lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date:   Wed, 20 May 2020 18:42:56 -0600
From:   Jens Axboe <>
To:     David Howells <>
Cc:     "" <>
Subject: [PATCH]: splice fix opipe_prep() full check

The patch converting pipes to head and tail pointers mistakenly
turned the splice pipe-to-pipe opipe check into something
nonsensical. It's supposed to check if we have room in the pipe,
and return success if we do. If not, wait for room in the pipe.
Instead it's now returning success for a full pipe, and entering
the slow path for a non-full pipe.

Fixes: 8cefc107ca54 ("pipe: Use head and tail pointers for the ring, not cursor and length")
Signed-off-by: Jens Axboe <>


I didn't check if the offending commit had other logical fumbles.

diff --git a/fs/splice.c b/fs/splice.c
index fd0a1e7e5959..4e53efbd621d 100644
--- a/fs/splice.c
+++ b/fs/splice.c
@@ -1494,7 +1494,7 @@ static int opipe_prep(struct pipe_inode_info *pipe, unsigned int flags)
 	 * Check pipe occupancy without the inode lock first. This function
 	 * is speculative anyways, so missing one is ok.
-	if (pipe_full(pipe->head, pipe->tail, pipe->max_usage))
+	if (!pipe_full(pipe->head, pipe->tail, pipe->max_usage))
 		return 0;
 	ret = 0;

Jens Axboe

Powered by blists - more mailing lists