summaryrefslogtreecommitdiffstats
path: root/fs/pipe.c
diff options
context:
space:
mode:
authorJens Axboe <axboe@suse.de>2006-05-01 19:50:48 +0200
committerJens Axboe <axboe@suse.de>2006-05-01 19:50:48 +0200
commit0568b409c74f7a125d92a09a3f386785700ef688 (patch)
tree79125b2f4755e98949f0d941a0092e5d3367bbff /fs/pipe.c
parent46e678c96bbd775abd05d3ddbe2fd334794f9157 (diff)
downloadkernel-crypto-0568b409c74f7a125d92a09a3f386785700ef688.tar.gz
kernel-crypto-0568b409c74f7a125d92a09a3f386785700ef688.tar.xz
kernel-crypto-0568b409c74f7a125d92a09a3f386785700ef688.zip
[PATCH] splice: fix bugs in pipe_to_file()
Found by Oleg Nesterov <oleg@tv-sign.ru>, fixed by me. - Only allow full pages to go to the page cache. - Check page != buf->page instead of using PIPE_BUF_FLAG_STOLEN. - Remember to clear 'stolen' if add_to_page_cache() fails. And as a cleanup on that: - Make the bottom fall-through logic a little less convoluted. Also make the steal path hold an extra reference to the page, so we don't have to differentiate between stolen and non-stolen at the end. Signed-off-by: Jens Axboe <axboe@suse.de>
Diffstat (limited to 'fs/pipe.c')
-rw-r--r--fs/pipe.c3
1 files changed, 0 insertions, 3 deletions
diff --git a/fs/pipe.c b/fs/pipe.c
index 5a369273c51..888f265011b 100644
--- a/fs/pipe.c
+++ b/fs/pipe.c
@@ -99,8 +99,6 @@ static void anon_pipe_buf_release(struct pipe_inode_info *pipe,
{
struct page *page = buf->page;
- buf->flags &= ~PIPE_BUF_FLAG_STOLEN;
-
/*
* If nobody else uses this page, and we don't already have a
* temporary page, let's keep track of it as a one-deep
@@ -130,7 +128,6 @@ static int anon_pipe_buf_steal(struct pipe_inode_info *pipe,
struct page *page = buf->page;
if (page_count(page) == 1) {
- buf->flags |= PIPE_BUF_FLAG_STOLEN;
lock_page(page);
return 0;
}