Commit 2a33e2dd authored Nov 22, 2023 by Amir Goldstein Committed by Christian Brauner Nov 24, 2023

splice: remove permission hook from do_splice_direct()



All callers of do_splice_direct() have a call to rw_verify_area() for
the entire range that is being copied, e.g. by vfs_copy_file_range() or
do_sendfile() before calling do_splice_direct().

The rw_verify_area() check inside do_splice_direct() is redundant and
is called after sb_start_write(), so it is not "start-write-safe".
Remove this redundant check.

This is needed for fanotify "pre content" events.

Reviewed-by: Josef Bacik <josef@toxicpanda.com>
Signed-off-by: Amir Goldstein <amir73il@gmail.com>
Link: https://lore.kernel.org/r/20231122122715.2561213-3-amir73il@gmail.com


Reviewed-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Jan Kara <jack@suse.cz>
Signed-off-by: Christian Brauner <brauner@kernel.org>

parent ca7ab482

fs/splice.c

+1 −4

Original line number	Diff line number	Diff line
		@@ -1166,6 +1166,7 @@ static void direct_file_splice_eof(struct splice_desc *sd)
		* (splice in + splice out, as compared to just sendfile()). So this helper
		* can splice directly through a process-private pipe.
		*
		* Callers already called rw_verify_area() on the entire range.
		*/
		long do_splice_direct(struct file in, loff_t ppos, struct file *out,
		loff_t *opos, size_t len, unsigned int flags)
		@@ -1187,10 +1188,6 @@ long do_splice_direct(struct file in, loff_t ppos, struct file *out,
		if (unlikely(out->f_flags & O_APPEND))
		return -EINVAL;

		ret = rw_verify_area(WRITE, out, opos, len);
		if (unlikely(ret < 0))
		return ret;

		ret = splice_direct_to_actor(in, &sd, direct_splice_actor);
		if (ret > 0)
		*ppos = sd.pos;