Bug 21612
Summary: | pipe does not report error in read() after splice()ing invalid page. | ||
---|---|---|---|
Product: | IO/Storage | Reporter: | Коренберг Марк (socketpair) |
Component: | Other | Assignee: | io_other |
Status: | RESOLVED PATCH_ALREADY_AVAILABLE | ||
Severity: | high | CC: | socketpair |
Priority: | P1 | ||
Hardware: | All | ||
OS: | Linux | ||
Kernel Version: | ubuntu 2.6.32-25-generic-pae | Subsystem: | |
Regression: | No | Bisected commit-id: |
Description
Коренберг Марк
2010-11-01 06:16:38 UTC
In spite of SPLICE_F_MOVE, kernel read pages from ioerr device. I saw messages in dmesg output even when read() calls was commented. It is OK, I understand, that this flag is not implemented now. 1. But i don't understand why second splice() call does not return error in that case. 2. If SPLICE_F_MOVE will be implemented, read from pipe sohuld return io error. does not it ? it seems that this never happen by design :( P.S. without any flags (O_NONBLOCK,SPLICE_F_NONBLOCK,SPLICE_F_MOVE) bahviour is exactly the same. Trying to splice this bad page from pipe to file will give splice() returning 0. this is not correct difinitely. http://lwn.net/Articles/119680/ : --------8<-------------- - error handling is broken - if an IO error happens on the splice, the "map()" operation will return NULL, and the current fs/pipe.c can't handle that and will oops ;) --------8<-------------- It seems, that root of the problem is in far 2005 :) fs/splice.c (near the line 382): --------------- 8<--------- error = ops->confirm(pipe, buf); if (error) { if (!ret) error = ret; break; } --------------- 8<--------- maybe ret=error instead of error=ret ? (as in line 403) The patch has been committed to stable tree. http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=e5953cbdff26f7cbae7eff30cd9b18c4e19b7594 |