTH+Idhj0+X5
	 GGYH8ke4EI8fIy5O5jg0HH1Ju4a0MSDgVguNsJ0i6Tb//n+Jmvrz0YvkwBlwT5erA4
	 T/7Md7StzD6FraWo9cmrWWYZTQ6bKz9PpM306NILw6tAxiF9D45Uuhdw8yF4l2ZYH0
	 QGqBAu0FjQjTd/sqTkj5dUCM0n4fpM1f3dJP7jwVqjPcZAhfI9T4K1xhtdIbPBL48N
	 PQAUUz7vlAFAA==
Received: from tarta.nabijaczleweli.xyz (unknown [192.168.1.250])
	by tarta.nabijaczleweli.xyz (Postfix) with ESMTPSA id 5CB8213DB6;
	Thu, 21 Dec 2023 04:09:26 +0100 (CET)
Date: Thu, 21 Dec 2023 04:09:26 +0100
From: Ahelenia =?utf-8?q?Ziemia=C5=84ska?= <nabijaczleweli@nabijaczleweli.xyz>
Cc: Jens Axboe <axboe@kernel.dk>, Christian Brauner <brauner@kernel.org>,
	Alexander Viro <viro@zeniv.linux.org.uk>, linux-fsdevel@vger.kernel.org,
	Alejandro Colomar <alx@kernel.org>, linux-man@vger.kernel.org,
 linux-kernel@vger.kernel.org
Subject: [PATCH v2 12/11 man-pages] splice.2: document 6.8 blocking behaviour
Message-ID: 
 <ii3qfagelsu6j2zddtzl6cruy6bpd5wimx35dabhktymjxrwli@tarta.nabijaczleweli.xyz>
References: <cover.1703126594.git.nabijaczleweli@nabijaczleweli.xyz>
Precedence: bulk
X-Mailing-List: linux-fsdevel@vger.kernel.org
List-Id: <linux-fsdevel.vger.kernel.org>
List-Subscribe: <mailto:linux-fsdevel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-fsdevel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <cover.1703126594.git.nabijaczleweli@nabijaczleweli.xyz>
User-Agent: NeoMutt/20231103-116-3b855e-dirty

Hypothetical text that matches v2.

Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz>
---
 man2/splice.2 | 47 +++++++++++++++++++++++++++++++++++++++++++----
 1 file changed, 43 insertions(+), 4 deletions(-)

diff --git a/man2/splice.2 b/man2/splice.2
index e5d05a05c..d2c7ac8d5 100644
--- a/man2/splice.2
+++ b/man2/splice.2
@@ -139,10 +139,11 @@ .SH ERRORS
 .B EAGAIN
 .B SPLICE_F_NONBLOCK
 was specified in
-.I flags
-or one of the file descriptors had been marked as nonblocking
-.RB ( O_NONBLOCK ) ,
-and the operation would block.
+.IR flags ,
+one of the file descriptors had been marked as nonblocking
+.RB ( O_NONBLOCK )
+and the operation would block,
+or splicing from an untrusted IPC mechanism and no data was available (see HISTORY below).
 .TP
 .B EBADF
 One or both file descriptors are not valid,
@@ -192,6 +193,44 @@ .SH HISTORY
 Since Linux 2.6.31,
 .\" commit 7c77f0b3f9208c339a4b40737bb2cb0f0319bb8d
 both arguments may refer to pipes.
+.P
+Between Linux 4.9 and 6.7,
+.\" commit 8924feff66f35fe22ce77aafe3f21eb8e5cff881
+splicing from a non-pipe to a pipe without
+.B SPLICE_F_NONBLOCK
+would hold the pipe lock and wait for data on the non-pipe.
+This isn't an issue for files, but if the non-pipe is a tty,
+or an IPC mechanism like a socket or a
+.BR fuse (4)
+filesystem, this means that a thread attempting any operation (like
+.BR open (2)/ read (2)/ write (2)/ close (2))
+on the pipe would enter uninterruptible sleep until data appeared,
+which may never happen.
+The same applies to splicing from a pipe to a full socket.
+.P
+Since Linux 6.8,
+.\" commit TBD
+splicing from ttys is disabled
+.RB ( EINVAL ),
+reads done when splicing from sockets happen in non-blocking mode
+(as-if
+.BR MSG_DONTWAIT ,
+returning
+.B EAGAIN
+if no data is available),
+and splicing from
+.BR fuse (4)
+filesystems is only allowed if they were mounted by
+root in the initial user namespace
+(this matches security semantics for normal filesystems).
+If a splice implementation is devised that doesn't need to lock the pipe
+while waiting for data, this may be reversed in a future version.
+Writes when splicing to sockets are also done non-blockingly
+(as-if
+.BR MSG_DONTWAIT ,
+returning
+.B EAGAIN
+if the socket is full).
 .SH NOTES
 The three system calls
 .BR splice (),

