diff options
author | Jens Axboe <axboe@suse.de> | 2006-05-01 19:50:48 +0200 |
---|---|---|
committer | Jens Axboe <axboe@suse.de> | 2006-05-01 19:50:48 +0200 |
commit | 0568b409c74f7a125d92a09a3f386785700ef688 (patch) | |
tree | 79125b2f4755e98949f0d941a0092e5d3367bbff /fs/pipe.c | |
parent | 46e678c96bbd775abd05d3ddbe2fd334794f9157 (diff) | |
download | kernel-crypto-0568b409c74f7a125d92a09a3f386785700ef688.tar.gz kernel-crypto-0568b409c74f7a125d92a09a3f386785700ef688.tar.xz kernel-crypto-0568b409c74f7a125d92a09a3f386785700ef688.zip |
[PATCH] splice: fix bugs in pipe_to_file()
Found by Oleg Nesterov <oleg@tv-sign.ru>, fixed by me.
- Only allow full pages to go to the page cache.
- Check page != buf->page instead of using PIPE_BUF_FLAG_STOLEN.
- Remember to clear 'stolen' if add_to_page_cache() fails.
And as a cleanup on that:
- Make the bottom fall-through logic a little less convoluted. Also make
the steal path hold an extra reference to the page, so we don't have
to differentiate between stolen and non-stolen at the end.
Signed-off-by: Jens Axboe <axboe@suse.de>
Diffstat (limited to 'fs/pipe.c')
-rw-r--r-- | fs/pipe.c | 3 |
1 files changed, 0 insertions, 3 deletions
diff --git a/fs/pipe.c b/fs/pipe.c index 5a369273c51..888f265011b 100644 --- a/fs/pipe.c +++ b/fs/pipe.c @@ -99,8 +99,6 @@ static void anon_pipe_buf_release(struct pipe_inode_info *pipe, { struct page *page = buf->page; - buf->flags &= ~PIPE_BUF_FLAG_STOLEN; - /* * If nobody else uses this page, and we don't already have a * temporary page, let's keep track of it as a one-deep @@ -130,7 +128,6 @@ static int anon_pipe_buf_steal(struct pipe_inode_info *pipe, struct page *page = buf->page; if (page_count(page) == 1) { - buf->flags |= PIPE_BUF_FLAG_STOLEN; lock_page(page); return 0; } |