diff options
| author | Miklos Szeredi <mszeredi@suse.cz> | 2014-01-22 19:36:57 +0100 |
|---|---|---|
| committer | Miklos Szeredi <mszeredi@suse.cz> | 2014-01-22 19:36:57 +0100 |
| commit | 28a625cbc2a14f17b83e47ef907b2658576a32aa (patch) | |
| tree | 58d461b91f25a6499bd6404cd79faa4f9c185ff0 /fs/splice.c | |
| parent | d8ec26d7f8287f5788a494f56e8814210f0e64be (diff) | |
| download | linux-0-day-28a625cbc2a14f17b83e47ef907b2658576a32aa.tar.gz linux-0-day-28a625cbc2a14f17b83e47ef907b2658576a32aa.tar.xz | |
fuse: fix pipe_buf_operations
Having this struct in module memory could Oops when if the module is
unloaded while the buffer still persists in a pipe.
Since sock_pipe_buf_ops is essentially the same as fuse_dev_pipe_buf_steal
merge them into nosteal_pipe_buf_ops (this is the same as
default_pipe_buf_ops except stealing the page from the buffer is not
allowed).
Reported-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
Cc: stable@vger.kernel.org
Diffstat (limited to 'fs/splice.c')
| -rw-r--r-- | fs/splice.c | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/fs/splice.c b/fs/splice.c index 46a08f772d7db..12028fa41def9 100644 --- a/fs/splice.c +++ b/fs/splice.c @@ -555,6 +555,24 @@ static const struct pipe_buf_operations default_pipe_buf_ops = { .get = generic_pipe_buf_get, }; +static int generic_pipe_buf_nosteal(struct pipe_inode_info *pipe, + struct pipe_buffer *buf) +{ + return 1; +} + +/* Pipe buffer operations for a socket and similar. */ +const struct pipe_buf_operations nosteal_pipe_buf_ops = { + .can_merge = 0, + .map = generic_pipe_buf_map, + .unmap = generic_pipe_buf_unmap, + .confirm = generic_pipe_buf_confirm, + .release = generic_pipe_buf_release, + .steal = generic_pipe_buf_nosteal, + .get = generic_pipe_buf_get, +}; +EXPORT_SYMBOL(nosteal_pipe_buf_ops); + static ssize_t kernel_readv(struct file *file, const struct iovec *vec, unsigned long vlen, loff_t offset) { |