Re: [PATCH 6.6 439/744] splice: remove permission hook from iter_file_splice_write()

On Thu, Jun 6, 2024 at 5:18 PM Greg Kroah-Hartman gregkh@linuxfoundation.org wrote:

6.6-stable review patch. If anyone has any objections, please let me know.

I have objections and I wrote them when Sasha posted the patch for review:

https://lore.kernel.org/stable/CAOQ4uxgx7Qe=+Nn7LhPWAzFK3n=qsFC8U++U5XBaLUiT...

Where did this objection get lost?

Thanks, Amir.

---

From: Amir Goldstein amir73il@gmail.com

[ Upstream commit d53471ba6f7ae97a4e223539029528108b705af1 ]

All the callers of ->splice_write(), (e.g. do_splice_direct() and do_splice()) already check rw_verify_area() for the entire range and perform all the other checks that are in vfs_write_iter().

Instead of creating another tiny helper for special caller, just open-code it.

This is needed for fanotify "pre content" events.

Suggested-by: Jan Kara jack@suse.cz Reviewed-by: Josef Bacik josef@toxicpanda.com Signed-off-by: Amir Goldstein amir73il@gmail.com Link: https://lore.kernel.org/r/20231122122715.2561213-6-amir73il@gmail.com Signed-off-by: Christian Brauner brauner@kernel.org Stable-dep-of: 7c98f7cb8fda ("remove call_{read,write}_iter() functions") Signed-off-by: Sasha Levin sashal@kernel.org

---

fs/splice.c | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/fs/splice.c b/fs/splice.c index d983d375ff113..a8f97c5e8cf0e 100644 --- a/fs/splice.c +++ b/fs/splice.c @@ -673,10 +673,13 @@ iter_file_splice_write(struct pipe_inode_info *pipe, struct file *out, .u.file = out, }; int nbufs = pipe->max_usage;

•   struct bio_vec *array = kcalloc(nbufs, sizeof(struct bio_vec),
  

•                                   GFP_KERNEL);
  

•   struct bio_vec *array;
    ssize_t ret;
  
  

•   if (!out->f_op->write_iter)
  

•           return -EINVAL;
  

•   array = kcalloc(nbufs, sizeof(struct bio_vec), GFP_KERNEL);
    if (unlikely(!array))
            return -ENOMEM;
  
  

@@ -684,6 +687,7 @@ iter_file_splice_write(struct pipe_inode_info *pipe, struct file *out,

    splice_from_pipe_begin(&sd);
    while (sd.total_len) {

•           struct kiocb kiocb;
            struct iov_iter from;
            unsigned int head, tail, mask;
            size_t left;
  

@@ -733,7 +737,10 @@ iter_file_splice_write(struct pipe_inode_info *pipe, struct file *out, }

            iov_iter_bvec(&from, ITER_SOURCE, array, n, sd.total_len - left);

•           ret = vfs_iter_write(out, &from, &sd.pos, 0);
  

•           init_sync_kiocb(&kiocb, out);
  

•           kiocb.ki_pos = sd.pos;
  

•           ret = call_write_iter(out, &kiocb, &from);
  

•           sd.pos = kiocb.ki_pos;
            if (ret <= 0)
                    break;
  
  

-- 2.43.0