From: Dave Chinner <dchinner@xxxxxxxxxx> The man page says: EINVAL Requested range extends beyond the end of the source file But the current behaviour is that copy_file_range does a short copy up to the source file EOF. Fix the kernel behaviour to match the behaviour described in the man page. Signed-off-by: Dave Chinner <dchinner@xxxxxxxxxx> --- fs/read_write.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/fs/read_write.c b/fs/read_write.c index 4dae0399c75a..09d1816cf3cf 100644 --- a/fs/read_write.c +++ b/fs/read_write.c @@ -1581,6 +1581,10 @@ ssize_t vfs_copy_file_range(struct file *file_in, loff_t pos_in, if (len == 0) return 0; + /* If the source range crosses EOF, fail the copy */ + if (pos_in >= i_size(inode_in) || pos_in + len > i_size(inode_in)) + return -EINVAL; + file_start_write(file_out); /* -- 2.19.1
