This is a note to let you know that I've just added the patch titled
splice: remove permission hook from iter_file_splice_write()
to the 6.6-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
splice-remove-permission-hook-from-iter_file_splice_.patch
and it can be found in the queue-6.6 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
commit 9519e9d1e625d4f01b3c8a1c32042e3f5da53b0b
Author: Amir Goldstein <amir73il@xxxxxxxxx>
Date: Thu Nov 23 18:51:44 2023 +0100
splice: remove permission hook from iter_file_splice_write()
[ Upstream commit d53471ba6f7ae97a4e223539029528108b705af1 ]
All the callers of ->splice_write(), (e.g. do_splice_direct() and
do_splice()) already check rw_verify_area() for the entire range
and perform all the other checks that are in vfs_write_iter().
Instead of creating another tiny helper for special caller, just
open-code it.
This is needed for fanotify "pre content" events.
Suggested-by: Jan Kara <jack@xxxxxxx>
Reviewed-by: Josef Bacik <josef@xxxxxxxxxxxxxx>
Signed-off-by: Amir Goldstein <amir73il@xxxxxxxxx>
Link: https://lore.kernel.org/r/20231122122715.2561213-6-amir73il@xxxxxxxxx
Signed-off-by: Christian Brauner <brauner@xxxxxxxxxx>
Stable-dep-of: 7c98f7cb8fda ("remove call_{read,write}_iter() functions")
Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>
diff --git a/fs/splice.c b/fs/splice.c
index d983d375ff113..a8f97c5e8cf0e 100644
--- a/fs/splice.c
+++ b/fs/splice.c
@@ -673,10 +673,13 @@ iter_file_splice_write(struct pipe_inode_info *pipe, struct file *out,
.u.file = out,
};
int nbufs = pipe->max_usage;
- struct bio_vec *array = kcalloc(nbufs, sizeof(struct bio_vec),
- GFP_KERNEL);
+ struct bio_vec *array;
ssize_t ret;
+ if (!out->f_op->write_iter)
+ return -EINVAL;
+
+ array = kcalloc(nbufs, sizeof(struct bio_vec), GFP_KERNEL);
if (unlikely(!array))
return -ENOMEM;
@@ -684,6 +687,7 @@ iter_file_splice_write(struct pipe_inode_info *pipe, struct file *out,
splice_from_pipe_begin(&sd);
while (sd.total_len) {
+ struct kiocb kiocb;
struct iov_iter from;
unsigned int head, tail, mask;
size_t left;
@@ -733,7 +737,10 @@ iter_file_splice_write(struct pipe_inode_info *pipe, struct file *out,
}
iov_iter_bvec(&from, ITER_SOURCE, array, n, sd.total_len - left);
- ret = vfs_iter_write(out, &from, &sd.pos, 0);
+ init_sync_kiocb(&kiocb, out);
+ kiocb.ki_pos = sd.pos;
+ ret = call_write_iter(out, &kiocb, &from);
+ sd.pos = kiocb.ki_pos;
if (ret <= 0)
break;
