lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Date:	Thu, 19 May 2016 10:05:43 +0200
From:	Miklos Szeredi <miklos@...redi.hu>
To:	Jens Axboe <axboe@...nel.dk>
Cc:	Abhijith Das <adas@...hat.com>,
	Linux-Fsdevel <linux-fsdevel@...r.kernel.org>,
	linux-mm@...ck.org,
	Kernel Mailing List <linux-kernel@...r.kernel.org>,
	Linus Torvalds <torvalds@...ux-foundation.org>
Subject: why does page_cache_pipe_buf_confirm() need to check page->mapping?

Hi Jens,

I haven't done a great deal of research into this, but checking
page->mapping in page_cache_pipe_buf_confirm() might be bogus.

If the page is truncated *after* being spliced into the pipe, why on
earth does the buffer become invalid?

This looks to be a problem for filesystems that invalidate pages
(because the the data is possibly stale) and the pipe read returns
-ENODATA even though the data is there, it's just possibly different
from what was spliced into the pipe.  But I don't think that's a
reason for throwing away that buffer and definitely not a reason to
return an error.

Thanks,
Miklos

Powered by blists - more mailing lists