Re: Yet another pipe related oops.

[Al Viro]

On Wed, Mar 27, 2013 at 09:51:27AM -0400, Dave Jones wrote:

> Could be that Al's patches refactored this bug away, or it could just be
> that I've been lucky the last few weeks, and just haven't had the right
> entropy to get the sequence of events right..
> 
> thoughts ?

Actually, that's my fault - check lost in patch reordering.  My apologies ;-/
Eventually, we want that in fs/splice.c side of things (no point repeating it
for every buffer, after all), but for now this is the obvious minimal fix.

Signed-off-by: Al Viro <viro@xxxxxxxxxxxxxxxxxx>
---
diff --git a/fs/read_write.c b/fs/read_write.c
index f7b5a23..e6ddc8d 100644
--- a/fs/read_write.c
+++ b/fs/read_write.c
@@ -424,6 +424,9 @@ ssize_t __kernel_write(struct file *file, const char *buf, size_t count, loff_t
 	const char __user *p;
 	ssize_t ret;
 
+	if (!file->f_op || (!file->f_op->write && !file->f_op->aio_write))
+		return -EINVAL;
+
 	old_fs = get_fs();
 	set_fs(get_ds());
 	p = (__force const char __user *)buf;
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/