Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp5926224pxb; Tue, 16 Feb 2021 10:57:32 -0800 (PST) X-Google-Smtp-Source: ABdhPJw175tOaIP7C6LdOzfrBtp4ODFgLrC7uihO/j9uqwqMs3nWtSqSJHpM3KeTinvVhSNBI9Ft X-Received: by 2002:a17:906:63c2:: with SMTP id u2mr21502723ejk.346.1613501852666; Tue, 16 Feb 2021 10:57:32 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1613501852; cv=none; d=google.com; s=arc-20160816; b=YeDb1ka28cibQzJ+20dwn4kHKTynjdeZh/hAVlI9QOS9J+YNWUiWsL5DkH22mrV7AQ OmRhm/DxE+eZvOczNqKSP7f3PmA6D1OSwiviEXcLVhckOjpjiyhYQbx6jNf/rWRxzKo0 kFs2RIwlslCQPMMnxOY/YaDxgGcx0X/TeelWODBS5GwPRqcf9OcvC+XA8M4fKWoUgGkp QrQ7zggTI4IOdVNAm08XIDJWw1aB8ha+HY4S8KzBxFhqdENLWfuziUjHn5vSpKVrZuUg 3OtRPdabZUwRXcFRt6Q01aLIyRi2vFUpNmLjn5bT2+T5aeWORdb2xtZ23ZmmgSNvQHkP 3mBQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:references:to:cc:in-reply-to:date:subject :mime-version:message-id:from:dkim-signature; bh=LSS7VeTFf1sWhJY5fyJQl0KheTd9K60JF6FeH3GCxrg=; b=WD6EPMcbw1wIYgJ9udCqpL1xkZS/HLRgkxWBcBaNzqlHbG3qMW8ZCRpEi0GlNA4RTj r7YzQMXHfGVRxdLchqtvYeYR08667NTuiHv2JiFrOxKc7muolZs5T3szRs1OPDigWtZC THZxnDj3/pWRSMIn0AWfsKMO+QvaeIsRPsm88jWklP4UCUa1qlVSE/xx1Yt+tey5OE8l 77MNbCklWdgaz7sZrKAY7FbEmiWezjoKJfLQRUPyCbwXwnxM/dR5f9fyId9ee0aANZ68 RDUUcwTYBOlBFlUtktwvTNceFjG2xNf5jWPyFJjCzSulbBKGiWL1bLnymZuFrDvdGpj5 Vvcw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@dilger-ca.20150623.gappssmtp.com header.s=20150623 header.b=bDyDPQV7; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id e7si1775922ejr.111.2021.02.16.10.57.08; Tue, 16 Feb 2021 10:57:32 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@dilger-ca.20150623.gappssmtp.com header.s=20150623 header.b=bDyDPQV7; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231172AbhBPSy4 (ORCPT + 99 others); Tue, 16 Feb 2021 13:54:56 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52056 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231145AbhBPSyx (ORCPT ); Tue, 16 Feb 2021 13:54:53 -0500 Received: from mail-pj1-x102c.google.com (mail-pj1-x102c.google.com [IPv6:2607:f8b0:4864:20::102c]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2C8E0C06174A for ; Tue, 16 Feb 2021 10:54:13 -0800 (PST) Received: by mail-pj1-x102c.google.com with SMTP id d2so6534088pjs.4 for ; Tue, 16 Feb 2021 10:54:13 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dilger-ca.20150623.gappssmtp.com; s=20150623; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=LSS7VeTFf1sWhJY5fyJQl0KheTd9K60JF6FeH3GCxrg=; b=bDyDPQV7jxm9AC9Kbej44nUyO7e9ikQAVBWHWuCf6m4SsjoZkV9pWHXIsx06dO+ak6 8aSM2SymVDyYuub9YyXC8OmIBO5oFcqGvwGNepwlZ7ccyJfhcO8QIBql9JI3pqiX2Fuw j1klif/eeC82LALv7vbfEOF36jgpMBTsgIysLtIYOy5/V/AMnw+vobQiVIkTJp1UWc9w DBJpDEAjqFxxbKednKjcTl1kcQJ9o42fsCnjttKtraIjnebn0Gpj+GPYsAe4P1dvBQTx +Yu/ej7/HAC1/mff1R/7rpIBIU7G2uz6/1mHBZKRW2iyUUsEXYKiqiR/s+gFdY9x4S4k 