pipe: Check for ring full inside of the spinlock in pipe_write()

Make pipe_write() check to see if the ring has become full between it
taking the pipe mutex, checking the ring status and then taking the
spinlock.

This can happen if a notification is written into the pipe as that happens
without the pipe mutex.

Signed-off-by: David Howells <dhowells@redhat.com>

diff --git a/fs/pipe.c b/fs/pipe.c
index d7b8d3f..aba2455 100644 (file)
--- a/fs/pipe.c
+++ b/fs/pipe.c
@@ -463,6 +463,11 @@ pipe_write(struct kiocb *iocb, struct iov_iter *from)
                        spin_lock_irq(&pipe->wait.lock);
 
                        head = pipe->head;
+                       if (pipe_full(head, pipe->tail, max_usage)) {
+                               spin_unlock_irq(&pipe->wait.lock);
+                               continue;
+                       }
+
                        pipe->head = head + 1;
 
                        /* Always wake up, even if the copy fails. Otherwise