From patchwork Sun Dec 24 05:01:49 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: =?utf-8?q?Ahelenia_Ziemia=C5=84ska?=
 <nabijaczleweli@nabijaczleweli.xyz>
X-Patchwork-Id: 13504179
Received: from tarta.nabijaczleweli.xyz (tarta.nabijaczleweli.xyz
 [139.28.40.42])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5F4D2EC0;
	Sun, 24 Dec 2023 05:01:56 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=nabijaczleweli.xyz
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=nabijaczleweli.xyz
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=nabijaczleweli.xyz
 header.i=@nabijaczleweli.xyz header.b="jHk9hGJB"
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=nabijaczleweli.xyz;
	s=202305; t=1703394109;
	bh=8JqjLYgVpBXyZxmwMpSVDZbE1TJ3MF+mAG3wx6Uw9pQ=;
	h=Date:From:Cc:Subject:References:In-Reply-To:From;
	b=jHk9hGJB5O3WI8fjG4cLk3aQJtGC+pfA0r0KZO3OH1sUKU5kWEp0+fh4OVGlfMtMi
	 K+dlbxT25iY5MS+SPpD5IRmF3TuTU5vo46Y7bjzBts7Gaa2eju425b80QL8d95XKMV
	 oEuAasy7V3VjGivCeoLyhnKCyfHJg5L4ELNjAlhFJ23qlJyETRTimLl7C3AFplIvhQ
	 ZThiJDSm9GP4nb092DACHKBbNcYOH2qplLF8TQK1WM0k1TkYiNgSfG8Hqj7z7edvM3
	 WmaxrW+zaE82xLkdKCiTbbDiYZiIPXeePzmmh2nMnt1e7a0vNaYkPsV1eIHw3+98OC
	 YyXAX7hZgbESA==
Received: from tarta.nabijaczleweli.xyz (unknown [192.168.1.250])
	by tarta.nabijaczleweli.xyz (Postfix) with ESMTPSA id 5AE9E1421C;
	Sun, 24 Dec 2023 06:01:49 +0100 (CET)
Date: Sun, 24 Dec 2023 06:01:49 +0100
From: Ahelenia =?utf-8?q?Ziemia=C5=84ska?= <nabijaczleweli@nabijaczleweli.xyz>
Cc: Jens Axboe <axboe@kernel.dk>, Christian Brauner <brauner@kernel.org>,
	Alexander Viro <viro@zeniv.linux.org.uk>, linux-fsdevel@vger.kernel.org,
 linux-kernel@vger.kernel.org,
	Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
 Jiri Slaby <jirislaby@kernel.org>, linux-serial@vger.kernel.org
Subject: [PATCH v2 13/11] tty: splice_write: disable
Message-ID: 
 <fvxufyqixohx65lcusrkkfoxs5cnlsuv7kajv6bnngcoewsodx@tarta.nabijaczleweli.xyz>
References: <cover.1703126594.git.nabijaczleweli@nabijaczleweli.xyz>
Precedence: bulk
X-Mailing-List: linux-fsdevel@vger.kernel.org
List-Id: <linux-fsdevel.vger.kernel.org>
List-Subscribe: <mailto:linux-fsdevel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-fsdevel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <cover.1703126594.git.nabijaczleweli@nabijaczleweli.xyz>
User-Agent: NeoMutt/20231103

Given:
	cat > ttyW.c <<^D
	#define _GNU_SOURCE
	#include <fcntl.h>
	#include <stdlib.h>
	int main()
	{
		int pt = posix_openpt(O_RDWR);
		grantpt(pt);
		unlockpt(pt);
		int cl = open(ptsname(pt), O_WRONLY);
		for (;;)
			splice(0, 0, cl, 0, 128 * 1024 * 1024, 0);
	}
	^D
	cc ttyW.c -o ttyW
	mkfifo fifo
	truncate 32M 32M
	./ttyW < fifo &
	cp 32M fifo &
	sleep 0.1
	read -r _ < fifo
ttyW used to sleep in splice and the shell used to enter an
uninterruptible sleep in open("fifo");
now the splice returns -EINVAL and the whole program completes.