7DDA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=LSS7VeTFf1sWhJY5fyJQl0KheTd9K60JF6FeH3GCxrg=; b=YbiMuxaVuwgjgIt+V5j74W8lgdgcPe8pLl2UEb7HXILTzjLdGm+yOdF+QzdHU4rfLd QkbkGOapoUfZdFiFoFdPIPCw4uVCDZuSl/uD0EAg/PM0hijsqZJEPy63eCxo61rcaVPy G4cxlgZ1yK/HfGHzv8XYpRhyOm8eoK/4P14BpuqxxTEowB3ZGKq5FbkQDjP/L3UrLHqt YJ5Z/yR/pDGkvJiHIW6NmJz9vlgszkNdBRQPhofJ4mLLo3bJQdj1815Ed/+IunEZMRUq 1EP1szJzrmQxHFhYkKgSsPQCJPBFye3W3KEpbl0cqe08fxfSzpjNmcZSQSM03JbPqC0f XlkA== X-Gm-Message-State: AOAM531QrNGpJdfa5GZmuYIz/cbmUgvRypqdJWYtt/UrhIBqmtMKgH/o y3lIKFYoNnIq8z40+1vkP9AHqw== X-Received: by 2002:a17:90b:46cd:: with SMTP id jx13mr5383279pjb.217.1613501652606; Tue, 16 Feb 2021 10:54:12 -0800 (PST) Received: from cabot.adilger.int (S01061cabc081bf83.cg.shawcable.net. [70.77.221.9]) by smtp.gmail.com with ESMTPSA id g8sm3820005pjj.41.2021.02.16.10.54.10 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 16 Feb 2021 10:54:11 -0800 (PST) From: Andreas Dilger Message-Id: <13583117-59D4-4294-BB23-9D4802E4B8A3@dilger.ca> Content-Type: multipart/signed; boundary="Apple-Mail=_E4D2691F-0BAD-4906-899A-C3AF7AC4FEB5"; protocol="application/pgp-signature"; micalg=pgp-sha256 Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\)) Subject: Re: [PATCH v2] vfs: prevent copy_file_range to copy across devices Date: Tue, 16 Feb 2021 11:54:07 -0700 In-Reply-To: Cc: Luis Henriques , Trond Myklebust , "samba-technical@lists.samba.org" , "drinkcat@chromium.org" , "iant@google.com" , "linux-cifs@vger.kernel.org" , "darrick.wong@oracle.com" , "linux-kernel@vger.kernel.org" , "jlayton@kernel.org" , "anna.schumaker@netapp.com" , "llozano@chromium.org" , "linux-nfs@vger.kernel.org" , "miklos@szeredi.hu" , "viro@zeniv.linux.org.uk" , "dchinner@redhat.com" , "linux-fsdevel@vger.kernel.org" , "gregkh@linuxfoundation.org" , "sfrench@samba.org" , James Simmons , "ceph-devel@vger.kernel.org" To: Amir Goldstein References: <20210215154317.8590-1-lhenriques@suse.de> <73ab4951f48d69f0183548c7a82f7ae37e286d1c.camel@hammerspace.com> <92d27397479984b95883197d90318ee76995b42e.camel@hammerspace.com> <87r1lgjm7l.fsf@suse.de> X-Mailer: Apple Mail (2.3273) Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org --Apple-Mail=_E4D2691F-0BAD-4906-899A-C3AF7AC4FEB5 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii On Feb 16, 2021, at 6:51 AM, Amir Goldstein wrote: >>=20 >>> This is easy to solve with a flag COPY_FILE_SPLICE (or something) = that >>> is internal to kernel users. >>>=20 >>> FWIW, you may want to look at the loop in ovl_copy_up_data() >>> for improvements to nfsd_copy_file_range(). >>>=20 >>> We can move the check out to copy_file_range syscall: >>>=20 >>> if (flags !