| From cc1f22292f91baa9972ae00eec63f276072a7583 Mon Sep 17 00:00:00 2001 |
| From: Miklos Szeredi <mszeredi@redhat.com> |
| Date: Thu, 16 Feb 2017 17:49:02 +0100 |
| Subject: [PATCH] vfs: fix uninitialized flags in splice_to_pipe() |
| |
| commit 5a81e6a171cdbd1fa8bc1fdd80c23d3d71816fac upstream. |
| |
| Flags (PIPE_BUF_FLAG_PACKET, PIPE_BUF_FLAG_GIFT) could remain on the |
| unused part of the pipe ring buffer. Previously splice_to_pipe() left |
| the flags value alone, which could result in incorrect behavior. |
| |
| Uninitialized flags appears to have been there from the introduction of |
| the splice syscall. |
| |
| Signed-off-by: Miklos Szeredi <mszeredi@redhat.com> |
| Cc: <stable@vger.kernel.org> # 2.6.17+ |
| Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> |
| Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com> |
| |
| diff --git a/fs/splice.c b/fs/splice.c |
| index dd9bf7e410d2..367c588ef358 100644 |
| --- a/fs/splice.c |
| +++ b/fs/splice.c |
| @@ -211,6 +211,7 @@ ssize_t splice_to_pipe(struct pipe_inode_info *pipe, |
| buf->len = spd->partial[page_nr].len; |
| buf->private = spd->partial[page_nr].private; |
| buf->ops = spd->ops; |
| + buf->flags = 0; |
| if (spd->flags & SPLICE_F_GIFT) |
| buf->flags |= PIPE_BUF_FLAG_GIFT; |
| |
| -- |
| 2.12.0 |
| |
