[v2,11/11] splice: splice_to_socket: always request MSG_DONTWAIT

Message ID b169b3bb105b4691b778ccb991f58853c95d106c.1703126594.git.nabijaczleweli@nabijaczleweli.xyz
State New
Headers
Series Avoid unprivileged splice(file->)/(->socket) pipe exclusion |

Commit Message

Ahelenia Ziemiańska Dec. 21, 2023, 3:09 a.m. UTC
  The pipe is locked at the top of the function, so sock_sendmsg
sleeps for space with the pipe lock held ‒ given:
	cat > to_socket.c <<^D
	#define _GNU_SOURCE
	#include <fcntl.h>
	#include <unistd.h>
	#include <sys/socket.h>
	#include <sys/un.h>
	int main()
	{
		int sp[2];
		socketpair(AF_UNIX, SOCK_STREAM | SOCK_NONBLOCK, 0, sp);
		while(write(sp[1], sp, 1) == 1)
			;
		fcntl(sp[1], F_SETFL, 0);
		for (;;)
			splice(0, 0, sp[1], 0, 128 * 1024 * 1024, 0);
	}
	^D
	cc to_socket.c -o to_socket
	mkfifo fifo
	sleep 10 > fifo &
	./to_socket < fifo &
	echo zupa > fifo
to_socket used to sleep in splice and the shell used to enter an
uninterruptible sleep in closing the fifo in dup2(10, 1);
now the splice returns -EAGAIN and the whole program completes.

Signed-off-by: Ahelenia Ziemiańska <nabijaczleweli@nabijaczleweli.xyz>
---
 fs/splice.c | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)
  

Patch

diff --git a/fs/splice.c b/fs/splice.c
index 9d29664f23ee..2871c6f9366f 100644
--- a/fs/splice.c
+++ b/fs/splice.c
@@ -869,13 +869,11 @@  ssize_t splice_to_socket(struct pipe_inode_info *pipe, struct file *out,
 		if (!bc)
 			break;
 
-		msg.msg_flags = MSG_SPLICE_PAGES;
+		msg.msg_flags = MSG_SPLICE_PAGES | MSG_DONTWAIT;
 		if (flags & SPLICE_F_MORE)
 			msg.msg_flags |= MSG_MORE;
 		if (remain && pipe_occupancy(pipe->head, tail) > 0)
 			msg.msg_flags |= MSG_MORE;
-		if (out->f_flags & O_NONBLOCK)
-			msg.msg_flags |= MSG_DONTWAIT;
 
 		iov_iter_bvec(&msg.msg_iter, ITER_SOURCE, bvec, bc,
 			      len - remain);