lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <6101e8c40804091005k27e6f510h4385b6f709b6b5ed@mail.gmail.com>
Date:	Wed, 9 Apr 2008 19:05:28 +0200
From:	"Oliver Pinter" <oliver.pntr@...il.com>
To:	"Miklos Szeredi" <miklos@...redi.hu>
Cc:	akpm@...ux-foundation.org, jens.axboe@...cle.com,
	linux-kernel@...r.kernel.org, linux-fsdevel@...r.kernel.org
Subject: Re: [patch] fix infinite loop in generic_file_splice_read()

Helló Miklós!

ez a patch szükséges a 2.6.22.y kernelhez? (2.6.22.y-ba első ránézésre
hunk nélkül hozzáadható)
vagy várjam meg, amig bekerül a mainline kernelbe?

On 4/9/08, Miklos Szeredi <miklos@...redi.hu> wrote:
> generic_file_splice_read() goes into an infinite loop if it races with
> truncation.  I've found this with fsx-linux on NFS over fuse.
>
> Perhaps the whole while() loop is bogus, but I can't tell from a
> cursory glance at __generic_file_splice_read() if it will return zero
> only on EOF, or it can do that for other reasons as well.  In the
> latter case the loop is obviously needed.
>
> This simplistic patch fixes the issue for me.
>
> Signed-off-by: Miklos Szeredi <mszeredi@...e.cz>
> ---
>  fs/splice.c |   19 ++++++++++---------
>  1 file changed, 10 insertions(+), 9 deletions(-)
>
> Index: linux/fs/splice.c
> ===================================================================
> --- linux.orig/fs/splice.c	2008-04-02 13:34:58.000000000 +0200
> +++ linux/fs/splice.c	2008-04-09 17:35:06.000000000 +0200
> @@ -481,19 +481,20 @@ ssize_t generic_file_splice_read(struct
>  {
>  	ssize_t spliced;
>  	int ret;
> -	loff_t isize, left;
> -
> -	isize = i_size_read(in->f_mapping->host);
> -	if (unlikely(*ppos >= isize))
> -		return 0;
> -
> -	left = isize - *ppos;
> -	if (unlikely(left < len))
> -		len = left;
>
>  	ret = 0;
>  	spliced = 0;
>  	while (len && !spliced) {
> +		loff_t isize, left;
> +
> +		isize = i_size_read(in->f_mapping->host);
> +		if (unlikely(*ppos >= isize))
> +			return 0;
> +
> +		left = isize - *ppos;
> +		if (unlikely(left < len))
> +			len = left;
> +
>  		ret = __generic_file_splice_read(in, ppos, pipe, len, flags);
>
>  		if (ret < 0)
> --
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@...r.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at  http://www.tux.org/lkml/
>


-- 
Thanks,
Oliver

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