=3D 0) >>> return -EINVAL; >>>=20 >>> Leave the fallback from all filesystems and check for the >>> COPY_FILE_SPLICE flag inside generic_copy_file_range(). >>=20 >> Ok, the diff bellow is just to make sure I understood your = suggestion. >>=20 >> The patch will also need to: >>=20 >> - change nfs and overlayfs calls to vfs_copy_file_range() so that = they >> use the new flag. >>=20 >> - check flags in generic_copy_file_checks() to make sure only valid = flags >> are used (COPY_FILE_SPLICE at the moment). >>=20 >> Also, where should this flag be defined? include/uapi/linux/fs.h? >>=20 >> Cheers, >> -- >> Luis >>=20 >> diff --git a/fs/read_write.c b/fs/read_write.c >> index 75f764b43418..341d315d2a96 100644 >> --- a/fs/read_write.c >> +++ b/fs/read_write.c >> @@ -1383,6 +1383,13 @@ ssize_t generic_copy_file_range(struct file = *file_in, loff_t pos_in, >> struct file *file_out, loff_t pos_out, >> size_t len, unsigned int flags) >> { >> + if (!(flags & COPY_FILE_SPLICE)) { >> + if (!file_out->f_op->copy_file_range) >> + return -EOPNOTSUPP; >> + else if (file_out->f_op->copy_file_range !=3D >> + file_in->f_op->copy_file_range) >> + return -EXDEV; >> + } >=20 > That looks strange, because you are duplicating the logic in > do_copy_file_range(). Maybe better: >=20 > if (WARN_ON_ONCE(flags & ~COPY_FILE_SPLICE)) > return -EINVAL; > if (flags & COPY_FILE_SPLICE) > return do_splice_direct(file_in, &pos_in, file_out, &pos_out, > len > MAX_RW_COUNT ? MAX_RW_COUNT : = len, 0); > if (!file_out->f_op->copy_file_range) > return -EOPNOTSUPP; > return -EXDEV; This shouldn't return -EINVAL to userspace if the flag is not set. That implies there *is* some valid way for userspace to call this function, which is AFAICS not possible if COPY_FILE_SPLICE is only available to in-kernel callers. Instead, it should continue to return -EOPNOTSUPP to userspace if copy_file_range() is not valid for this combination of file descriptors, so that applications will fall back to the non-CFR implementation. The WARN_ON_ONCE(ret =3D=3D -EOPNOTSUPP) in vfs_copy_file_range() would also need to be removed if this will be triggered from userspace. Cheers, Andreas --Apple-Mail=_E4D2691F-0BAD-4906-899A-C3AF7AC4FEB5 Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP -----BEGIN PGP SIGNATURE----- Comment: GPGTools - http://gpgtools.org iQIzBAEBCAAdFiEEDb73u6ZejP5ZMprvcqXauRfMH+AFAmAsFM8ACgkQcqXauRfM H+DISQ//Xk8r1HWGp6aO3uH6f50bZtArBkbhRdX1p7E8ijkTPN+2mMwXY8F8Ac0N K7wowllKCKlCS3puz1g22oidllG07sA84OAzYvj+keWgxmcdr8LiT1+FmVrlwAJW yl7uwuVty3n0hVX3V1uP6k48l+6kNKHfLgEv0pryuKxsSJwgxK0lU7f/kxw3TBBx cLl2b126NjEeWasNilay55SGX6XlbecnhTg6sTqH4aSjYJrCOAeSe0owrB9pC1ks g2TyCDarbyGHgTiO9WqSQqF7rCzZ1DWaI9iivJgM7UCUO5WfYHKfNUWteiMr7i/7 wZF4DYBawPFGYuv1mCbel/PuXN3/HQZ2r2UK3mHazf3jbTAgYEmoG9f4keebeGZb llGyvrvH9xKAjExhrmJbk/9ztbmwBlWl5QFpmpQRfUZmp92eXhdBJ1/yleXw9syJ SCy60rPj38mFYGpprUDF0j1nP4JJGKFz2uSAzgOHdh+ggXA8gLXWmHuM6eCFG3/j 2CWcXAhFj4DKWvJxFFlcH1tsNuCjlyxo5I/ITpDDGlFNxUG9ebroVuOP3LWt+7uY RWKvH6dr2ImHuiN/9s0iL03HHULOvCPYNvfMIrLw1XWcBENBWZVDyWOOxYUu1a5O KHIHuK4OEiDJcKXchTH4pZ0MhzeTBL7dYXsHp21XzPRZMRA0+Kw= =ExqG -----END PGP SIGNATURE----- --Apple-Mail=_E4D2691F-0BAD-4906-899A-C3AF7AC4FEB5--