From bf60e5173156c48d7ae6c5ddfda8a27702056c34 Mon Sep 17 00:00:00 2001 From: Al Viro Date: Sat, 10 Sep 2022 22:14:02 +0100 Subject: [PATCH] nfsd_splice_actor(): handle compound pages MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit [ Upstream commit bfbfb6182ad1d7d184b16f25165faad879147f79 ] pipe_buffer might refer to a compound page (and contain more than a PAGE_SIZE worth of data). Theoretically it had been possible since way back, but nfsd_splice_actor() hadn't run into that until copy_page_to_iter() change. Fortunately, the only thing that changes for compound pages is that we need to stuff each relevant subpage in and convert the offset into offset in the first subpage. Acked-by: Chuck Lever Tested-by: Benjamin Coddington Fixes: f0f6b614f83d "copy_page_to_iter(): don't split high-order page in case of ITER_PIPE" Signed-off-by: Al Viro [ cel: "‘for’ loop initial declarations are only allowed in C99 or C11 mode" ] Signed-off-by: Chuck Lever Signed-off-by: Sasha Levin --- fs/nfsd/vfs.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/fs/nfsd/vfs.c b/fs/nfsd/vfs.c index 50570fc32..bab2228ee 100755 --- a/fs/nfsd/vfs.c +++ b/fs/nfsd/vfs.c @@ -867,10 +867,15 @@ nfsd_splice_actor(struct pipe_inode_info *pipe, struct pipe_buffer *buf, struct splice_desc *sd) { struct svc_rqst *rqstp = sd->u.data; + struct page *page = buf->page; // may be a compound one + unsigned offset = buf->offset; + int i; - svc_rqst_replace_page(rqstp, buf->page); - if (rqstp->rq_res.page_len == 0) - rqstp->rq_res.page_base = buf->offset; + page += offset / PAGE_SIZE; + for (i = sd->len; i > 0; i -= PAGE_SIZE) + svc_rqst_replace_page(rqstp, page++); + if (rqstp->rq_res.page_len == 0) // first call + rqstp->rq_res.page_base = offset % PAGE_SIZE; rqstp->rq_res.page_len += sd->len; return sd->len; }