lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 12 Apr 2017 00:56:41 +0100
From:   Al Viro <viro@...IV.linux.org.uk>
To:     Dave Jones <davej@...emonkey.org.uk>,
        Linux Kernel <linux-kernel@...r.kernel.org>
Subject: Re: iov_iter_pipe warning.

On Wed, Apr 12, 2017 at 12:51:58AM +0100, Al Viro wrote:
> On Tue, Apr 11, 2017 at 07:45:58PM -0400, Dave Jones wrote:
> >  > 	if (file->f_op->splice_write == generic_splice_sendpage) {
> >  > 		struct socket *sock = file->private_data;
> >  > 		printk(KERN_ERR "socket [%d, %p]\n", sock->type, sock->ops);
> >  > 	}
> >  > 	printk(KERN_ERR "in->f_op = %p\n", in->f_op);
> > 
> > Ugh, this explodes with a million errors when I try to compile it. 
> > It misses socket definition, and include <linux/net.h> causes another
> > cascade of errors about linkage.h and nonsense.
> 
> Ignore the socket part - you've already triggered it with NFS file as
> destination, so this is not particularly interesting.  I would still like
> to see in->f_op and even more - the checks in default_file_splice_read().

... and the latter had a braino - WARN_ON(size != ret), not len != ret.
Diff follows:

diff --git a/fs/splice.c b/fs/splice.c
index 006ba50f4ece..43dd9b3140ee 100644
--- a/fs/splice.c
+++ b/fs/splice.c
@@ -448,6 +448,18 @@ static ssize_t default_file_splice_read(struct file *in, loff_t *ppos,
 		put_page(pages[i]);
 	kvfree(pages);
 	iov_iter_advance(&to, copied);	/* truncates and discards */
+	if (res > 0 && pipe == current->splice_pipe) {
+		int idx = pipe->curbuf;
+		int n = pipe->nrbufs;
+		size_t size = 0;
+		while (n--) {
+			size += pipe->bufs[idx++].len;
+			if (idx == pipe->buffers)
+				idx = 0;
+		}
+		WARN_ON(size != res);
+	}
+
 	return res;
 }
 
@@ -970,6 +982,11 @@ ssize_t splice_direct_to_actor(struct file *in, struct splice_desc *sd,
 	while (len) {
 		size_t read_len;
 		loff_t pos = sd->pos, prev_pos = pos;
+		if (WARN_ON(pipe->buffers)) {
+			printk(KERN_ERR "in->f_op = %p, ->splice_write = %p\n",
+				in->f_op,
+				sd->u.file->f_op->splice_write);
+		}
 
 		ret = do_splice_to(in, &pos, pipe, len, flags);
 		if (unlikely(ret <= 0))

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