This is also symmetric with the splice_read removal.

Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz>
---
It hit me that I should actually probably exhaustively re-evaluate
splice_write as well since re-evaluating splice_read went so well.

fs/fuse/dev.c:  .splice_write   = fuse_dev_splice_write,
drivers/char/virtio_console.c:  .splice_write = port_fops_splice_write,
locks, takes some pages, unlocks, writes, so OK

drivers/char/mem.c:	.splice_write	= splice_write_null,
drivers/char/mem.c:	.splice_write	= splice_write_zero,
no-op

drivers/char/random.c:	.splice_write = iter_file_splice_write,
drivers/char/random.c:	.splice_write = iter_file_splice_write,
AFAICT write_pool_user is okay to invoke like this?

net/socket.c:   .splice_write = splice_to_socket,
already dealt with in 11/11

drivers/tty/tty_io.c:   .splice_write   = iter_file_splice_write,
drivers/tty/tty_io.c:   .splice_write   = iter_file_splice_write,
they do lock the pipe and try the write with the lock held;
we already killed splice_read so just kill splice_write for symmetry
(13/11)

fs/fuse/file.c: .splice_write   = iter_file_splice_write,
same logic as splice_read applies (14/11)

 drivers/tty/tty_io.c | 2 --
 1 file changed, 2 deletions(-)

diff --git a/drivers/tty/tty_io.c b/drivers/tty/tty_io.c
index 50c2957a9c7f..d931c34ddcbf 100644
--- a/drivers/tty/tty_io.c
+++ b/drivers/tty/tty_io.c
@@ -465,7 +465,6 @@ static const struct file_operations tty_fops = {
 	.llseek		= no_llseek,
 	.read_iter	= tty_read,
 	.write_iter	= tty_write,
-	.splice_write	= iter_file_splice_write,
 	.poll		= tty_poll,
 	.unlocked_ioctl	= tty_ioctl,
 	.compat_ioctl	= tty_compat_ioctl,
@@ -479,7 +478,6 @@ static const struct file_operations console_fops = {
 	.llseek		= no_llseek,
 	.read_iter	= tty_read,
 	.write_iter	= redirected_tty_write,
-	.splice_write	= iter_file_splice_write,
 	.poll		= tty_poll,
 	.unlocked_ioctl	= tty_ioctl,
 	.compat_ioctl	= tty_compat_ioctl,

