From patchwork Thu Feb 16 16:49:02 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Miklos Szeredi <miklos@szeredi.hu>
X-Patchwork-Id: 9577719
Return-Path: <linux-fsdevel-owner@kernel.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	8009D60209 for <patchwork-linux-fsdevel@patchwork.kernel.org>;
	Thu, 16 Feb 2017 16:49:21 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 721652862B
	for <patchwork-linux-fsdevel@patchwork.kernel.org>;
	Thu, 16 Feb 2017 16:49:21 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 660A728648; Thu, 16 Feb 2017 16:49:21 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-6.3 required=2.0 tests=BAYES_00,DKIM_SIGNED,
	RCVD_IN_DNSWL_HI, RCVD_IN_SORBS_SPAM,
	T_DKIM_INVALID autolearn=unavailable version=3.3.1
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 040AA2862B
	for <patchwork-linux-fsdevel@patchwork.kernel.org>;
	Thu, 16 Feb 2017 16:49:21 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1754770AbdBPQtI (ORCPT
	<rfc822;patchwork-linux-fsdevel@patchwork.kernel.org>);
	Thu, 16 Feb 2017 11:49:08 -0500
Received: from mail-wm0-f68.google.com ([74.125.82.68]:36617 "EHLO
	mail-wm0-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1754622AbdBPQtH (ORCPT
	<rfc822;linux-fsdevel@vger.kernel.org>);
	Thu, 16 Feb 2017 11:49:07 -0500
Received: by mail-wm0-f68.google.com with SMTP id r18so4012874wmd.3
	for <linux-fsdevel@vger.kernel.org>;
	Thu, 16 Feb 2017 08:49:06 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=szeredi.hu; s=google;
	h=date:from:to:cc:subject:message-id:mime-version:content-disposition
	:user-agent; bh=Y4KNH10zzHhxe+9sDF9HnFYEeJKGCghd24hiUAWROMQ=;
	b=nhOM8kJRmQWk/ctqK9ZX8axCg8t0f7t6Y6oGYqs9sbI1Kv+O45heuhQunLScXPv9IB
	J28nrZQrUKdf+yyuQAujtKUBukEr7g6sjtJKTMO0oZkHdeYzjaDMGuc1XpcZSf0byRM9
	FdRQUuySDT7rb31tzJWPDMebmAFzvhqGl4StM=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:date:from:to:cc:subject:message-id:mime-version
	:content-disposition:user-agent;
	bh=Y4KNH10zzHhxe+9sDF9HnFYEeJKGCghd24hiUAWROMQ=;
	b=LsnaW5hNb66rsaNE8/35b5sZZn6sNAoqZ6/SAJPEnTSKLZDkn2tDmFkX1PMfrZLa2+
	8t7IY9cMnysbkIYiYRZnuTn1wC/gl+yF2JcVbno1VIvUQyNO3PTj3i/v4KWpfB88IFml
	JTsD1h28YfHw9x5Bxu0JSGuLWhssGmh6GIHTvggKusdprKoY1TVdUp+PbSARD0c9MANB
	YwgK1b1/iwh/WIfMqBYBcq94Nx/TFQwI5aVyjtKOOGF8wcTXhZJ2xiDmAfkHLGZ1zNPx
	Hi0+SiTW3ZR5jvFLEDo1QD0izjsLILXLfddIQNeFBA+9Cjkc+yWpmRxQ1fao2hmPIOXw
	DQRA==
X-Gm-Message-State: 
 AMke39nrBc13dLaW4V7DvH30eAcpyyGH/E0eS+uXl0F4KA06cDL7q5XOG9ZFHpZqzf5gqQ==
X-Received: by 10.28.144.66 with SMTP id s63mr13772892wmd.134.1487263745675;
	Thu, 16 Feb 2017 08:49:05 -0800 (PST)
Received: from veci.piliscsaba.szeredi.hu (pool-dsl-2c-0018.externet.hu.
	[217.173.44.24]) by smtp.gmail.com with ESMTPSA id
	m80sm840860wmi.34.2017.02.16.08.49.04
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Thu, 16 Feb 2017 08:49:04 -0800 (PST)
Date: Thu, 16 Feb 2017 17:49:02 +0100
From: Miklos Szeredi <miklos@szeredi.hu>
To: Al Viro <viro@ZenIV.linux.org.uk>
Cc: linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org,
	Linus Torvalds <torvalds@linux-foundation.org>
Subject: [PATCH] vfs: fix uninitialized flags in splice_to_pipe()
Message-ID: <20170216164902.GC30656@veci.piliscsaba.szeredi.hu>
MIME-Version: 1.0
Content-Disposition: inline
User-Agent: Mutt/1.7.1 (2016-10-04)
Sender: linux-fsdevel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-fsdevel.vger.kernel.org>
X-Mailing-List: linux-fsdevel@vger.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

From: Miklos Szeredi <mszeredi@redhat.com>

Flags (PIPE_BUF_FLAG_PACKET, PIPE_BUF_FLAG_GIFT) could remain on the unused
part of the pipe ring buffer.  Previously splice_to_pipe() left the flags
value alone, which could result in incorrect behavior.

Uninitialized flags appears to have been there from the introduction of the
splice syscall.

Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>
Cc: <stable@vger.kernel.org> # 2.6.17+
Reviewed-by: Christoph Hellwig <hch@lst.de>
---
 fs/splice.c |    1 +
 1 file changed, 1 insertion(+)

--- a/fs/splice.c
+++ b/fs/splice.c
@@ -204,6 +204,7 @@ ssize_t splice_to_pipe(struct pipe_inode
 		buf->len = spd->partial[page_nr].len;
 		buf->private = spd->partial[page_nr].private;
 		buf->ops = spd->ops;
+		buf->flags = 0;
 
 		pipe->nrbufs++;
 		page_nr++;