From 31e1fa2fe6243c66140701978c206269ac3cd9ad Mon Sep 17 00:00:00 2001 From: Al Viro Date: Sat, 10 Sep 2022 22:14:02 +0100 Subject: [PATCH] nfsd_splice_actor(): handle compound pages pipe_buffer might refer to a compound page (and contain more than a PAGE_SIZE worth of data). Theoretically it had been possible since way back, but nfsd_splice_actor() hadn't run into that until copy_page_to_iter() change. Fortunately, the only thing that changes for compound pages is that we need to stuff each relevant subpage in and convert the offset into offset in the first subpage. Acked-by: Chuck Lever Tested-by: Benjamin Coddington Fixes: f108d40c9a72 "copy_page_to_iter(): don't split high-order page in case of ITER_PIPE" Signed-off-by: Al Viro --- fs/nfsd/vfs.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/fs/nfsd/vfs.c b/fs/nfsd/vfs.c index 9f486b788ed09..b16aed158ba63 100644 --- a/fs/nfsd/vfs.c +++ b/fs/nfsd/vfs.c @@ -846,10 +846,14 @@ nfsd_splice_actor(struct pipe_inode_info *pipe, struct pipe_buffer *buf, struct splice_desc *sd) { struct svc_rqst *rqstp = sd->u.data; - - svc_rqst_replace_page(rqstp, buf->page); - if (rqstp->rq_res.page_len == 0) - rqstp->rq_res.page_base = buf->offset; + struct page *page = buf->page; // may be a compound one + unsigned offset = buf->offset; + + page += offset / PAGE_SIZE; + for (int i = sd->len; i > 0; i -= PAGE_SIZE) + svc_rqst_replace_page(rqstp, page++); + if (rqstp->rq_res.page_len == 0) // first call + rqstp->rq_res.page_base = offset % PAGE_SIZE; rqstp->rq_res.page_len += sd->len; return sd->len; } -- 2.39.5