• Jan Kara's avatar
    vfs: Make sendfile(2) killable even better · c725bfce
    Jan Kara authored
    Commit 296291cd (mm: make sendfile(2) killable) fixed an issue where
    sendfile(2) was doing a lot of tiny writes into a filesystem and thus
    was unkillable for a long time. However sendfile(2) can be (mis)used to
    issue lots of writes into arbitrary file descriptor such as evenfd or
    similar special file descriptors which never hit the standard filesystem
    write path and thus are still unkillable. E.g. the following example
    from Dmitry burns CPU for ~16s on my test system without possibility to
    be killed:
    
            int r1 = eventfd(0, 0);
            int r2 = memfd_create("", 0);
            unsigned long n = 1<<30;
            fallocate(r2, 0, 0, n);
            sendfile(r1, r2, 0, n);
    
    There are actually quite a few tests for pending signals in sendfile
    code however we data to write is always available none of them seems to
    trigger. So fix the problem by adding a test for pending signal into
    splice_from_pipe_next() also before the loop waiting for pipe buffers to
    be available. This should fix all the lockup issues with sendfile of the
    do-ton-of-tiny-writes nature.
    
    CC: stable@vger.kernel.org
    Reported-by: default avatarDmitry Vyukov <dvyukov@google.com>
    Signed-off-by: default avatarJan Kara <jack@suse.cz>
    Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
    c725bfce
splice.c 46.3 KB