From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753930AbdCFJ2X (ORCPT ); Mon, 6 Mar 2017 04:28:23 -0500 Received: from mx2.suse.de ([195.135.220.15]:37220 "EHLO mx2.suse.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753237AbdCFJNe (ORCPT ); Mon, 6 Mar 2017 04:13:34 -0500 X-Amavis-Alert: BAD HEADER SECTION, Duplicate header field: "References" From: Jiri Slaby To: stable@vger.kernel.org Cc: linux-kernel@vger.kernel.org, Miklos Szeredi , Linus Torvalds , Jiri Slaby Subject: [PATCH 3.12 065/113] vfs: fix uninitialized flags in splice_to_pipe() Date: Mon, 6 Mar 2017 10:11:29 +0100 Message-Id: <278f2fd4efb946ae89af5937689b763b19d6d67e.1488791431.git.jslaby@suse.cz> X-Mailer: git-send-email 2.12.0 In-Reply-To: References: In-Reply-To: References: Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Miklos Szeredi 3.12-stable review patch. If anyone has any objections, please let me know. =============== commit 5a81e6a171cdbd1fa8bc1fdd80c23d3d71816fac upstream. Flags (PIPE_BUF_FLAG_PACKET, PIPE_BUF_FLAG_GIFT) could remain on the unused part of the pipe ring buffer. Previously splice_to_pipe() left the flags value alone, which could result in incorrect behavior. Uninitialized flags appears to have been there from the introduction of the splice syscall. Signed-off-by: Miklos Szeredi Signed-off-by: Linus Torvalds Signed-off-by: Jiri Slaby --- fs/splice.c | 1 + 1 file changed, 1 insertion(+) diff --git a/fs/splice.c b/fs/splice.c index 51ce51b9af6a..2e012472f97b 100644 --- a/fs/splice.c +++ b/fs/splice.c @@ -215,6 +215,7 @@ ssize_t splice_to_pipe(struct pipe_inode_info *pipe, buf->len = spd->partial[page_nr].len; buf->private = spd->partial[page_nr].private; buf->ops = spd->ops; + buf->flags = 0; if (spd->flags & SPLICE_F_GIFT) buf->flags |= PIPE_BUF_FLAG_GIFT; -- 2.12.0