| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <cf341c51-ba8c-4f81-fe4e-6bf8190293e3@kernel.dk>
Date: Wed, 20 May 2020 18:42:56 -0600
From: Jens Axboe <axboe@...nel.dk>
To: David Howells <dhowells@...hat.com>
Cc: "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Subject: [PATCH]: splice fix opipe_prep() full check
The patch converting pipes to head and tail pointers mistakenly
turned the splice pipe-to-pipe opipe check into something
nonsensical. It's supposed to check if we have room in the pipe,
and return success if we do. If not, wait for room in the pipe.
Instead it's now returning success for a full pipe, and entering
the slow path for a non-full pipe.
Cc: stable@...r.kernel.org
Fixes: 8cefc107ca54 ("pipe: Use head and tail pointers for the ring, not cursor and length")
Signed-off-by: Jens Axboe <axboe@...nel.dk>
---
I didn't check if the offending commit had other logical fumbles.
diff --git a/fs/splice.c b/fs/splice.c
index fd0a1e7e5959..4e53efbd621d 100644
--- a/fs/splice.c
+++ b/fs/splice.c
@@ -1494,7 +1494,7 @@ static int opipe_prep(struct pipe_inode_info *pipe, unsigned int flags)
* Check pipe occupancy without the inode lock first. This function
* is speculative anyways, so missing one is ok.
*/
- if (pipe_full(pipe->head, pipe->tail, pipe->max_usage))
+ if (!pipe_full(pipe->head, pipe->tail, pipe->max_usage))
return 0;
ret = 0;
--
Jens Axboe
Powered by blists - more mailing lists