Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp6890936pxb; Wed, 17 Feb 2021 17:01:32 -0800 (PST) X-Google-Smtp-Source: ABdhPJyjYeyxtAUVOjJ4mYyi91zTTeSUDEqIkQqUlGM1tgrE/iGPE3U1cBHx36XxLv64SEnvrWuZ X-Received: by 2002:a17:906:36cc:: with SMTP id b12mr1530045ejc.323.1613610092121; Wed, 17 Feb 2021 17:01:32 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1613610092; cv=none; d=google.com; s=arc-20160816; b=QAHEPX9kfRN15dvY0lGGb/znZybUbmJpZkxvUJ4RrdOgvVw6ndV09LTJtCdHUfenf/ jGHv4Qebf8TUyzFzwXboqJrLjYP5kBuCxmHkpHLodKmMyI3ObYeatdviGFpFfXSm7Xh+ D5mqdow8rsLa5VcVebdp8XrLmd9LtnAmIFbwtDX2fCS2QdUCA4n04vNd0shlw1N2trcL qHgHzOKjMfBvIfLnD8yMEfVvY6AX+UZ2D/YaF7yuRNOY7U5fU94MxaXoh4fTht+EaeqJ Ru01M8RKRdCLSUIcWxh+SZODCJtUVjwL0kFxpNb06lqdE9CcpfMI2fjjER7ZKMPvaKI2 KIIA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=vxbhVU+xTpR/weyN8SH71YwtBih0U9RJGA2ufjhtKjc=; b=V9NqBDH/fhEnSxD/j3U4A7U6tAcTOXE4IYqqBZD7R2fyn4S9y4W0bK2BjZLTsD/+CO Msmqg9mGF16FTAzsacilI1S1FOo624HyFigqrVC3vCHpl/AInMYitBUvIdFO6HZwZfz9 DuRe2gvajY5cu5xG1nmsJp4cDZY0u3Lk7kMLxy8cSlYFUwLqpWKaukwEJeo9/3nHlF3i HIdiqWecPvSu5khPpj4KKMNiyQ41b7CI3jpqSv3Bq+RZeHMEPNsDGLrVI9RDUMazjofO wzLu8+Q1OVQirA0vnSikBuxwU9o7N8jBYjJ9BE93JyZkGHL6V5xB3oIqgqxsBzbEGHs4 5umg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b="g8/QVJ74"; spf=pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id b63si2716290edf.480.2021.02.17.17.01.04; Wed, 17 Feb 2021 17:01:32 -0800 (PST) Received-SPF: pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b="g8/QVJ74"; spf=pass (google.com: domain of linux-nfs-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-nfs-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230458AbhBRA6E (ORCPT + 99 others); Wed, 17 Feb 2021 19:58:04 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41986 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230380AbhBRA5n (ORCPT ); Wed, 17 Feb 2021 19:57:43 -0500 Received: from mail-vs1-xe30.google.com (mail-vs1-xe30.google.com [IPv6:2607:f8b0:4864:20::e30]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id CD2F0C061797 for ; Wed, 17 Feb 2021 16:56:53 -0800 (PST) Received: by mail-vs1-xe30.google.com with SMTP id l19so107144vso.8 for ; Wed, 17 Feb 2021 16:56:53 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=vxbhVU+xTpR/weyN8SH71YwtBih0U9RJGA2ufjhtKjc=; b=g8/QVJ74cfotfG8qjNXNZcf5Nh6F+ELqL/wtkEy0CyrdhNLL5khAwWaALJrLkxgDdk oKTxEco26A1bZquNH/Wat87qVlSuvYIypnjlub2NvU+NohZ2qmWMXd5GLfq93+Uqk3hg oOnuoWRw3sxKcrSnUH9rFAnPLm+rG0L5LJwxQ= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=vxbhVU+xTpR/weyN8SH71YwtBih0U9RJGA2ufjhtKjc=; b=IvnlDEjLYuadmMx6tucBVqquLkmZvS2fV8RewyW1D/KN3SCx9rRnZkE5tp7qBYTwUb PizD0L03aJbCkVMBCpg7sXbksT1khOQTpnPS0rIOMkLluUKExw610dpSQl07K1ia3uPa agbgfcdW4TL/iFBUYZOvcQv2ohBM4ASWAGJcDtXM7GBkMdFmz2k5xrNRPGabZ27+KJcM JUO/4f1ivf4adQxbxcAMrwN/FgzkViL7K77Z5WqSEkx6qZ4lWZ8L6AIMi6SVthRdFMW2 jwIB80zJInmZHrRBOQ7IhixVVJYLdSDm5Vncp6C5gaj9OMtfTyiaEt13m9B57qrIqL4E HFuQ== X-Gm-Message-State: AOAM531gJMjAYUgith+BywJhOmwqnBQwvtdUIvcWWw+eU4DQb7p1ZbIo tMclhoTKelI1/cXNgxYjsje2i4tr6P599VYfblHhAg== X-Received: by 2002:a05:6102:350:: with SMTP id e16mr1308067vsa.16.1613609812885; Wed, 17 Feb 2021 16:56:52 -0800 (PST) MIME-Version: 1.0 References: <20210217172654.22519-1-lhenriques@suse.de> In-Reply-To: <20210217172654.22519-1-lhenriques@suse.de> From: Nicolas Boichat Date: Thu, 18 Feb 2021 08:56:41 +0800 Message-ID: Subject: Re: [PATCH v3] vfs: fix copy_file_range regression in cross-fs copies To: Luis Henriques Cc: Amir Goldstein , Jeff Layton , Steve French , Miklos Szeredi , Trond Myklebust , Anna Schumaker , Alexander Viro , "Darrick J. Wong" , Dave Chinner , Greg KH , Ian Lance Taylor , Luis Lozano , ceph-devel@vger.kernel.org, lkml , linux-cifs@vger.kernel.org, samba-technical@lists.samba.org, linux-fsdevel@vger.kernel.org, linux-nfs@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Precedence: bulk List-ID: X-Mailing-List: linux-nfs@vger.kernel.org On Thu, Feb 18, 2021 at 1:25 AM Luis Henriques wrote: > > A regression has been reported by Nicolas Boichat, found while using the > copy_file_range syscall to copy a tracefs file. Before commit > 5dae222a5ff0 ("vfs: allow copy_file_range to copy across devices") the > kernel would return -EXDEV to userspace when trying to copy a file across > different filesystems. After this commit, the syscall doesn't fail anymore > and instead returns zero (zero bytes copied), as this file's content is > generated on-the-fly and thus reports a size of zero. > > This patch restores some cross-filesystems copy restrictions that existed > prior to commit 5dae222a5ff0 ("vfs: allow copy_file_range to copy across > devices"). Note that you also fix intra-filesystem copy_file_range on these generated filesystems. This is IMHO great, but needs to be mentioned in the commit message. > It also introduces a flag (COPY_FILE_SPLICE) that can be used > by filesystems calling directly into the vfs copy_file_range to override > these restrictions. Right now, only NFS needs to set this flag. > > Fixes: 5dae222a5ff0 ("vfs: allow copy_file_range to copy across devices") So technically this fixes something much older, presumably ever since copy_file_range was introduced. > Link: https://lore.kernel.org/linux-fsdevel/20210212044405.4120619-1-drinkcat@chromium.org/ > Link: https://lore.kernel.org/linux-fsdevel/CANMq1KDZuxir2LM5jOTm0xx+BnvW=ZmpsG47CyHFJwnw7zSX6Q@mail.gmail.com/ > Link: https://lore.kernel.org/linux-fsdevel/20210126135012.1.If45b7cdc3ff707bc1efa17f5366057d60603c45f@changeid/ > Reported-by: Nicolas Boichat Tested-by: Nicolas Boichat but I guess you should not add to the next revision, I'll keep testing further revisions ,-) > Signed-off-by: Luis Henriques > --- > Ok, I've tried to address all the issues and comments. Hopefully this v3 > is a bit closer to the final fix. > > Changes since v2 > - do all the required checks earlier, in generic_copy_file_checks(), > adding new checks for ->remap_file_range > - new COPY_FILE_SPLICE flag > - don't remove filesystem's fallback to generic_copy_file_range() > - updated commit changelog (and subject) > Changes since v1 (after Amir review) > - restored do_copy_file_range() helper > - return -EOPNOTSUPP if fs doesn't implement CFR > - updated commit description > > fs/nfsd/vfs.c | 3 ++- > fs/read_write.c | 44 +++++++++++++++++++++++++++++++++++++++++--- > include/linux/fs.h | 7 +++++++ > 3 files changed, 50 insertions(+), 4 deletions(-) > > diff --git a/fs/nfsd/vfs.c b/fs/nfsd/vfs.c > index 04937e51de56..14e55822c223 100644 > --- a/fs/nfsd/vfs.c > +++ b/fs/nfsd/vfs.c > @@ -578,7 +578,8 @@ ssize_t nfsd_copy_file_range(struct file *src, u64 src_pos, struct file *dst, > * limit like this and pipeline multiple COPY requests. > */ > count = min_t(u64, count, 1 << 22); > - return