41bc12f3d1d9160e39ae6b45df6b9687d9
parent c066332fb15adde1f37d874a67a1f9f7e4206484
author Nick Piggin <npiggin@suse.de> 1172008688 -0800
committer Linus Torvalds <torvalds@woody.linux-foundation.org> 1172020215 -0800

[PATCH] fs: fix libfs data leak

simple_prepare_write leaks uninitialised kernel data.  This happens because
the it leaves an uninitialised "hole" over the part of the page that the
write is expected to go to.  This is fine, but it then marks the page
uptodate, which means a concurrent read can come in and copy the
uninitialised memory into userspace before it written to.

Fix it by simply marking it uptodate in simple_commit_write instead, after
the hole has been filled in.  This could theoretically break an fs that
uses simple_prepare_write and not simple_commit_write, and that relies on
the incorrect simple_prepare_write behaviour.  Luckily, none of those
exists in the tree.

Signed-off-by: Nick Piggin <npiggin@suse.de>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
«Uzeš#x