From 00de00bdad278783b3664ad2969954a707f5944a Mon Sep 17 00:00:00 2001 From: Jens Axboe Date: Fri, 15 Jun 2007 13:14:22 +0200 Subject: splice: fix leak of pages on short splice to pipe If the destination pipe is full and we already transferred data, we break out instead of waiting for more pipe room. The exit logic looks at spd->nr_pages to see if we moved everything inside the spd container, but we decrement that variable in the loop to decide when spd has emptied. Instead we want to compare to the original page count in the spd, so cache that in a local variable. Signed-off-by: Jens Axboe --- fs/splice.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/fs/splice.c b/fs/splice.c index 12d247f6ece..186fad463c4 100644 --- a/fs/splice.c +++ b/fs/splice.c @@ -176,6 +176,7 @@ static const struct pipe_buf_operations user_page_pipe_buf_ops = { static ssize_t splice_to_pipe(struct pipe_inode_info *pipe, struct splice_pipe_desc *spd) { + unsigned int spd_pages = spd->nr_pages; int ret, do_wakeup, page_nr; ret = 0; @@ -254,7 +255,7 @@ static ssize_t splice_to_pipe(struct pipe_inode_info *pipe, kill_fasync(&pipe->fasync_readers, SIGIO, POLL_IN); } - while (page_nr < spd->nr_pages) + while (page_nr < spd_pages) page_cache_release(spd->pages[page_nr++]); return ret; -- cgit v1.2.3