search for: splice_from_pipe_feed

Hi, This patch set fixes two bugs of splice_write in the virtio-console driver. [BUG1] Although pipe->nrbufs is empty, the driver tries to do splice_write. => This induces oops in sg_init_table(). [BUG2] No lock for competition of splice_write. => This induces oops in splice_from_pipe_feed() by bug of any user application. These reports are written in each patch. Changes in V2: - Fix a locking problem for error Changes in V3: - Add Reviewed-by lines and stable@ line in sign-off area Thanks! --- Yoshihiro YUNOMAE (2): [BUGFIX] virtio/console: Quit from splice_wri...

Hi, This patch set fixes two bugs of splice_write in the virtio-console driver. [BUG1] Although pipe->nrbufs is empty, the driver tries to do splice_write. => This induces oops in sg_init_table(). [BUG2] No lock for competition of splice_write. => This induces oops in splice_from_pipe_feed() by bug of any user application. These reports are written in each patch. Changes in V2: - Fix a locking problem for error Changes in V3: - Add Reviewed-by lines and stable@ line in sign-off area Thanks! --- Yoshihiro YUNOMAE (2): [BUGFIX] virtio/console: Quit from splice_wri...

Hi, This patch set fixes two bugs of splice_write in the virtio-console driver. [BUG1] Although pipe->nrbufs is empty, the driver tries to do splice_write. => This induces oops in sg_init_table(). [BUG2] No lock for competition of splice_write. => This induces oops in splice_from_pipe_feed() by bug of any user application. These reports are written in each patch. Changes in V2: - Fix a locking problem for error Thanks! --- Yoshihiro YUNOMAE (2): [BUGFIX] virtio/console: Quit from splice_write if pipe->nrbufs is 0 [BUGFIX] virtio/console: Add pipe_lock/un...

Hi, This patch set fixes two bugs of splice_write in the virtio-console driver. [BUG1] Although pipe->nrbufs is empty, the driver tries to do splice_write. => This induces oops in sg_init_table(). [BUG2] No lock for competition of splice_write. => This induces oops in splice_from_pipe_feed() by bug of any user application. These reports are written in each patch. Changes in V2: - Fix a locking problem for error Thanks! --- Yoshihiro YUNOMAE (2): [BUGFIX] virtio/console: Quit from splice_write if pipe->nrbufs is 0 [BUGFIX] virtio/console: Add pipe_lock/un...

...cute splice(write), the structure can be broken. Existing virtio-serial driver does not get lock for the structure in splice_write, so this competition will induce oops. <oops messages> BUG: unable to handle kernel NULL pointer dereference at 0000000000000018 IP: [<ffffffff811a6b5f>] splice_from_pipe_feed+0x6f/0x130 PGD 7223e067 PUD 72391067 PMD 0 Oops: 0000 [#1] SMP Modules linked in: lockd bnep bluetooth rfkill sunrpc ip6t_REJECT nf_conntrack_ipv6 nf_defrag_ipv6 xt_state nf_conntrack ip6table_filter ip6_tables snd_hda_intel snd_hda_codec snd_hwdep snd_pcm snd_page_alloc snd_timer snd soundcore...

...two bugs of splice_write in the virtio-console driver. > > [BUG1] Although pipe->nrbufs is empty, the driver tries to do splice_write. > => This induces oops in sg_init_table(). > > [BUG2] No lock for competition of splice_write. > => This induces oops in splice_from_pipe_feed() by bug of any user > application. > > These reports are written in each patch. > > Changes in V2: > - Fix a locking problem for error > > Thanks! Reviewed-by: Amit Shah <amit.shah at redhat.com> For the patches to be picked up in the stable trees, you...

...two bugs of splice_write in the virtio-console driver. > > [BUG1] Although pipe->nrbufs is empty, the driver tries to do splice_write. > => This induces oops in sg_init_table(). > > [BUG2] No lock for competition of splice_write. > => This induces oops in splice_from_pipe_feed() by bug of any user > application. > > These reports are written in each patch. > > Changes in V2: > - Fix a locking problem for error > > Changes in V3: > - Add Reviewed-by lines and stable@ line in sign-off area Thank you! Rusty, please pick this up....