On Mon, Jun 05, 2023 at 01:45:52PM +0100, David Howells wrote:
...
> @@ -846,13 +824,131 @@ EXPORT_SYMBOL(iter_file_splice_write);
> * is involved.
> *
> */
> -ssize_t generic_splice_sendpage(struct pipe_inode_info *pipe, struct file *out,
> - loff_t *ppos, size_t len, unsigned int flags)
> +ssize_t splice_to_socket(struct pipe_inode_info *pipe, struct file *out,
> + loff_t *ppos, size_t len, unsigned int flags)
> {
> - return splice_from_pipe(pipe, out, ppos, len, flags, pipe_to_sendpage);
> -}
> + struct socket *sock = sock_from_file(out);
> + struct bio_vec bvec[16];
> + struct msghdr msg = {};
> + ssize_t ret;
> + size_t spliced = 0;
> + bool need_wakeup = false;
> +
> + pipe_lock(pipe);
> +
> + while (len > 0) {
Hi David,
I'm assuming the answer is that this cannot occur,
but I thought I should mention this anyway.
If the initial value of len is 0 (or less).
...
> +
> +out:
> + pipe_unlock(pipe);
> + if (need_wakeup)
> + wakeup_pipe_writers(pipe);
> + return spliced ?: ret;
Then ret will be used uninitialised here.
> +}
> +#endif
>
> static int warn_unsupported(struct file *file, const char *op)
> {
...
