On Fri, Oct 10 2008, Miklos Szeredi wrote: > On Thu, 9 Oct 2008, Linus Torvalds wrote: > > On Thu, 9 Oct 2008, Miklos Szeredi wrote: > > > > > > The thing is, the append-only attribute is absolutely useless without > > > being able to depend on it. So in that sense I think the IS_APPEND > > > issue is important, and I'm fine with your original proposal for that > > > (except we don't need the IS_IMMUTABLE check). > > > > Heh. In the meantime, I had grown to hate that more complex patch. > > > > So because I do see your point with IS_APPEND (being different from > > O_APPEND), but because I also think that O_APPEND itself is a gray and > > murky area, I just committed the following. I doubt anybody will ever even > > notice it, but while I think it's all debatable, we might as well debate > > it with this in place. I do agree that it's "safer" behaviour. > > Thanks. > > I suspect this qualifies for stable kernels too. Stable team, can you > please add this to your queue? > > The final commit is: > > commit efc968d450e013049a662d22727cf132618dcb2f > Author: Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx> > Date: Thu Oct 9 14:04:54 2008 -0700 > > Don't allow splice() to files opened with O_APPEND > > This is debatable, but while we're debating it, let's disallow the > combination of splice and an O_APPEND destination. > > It's not entirely clear what the semantics of O_APPEND should be, and > POSIX apparently expects pwrite() to ignore O_APPEND, for example. So > we could make up any semantics we want, including the old ones. > > But Miklos convinced me that we should at least give it some thought, > and that accepting writes at arbitrary offsets is wrong at least for > IS_APPEND() files (which always have O_APPEND set, even if the reverse > isn't true: you can obviously have O_APPEND set on a regular file). > > So disallow O_APPEND entirely for now. I doubt anybody cares, and this > way we have one less gray area to worry about. > > Reported-and-argued-for-by: Miklos Szeredi <miklos@xxxxxxxxxx> > Acked-by: Jens Axboe <ens.axboe@xxxxxxxxxx> And lets then change this to <jens.axboe@xxxxxxxxxx> :-) > Signed-off-by: Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx> > > diff --git a/fs/splice.c b/fs/splice.c > index 1bbc6f4..a1e701c 100644 > --- a/fs/splice.c > +++ b/fs/splice.c > @@ -898,6 +898,9 @@ static long do_splice_from(struct pipe_inode_info *pipe, struct file *out, > if (unlikely(!(out->f_mode & FMODE_WRITE))) > return -EBADF; > > + if (unlikely(out->f_flags & O_APPEND)) > + return -EINVAL; > + > ret = rw_verify_area(WRITE, out, ppos, len); > if (unlikely(ret < 0)) > return ret; -- Jens Axboe -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