From patchwork Sun Dec 24 05:01:54 2023
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: =?utf-8?q?Ahelenia_Ziemia=C5=84ska?=
 <nabijaczleweli@nabijaczleweli.xyz>
X-Patchwork-Id: 13504178
Received: from tarta.nabijaczleweli.xyz (tarta.nabijaczleweli.xyz
 [139.28.40.42])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 5F4A2EBF;
	Sun, 24 Dec 2023 05:01:56 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
 dmarc=pass (p=none dis=none) header.from=nabijaczleweli.xyz
Authentication-Results: smtp.subspace.kernel.org;
 spf=pass smtp.mailfrom=nabijaczleweli.xyz
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=nabijaczleweli.xyz
 header.i=@nabijaczleweli.xyz header.b="aAOwHujo"
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=nabijaczleweli.xyz;
	s=202305; t=1703394114;
	bh=hcGjNUWjUvKrg7W9sP+5Qf3cAGzvTS7z8iQNqmWoJVY=;
	h=Date:From:Cc:Subject:References:In-Reply-To:From;
	b=aAOwHujoZh8A8br2WcnveVFVVHZrmUqFKEiFz3ZvueLw1cv+Nhkmh6lG7MromTihE
	 zaNcru+0J6j8h75/bNzdmFU9LmG3owLRSXuGDKPLDxnxt5Lhi8XxYNgh0HU+NjRCun
	 s4kI0WhYqZIKpiwSP5WrdWH5C2oSF+hhmm8aEJdqB3cfE549aZjW7MnjNfdMulEjTV
	 V28w/uNF/O+hgwuSSCPMDRJ5HF/AQV+4OQANhSZv/PKVFumTBMTsG5QUItjt8EkwMS
	 AHvlJedggztRbSCbLmDKnaJtNBEyb+aE+Bee7H0HDiVB7FHKwwhDB9v9ELAQmxu4ph
	 9NewouF2HOMWQ==
Received: from tarta.nabijaczleweli.xyz (unknown [192.168.1.250])
	by tarta.nabijaczleweli.xyz (Postfix) with ESMTPSA id A5FBD1421E;
	Sun, 24 Dec 2023 06:01:54 +0100 (CET)
Date: Sun, 24 Dec 2023 06:01:54 +0100
From: Ahelenia =?utf-8?q?Ziemia=C5=84ska?= <nabijaczleweli@nabijaczleweli.xyz>
Cc: Jens Axboe <axboe@kernel.dk>, Christian Brauner <brauner@kernel.org>,
	Alexander Viro <viro@zeniv.linux.org.uk>, linux-fsdevel@vger.kernel.org,
 linux-kernel@vger.kernel.org,
	Miklos Szeredi <miklos@szeredi.hu>
Subject: [PATCH v2 14/11] fuse: allow splicing to trusted mounts only
Message-ID: 
 <7j2y6xumiqxpkpqlakrvoribzin73y2p2rokgryyahegjvwo3h@tarta.nabijaczleweli.xyz>
References: <cover.1703126594.git.nabijaczleweli@nabijaczleweli.xyz>
Precedence: bulk
X-Mailing-List: linux-fsdevel@vger.kernel.org
List-Id: <linux-fsdevel.vger.kernel.org>
List-Subscribe: <mailto:linux-fsdevel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-fsdevel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <cover.1703126594.git.nabijaczleweli@nabijaczleweli.xyz>
User-Agent: NeoMutt/20231103

FUSE tends to be installed suid 0: this allows normal users to mount
anything, including a program whose write implementation consists
of for(;;) sleep(1);, which, if splice were allowed, would sleep
forever with the pipe lock held.

Normal filesystems can only be mounted by root, and are thus deemed
safe. Extend this to when root mounts a FUSE filesystem and to
virtiofs, mirroring the splice_read "trusted" logic.

Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz>
---
 fs/fuse/file.c | 17 ++++++++++++++++-
 1 file changed, 16 insertions(+), 1 deletion(-)

diff --git a/fs/fuse/file.c b/fs/fuse/file.c
index 20bb16ddfcc9..62308af13396 100644
--- a/fs/fuse/file.c
+++ b/fs/fuse/file.c
@@ -3215,6 +3215,21 @@ static long fuse_splice_read(struct file *in, loff_t *ppos,
 	return -EINVAL;
 }
 
+static ssize_t
+fuse_splice_write(struct pipe_inode_info *pipe, struct file *out,
+		  loff_t *ppos, size_t len, unsigned int flags)
+{
+	struct inode *inode = file_inode(out);
+
+	if (fuse_is_bad(inode))
+		return -EIO;
+
+	if (get_fuse_conn(inode)->trusted)
+		return iter_file_splice_write(pipe, out, ppos, len, flags);
+
+	return -EINVAL;
+}
+
 static const struct file_operations fuse_file_operations = {
 	.llseek		= fuse_file_llseek,
 	.read_iter	= fuse_file_read_iter,
@@ -3228,7 +3243,7 @@ static const struct file_operations fuse_file_operations = {
 	.get_unmapped_area = thp_get_unmapped_area,
 	.flock		= fuse_file_flock,
 	.splice_read	= fuse_splice_read,
-	.splice_write	= iter_file_splice_write,
+	.splice_write	= fuse_splice_write,
 	.unlocked_ioctl	= fuse_file_ioctl,
 	.compat_ioctl	= fuse_file_compat_ioctl,
 	.poll		= fuse_file_poll,