vfs_copy_file_range(src, src_pos, dst, dst_pos, count, 0); > + return vfs_copy_file_range(src, src_pos, dst, dst_pos, count, > + COPY_FILE_SPLICE); > } > > __be32 nfsd4_vfs_fallocate(struct svc_rqst *rqstp, struct svc_fh *fhp, > diff --git a/fs/read_write.c b/fs/read_write.c > index 75f764b43418..40a16003fb05 100644 > --- a/fs/read_write.c > +++ b/fs/read_write.c > @@ -1410,6 +1410,33 @@ static ssize_t do_copy_file_range(struct file *file_in, loff_t pos_in, > flags); > } > > +/* > + * This helper function checks whether copy_file_range can actually be used, > + * depending on the source and destination filesystems being the same. > + * > + * In-kernel callers may set COPY_FILE_SPLICE to override these checks. > + */ > +static int fops_copy_file_checks(struct file *file_in, struct file *file_out, fops_copy_file_range_checks ? > + unsigned int flags) > +{ > + if (WARN_ON_ONCE(flags & ~COPY_FILE_SPLICE)) > + return -EINVAL; > + > + if (flags & COPY_FILE_SPLICE) > + return 0; > + /* > + * We got here from userspace, so forbid copies if copy_file_range isn't > + * implemented or if we're doing a cross-fs copy. > + */ > + if (!file_out->f_op->copy_file_range) > + return -EOPNOTSUPP; After this is merged, should this be added as an error code to the man page? > + else if (file_out->f_op->copy_file_range != > + file_in->f_op->copy_file_range) Just note, this could be a cross-fs copy (just not a cross-fs_type copy). > + return -EXDEV; > + > + return 0; > +} > + > /* > * Performs necessary checks before doing a file copy > * > @@ -1427,6 +1454,14 @@ static int generic_copy_file_checks(struct file *file_in, loff_t pos_in, > loff_t size_in; > int ret; > > + /* Only check f_ops if we're not trying to clone */ > + if (!file_in->f_op->remap_file_range || > + (file_inode(file_in)->i_sb == file_inode(file_out)->i_sb)) { > + ret = fops_copy_file_checks(file_in, file_out, flags); > + if (ret) > + return ret; > + } > + > ret = generic_file_rw_checks(file_in, file_out); > if (ret) > return ret; > @@ -1474,9 +1509,6 @@ ssize_t vfs_copy_file_range(struct file *file_in, loff_t pos_in, > { > ssize_t ret; > > - if (flags != 0) > - return -EINVAL; > - > ret = generic_copy_file_checks(file_in, pos_in, file_out, pos_out, &len, > flags); > if (unlikely(ret)) > @@ -1511,6 +1543,9 @@ ssize_t vfs_copy_file_range(struct file *file_in, loff_t pos_in, > ret = cloned; > goto done; > } > + ret = fops_copy_file_checks(file_in, file_out, flags); > + if (ret) > + return ret; > } > > ret = do_copy_file_range(file_in, pos_in, file_out, pos_out, len, > @@ -1543,6 +1578,9 @@ SYSCALL_DEFINE6(copy_file_range, int, fd_in, loff_t __user *, off_in, > struct fd f_out; > ssize_t ret = -EBADF; > > + if (flags != 0) > + return -EINVAL; > + > f_in = fdget(fd_in); > if (!f_in.file) > goto out2; > diff --git a/include/linux/fs.h b/include/linux/fs.h > index fd47deea7c17..6f604926d955 100644 > --- a/include/linux/fs.h > +++ b/include/linux/fs.h > @@ -1815,6 +1815,13 @@ struct dir_context { > */ > #define REMAP_FILE_ADVISORY (REMAP_FILE_CAN_SHORTEN) > > +/* > + * This flag control the behavior of copy_file_range from internal (kernel) > + * users. It can be used to override the policy of forbidding copies when > + * source and destination filesystems are different. > + */ > +#define COPY_FILE_SPLICE (1 << 0) nit: BIT(0) ? > + > struct iov_iter; > > struct file_operations {