| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 13 Jan 2017 17:46:34 -0800
From: Linus Torvalds <torvalds@...ux-foundation.org>
To: Al Viro <viro@...iv.linux.org.uk>
Cc: "Alan J. Wylie" <alan@...ie.me.uk>,
Thorsten Leemhuis <regressions@...mhuis.info>,
linux-kernel <linux-kernel@...r.kernel.org>
Subject: Re: 4.9.0 regression in pipe-backed iov_iter with systemd-nspawn
On Fri, Jan 13, 2017 at 5:24 PM, Al Viro <viro@...iv.linux.org.uk> wrote:
>
> Why would advance by 0 change ->iov_offset here?
That's not my worry. Advancing by zero obviously doesn't change the position.
But the _truncation_ of the rest requires iov_offset to be zero in
order to actually truncate everything.
So I was worrying about something updating it, and then wanting to
truncate things on error.
But you bring up the kinds of cases I worried about:
> On error it does use iov_iter_advance(), pretty much as a way to
> trigger pipe_truncate(). There we directly reset ->iov_offset to 0
> and ->idx to its original value.
Ok, this was the part I worried about. And this
> However, theoretically it is possible that ->read_iter() instance does
> successful copy_to_iter() and then decides to return an error. This
> } else if (ret < 0) {
> to.idx = idx;
> to.iov_offset = 0;
> iov_iter_advance(&to, 0); /* to free what was emitted */
> in generic_file_splice_read() catches any such cases.
So I'm happy with that last patch then, and my worries are laid to rest.
Linus
Powered by blists - more mailing lists