| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sun, 8 Oct 2023 17:48:00 +0800
From: Kemeng Shi <shikemeng@...weicloud.com>
To: viro@...iv.linux.org.uk, brauner@...nel.org, dhowells@...hat.com
Cc: linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: [PATCH 1/2] pipe: remove pipe_full check with wrong head in pipe_write
In pipe_write we have:
head = pipe->head;
if (!pipe_full(head, pipe->tail, pipe->max_usage))
pipe->head = head + 1;
/* write data to buffer at head */
/* supposed to check if pipe is full after write */
if (!pipe_full(head, pipe->tail, pipe->max_usage))
continue
The second pipe_full expects head after write but head before write is
used. Luckily, we will call pipe_full with correct reloaded pipe->head
in new loop cycle and stop writing correctly. Remove wrong pipe_full
check and simply continue to first pipe_full check after write done to
avoid unnecessary check.
Fixes: a194dfe6e6f6 ("pipe: Rearrange sequence in pipe_write() to preallocate slot")
Signed-off-by: Kemeng Shi <shikemeng@...weicloud.com>
---
fs/pipe.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/fs/pipe.c b/fs/pipe.c
index 2d88f73f585a..b19875720ff1 100644
--- a/fs/pipe.c
+++ b/fs/pipe.c
@@ -542,10 +542,9 @@ pipe_write(struct kiocb *iocb, struct iov_iter *from)
if (!iov_iter_count(from))
break;
- }
- if (!pipe_full(head, pipe->tail, pipe->max_usage))
continue;
+ }
/* Wait for buffer space to become available. */
if ((filp->f_flags & O_NONBLOCK) ||
--
2.30.0
Powered by blists - more mailing lists