[RFC,1/4] io_uring/splice: support do_splice_direct
Commit Message
do_splice_direct() has at least two advantages:
1) the extra pipe isn't required from user viewpoint, so userspace
code can be simplified, meantime easy to relax current pipe
limit since curret->splice_pipe is used for direct splice
2) in some situation, it isn't good to expose file data via
->splice_read() to userspace, such as the coming ublk driver's
zero copy support, request pages will be spliced to pipe for
supporting zero copy, and if it is READ, userspace may read
data of kernel pages, and direct splice can avoid this kind
of info leaks
Signed-off-by: Ming Lei <ming.lei@redhat.com>
---
fs/read_write.c | 5 +++--
include/linux/splice.h | 3 +++
io_uring/splice.c | 13 ++++++++++---
3 files changed, 16 insertions(+), 5 deletions(-)
Comments
On Thu, Nov 03, 2022 at 04:50:01PM +0800, Ming Lei wrote:
> do_splice_direct() has at least two advantages:
>
> 1) the extra pipe isn't required from user viewpoint, so userspace
> code can be simplified, meantime easy to relax current pipe
> limit since curret->splice_pipe is used for direct splice
>
> 2) in some situation, it isn't good to expose file data via
> ->splice_read() to userspace, such as the coming ublk driver's
> zero copy support, request pages will be spliced to pipe for
> supporting zero copy, and if it is READ, userspace may read
> data of kernel pages, and direct splice can avoid this kind
> of info leaks
Please make this a separate opcode instead of overloading the splice
op with a flag that causes very different behavior and isn't supported
for the regular splice syscall.
@@ -1253,7 +1253,7 @@ static ssize_t do_sendfile(int out_fd, int in_fd, loff_t *ppos,
goto fput_out;
file_start_write(out.file);
retval = do_splice_direct(in.file, &pos, out.file, &out_pos,
- count, fl);
+ count, fl | SPLICE_F_DIRECT);
file_end_write(out.file);
} else {
if (out.file->f_flags & O_NONBLOCK)
@@ -1389,7 +1389,8 @@ ssize_t generic_copy_file_range(struct file *file_in, loff_t pos_in,
size_t len, unsigned int flags)
{
return do_splice_direct(file_in, &pos_in, file_out, &pos_out,
- len > MAX_RW_COUNT ? MAX_RW_COUNT : len, 0);
+ len > MAX_RW_COUNT ? MAX_RW_COUNT : len,
+ SPLICE_F_DIRECT);
}
EXPORT_SYMBOL(generic_copy_file_range);
@@ -23,6 +23,9 @@
#define SPLICE_F_ALL (SPLICE_F_MOVE|SPLICE_F_NONBLOCK|SPLICE_F_MORE|SPLICE_F_GIFT)
+/* used for io_uring interface only */
+#define SPLICE_F_DIRECT (0x10) /* direct splice and user needn't provide pipe */
+
/*
* Passed to the actors
*/
@@ -27,7 +27,8 @@ static int __io_splice_prep(struct io_kiocb *req,
const struct io_uring_sqe *sqe)
{
struct io_splice *sp = io_kiocb_to_cmd(req, struct io_splice);
- unsigned int valid_flags = SPLICE_F_FD_IN_FIXED | SPLICE_F_ALL;
+ unsigned int valid_flags = SPLICE_F_FD_IN_FIXED | SPLICE_F_ALL |
+ SPLICE_F_DIRECT;
sp->len = READ_ONCE(sqe->len);
sp->flags = READ_ONCE(sqe->splice_flags);
@@ -109,8 +110,14 @@ int io_splice(struct io_kiocb *req, unsigned int issue_flags)
poff_in = (sp->off_in == -1) ? NULL : &sp->off_in;
poff_out = (sp->off_out == -1) ? NULL : &sp->off_out;
- if (sp->len)
- ret = do_splice(in, poff_in, out, poff_out, sp->len, flags);
+ if (sp->len) {
+ if (flags & SPLICE_F_DIRECT)
+ ret = do_splice_direct(in, poff_in, out, poff_out,
+ sp->len, flags);
+ else
+ ret = do_splice(in, poff_in, out, poff_out, sp->len,
+ flags);
+ }
if (!(sp->flags & SPLICE_F_FD_IN_FIXED))
io_put_file(in);