All callers of do_splice_direct() have a call to rw_verify_area() for the entire range that is being copied, e.g. by vfs_copy_file_range() or do_sendfile() before calling do_splice_direct(). The rw_verify_area() check inside do_splice_direct() is redundant and is called after sb_start_write(), so it is not "start-write-safe". Remove this redundant check. This is needed for fanotify "pre content" events. Signed-off-by: Amir Goldstein <amir73il@xxxxxxxxx> --- fs/splice.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/fs/splice.c b/fs/splice.c index d983d375ff11..6e917db6f49a 100644 --- a/fs/splice.c +++ b/fs/splice.c @@ -1166,6 +1166,7 @@ static void direct_file_splice_eof(struct splice_desc *sd) * (splice in + splice out, as compared to just sendfile()). So this helper * can splice directly through a process-private pipe. * + * Callers already called rw_verify_area() on the entire range. */ long do_splice_direct(struct file *in, loff_t *ppos, struct file *out, loff_t *opos, size_t len, unsigned int flags) @@ -1187,10 +1188,6 @@ long do_splice_direct(struct file *in, loff_t *ppos, struct file *out, if (unlikely(out->f_flags & O_APPEND)) return -EINVAL; - ret = rw_verify_area(WRITE, out, opos, len); - if (unlikely(ret < 0)) - return ret; - ret = splice_direct_to_actor(in, &sd, direct_splice_actor); if (ret > 0) *ppos = sd.pos; -- 2.34.1
