| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 11 Jan 2021 10:48:35 +0800
From: Ming Lei <ming.lei@...hat.com>
To: Pavel Begunkov <asml.silence@...il.com>
Cc: linux-block@...r.kernel.org, Jens Axboe <axboe@...nel.dk>,
Christoph Hellwig <hch@...radead.org>,
Matthew Wilcox <willy@...radead.org>,
Johannes Weiner <hannes@...xchg.org>,
Alexander Viro <viro@...iv.linux.org.uk>,
"Darrick J . Wong" <darrick.wong@...cle.com>,
"Martin K . Petersen" <martin.petersen@...cle.com>,
Jonathan Corbet <corbet@....net>, linux-xfs@...r.kernel.org,
linux-fsdevel@...r.kernel.org, io-uring@...r.kernel.org,
linux-kernel@...r.kernel.org, target-devel@...r.kernel.org,
linux-scsi@...r.kernel.org, linux-doc@...r.kernel.org,
Christoph Hellwig <hch@....de>
Subject: Re: [PATCH v3 1/7] splice: don't generate zero-len segement bvecs
On Sat, Jan 09, 2021 at 04:02:57PM +0000, Pavel Begunkov wrote:
> iter_file_splice_write() may spawn bvec segments with zero-length. In
> preparation for prohibiting them, filter out by hand at splice level.
>
> Reviewed-by: Christoph Hellwig <hch@....de>
> Signed-off-by: Pavel Begunkov <asml.silence@...il.com>
> ---
> fs/splice.c | 9 ++++++---
> 1 file changed, 6 insertions(+), 3 deletions(-)
>
> diff --git a/fs/splice.c b/fs/splice.c
> index 866d5c2367b2..474fb8b5562a 100644
> --- a/fs/splice.c
> +++ b/fs/splice.c
> @@ -662,12 +662,14 @@ iter_file_splice_write(struct pipe_inode_info *pipe, struct file *out,
>
> /* build the vector */
> left = sd.total_len;
> - for (n = 0; !pipe_empty(head, tail) && left && n < nbufs; tail++, n++) {
> + for (n = 0; !pipe_empty(head, tail) && left && n < nbufs; tail++) {
> struct pipe_buffer *buf = &pipe->bufs[tail & mask];
> size_t this_len = buf->len;
>
> - if (this_len > left)
> - this_len = left;
> + /* zero-length bvecs are not supported, skip them */
> + if (!this_len)
> + continue;
> + this_len = min(this_len, left);
>
> ret = pipe_buf_confirm(pipe, buf);
> if (unlikely(ret)) {
> @@ -680,6 +682,7 @@ iter_file_splice_write(struct pipe_inode_info *pipe, struct file *out,
> array[n].bv_len = this_len;
> array[n].bv_offset = buf->offset;
> left -= this_len;
> + n++;
> }
>
> iov_iter_bvec(&from, WRITE, array, n, sd.total_len - left);
> --
> 2.24.0
>
Reviewed-by: Ming Lei <ming.lei@...hat.com>
--
Ming
Powered by blists - more mailing lists