fix a fencepost error in pipe_advance()
authorAl Viro <viro@zeniv.linux.org.uk>
Sun, 15 Jan 2017 00:33:08 +0000 (19:33 -0500)
committerAl Viro <viro@zeniv.linux.org.uk>
Sun, 15 Jan 2017 00:50:41 +0000 (19:50 -0500)
commitb9dc6f65bc5e232d1c05fe34b5daadc7e8bbf1fb
treeca221e796b274a6c909db003fcda215156aa4cc7
parent4d22c75d4c7b5c5f4bd31054f09103ee490878fd
fix a fencepost error in pipe_advance()

The logics in pipe_advance() used to release all buffers past the new
position failed in cases when the number of buffers to release was equal
to pipe->buffers.  If that happened, none of them had been released,
leaving pipe full.  Worse, it was trivial to trigger and we end up with
pipe full of uninitialized pages.  IOW, it's an infoleak.

Cc: stable@vger.kernel.org # v4.9
Reported-by: "Alan J. Wylie" <alan@wylie.me.uk>
Tested-by: "Alan J. Wylie" <alan@wylie.me.uk>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
lib/iov_iter.c