[Devel] [PATCH RHEL9 COMMIT] fs/fuse: clear splice buffers from response to a killed request

Tue Mar 11 16:55:07 MSK 2025

The commit is pushed to "branch-rh9-5.14.0-427.44.1.vz9.80.x-ovz" and will appear at git at bitbucket.org:openvz/vzkernel.git
after rh9-5.14.0-427.44.1.vz9.80.19
------>
commit b29b3a7a24abe13d2aee4a256c13f3a045b65d1a
Author: Liu Kui <kui.liu at virtuozzo.com>
Date:   Fri Feb 28 22:47:26 2025 +0800

    fs/fuse: clear splice buffers from response to a killed request
    
    Normally we just ignore the response to a killed request, however
    if there are splice buffers returned with the response, we must
    clear these splice buffers before returning them to userspace.
    
    Fixed #VSTOR-100385
    https://virtuozzo.atlassian.net/browse/VSTOR-100385
    
    Signed-off-by: Liu Kui <kui.liu at virtuozzo.com>
    Acked-by: Alexey Kuznetsov <kuznet at virtuozzo.com>
    
    Feature: fuse: enhanced splice support
---
 fs/fuse/dev.c | 23 ++++++++++++++++++-----
 1 file changed, 18 insertions(+), 5 deletions(-)

diff --git a/fs/fuse/dev.c b/fs/fuse/dev.c
index cc6b9f348cf6..118613f17b10 100644
--- a/fs/fuse/dev.c
+++ b/fs/fuse/dev.c
@@ -1986,6 +1986,11 @@ static int copy_out_args(struct fuse_copy_state *cs, struct fuse_args *args,
 {
 	unsigned reqsize = sizeof(struct fuse_out_header);
 
+	if (unlikely(args->killed)) {
+		cs->req->out.h.error = -EIO;
+		return 0;
+	}
+
 	reqsize += fuse_len_args(args->out_numargs, args->out_args);
 
 	if (reqsize < nbytes || (reqsize > nbytes && !args->out_argvar))
@@ -2081,6 +2086,9 @@ static int copy_out_splices(struct fuse_copy_state *cs, struct fuse_args *args,
 				int ioff = pipe->bufs[tail & mask].offset;
 				int ilen = pipe->bufs[tail & mask].len;
 
+				if (unlikely(args->killed))
+					goto skip_copy;
+
 				while (ilen > 0) {
 					int copy = ilen;
 
@@ -2105,6 +2113,7 @@ static int copy_out_splices(struct fuse_copy_state *cs, struct fuse_args *args,
 					ioff += copy;
 					ilen -= copy;
 				}
+skip_copy:
 				put_page(ipage);
 				pipe->bufs[tail & mask].ops = NULL;
 				pipe->bufs[tail & mask].page = NULL;
@@ -2119,7 +2128,9 @@ static int copy_out_splices(struct fuse_copy_state *cs, struct fuse_args *args,
 		}
 	}
 
-	if (args->page_zeroing && didx < ap->num_pages) {
+	if (unlikely(args->killed)) {
+		cs->req->out.h.error = -EIO;
+	} else if (args->page_zeroing && didx < ap->num_pages) {
 		if (doff < dend) {
 			void *dst = kmap_atomic(dpage);
 
@@ -2159,6 +2170,11 @@ static int copy_out_krpczc(struct fuse_copy_state *cs, struct fuse_args *args,
 	void *dst;
 	int err;
 
+	if (unlikely(args->killed)) {
+		cs->req->out.h.error = -EIO;
+		return 0;
+	}
+
 	if (args->out_numargs != 1 || !args->out_pages)
 		return -EINVAL;
 
@@ -2338,10 +2354,7 @@ static ssize_t fuse_dev_do_write(struct fuse_dev *fud,
 	if (!req->args->page_replace)
 		cs->move_pages = 0;
 
-	if (req->args->killed) {
-		err = 0;
-		req->out.h.error = -EIO;
-	} else if (oh.error == FUSE_OUT_SPLICES) {
+	if (oh.error == FUSE_OUT_SPLICES) {
 		req->out.h.error = 0;
 		err = copy_out_splices(cs, req->args, nbytes);
 	} else if (oh.error == FUSE_OUT_KRPCZC) {
