From 2a33e2ddc6ebf9b5468091aded8a38f57de9a580 Mon Sep 17 00:00:00 2001 From: Amir Goldstein Date: Wed, 22 Nov 2023 14:27:01 +0200 Subject: splice: remove permission hook from do_splice_direct() All callers of do_splice_direct() have a call to rw_verify_area() for the entire range that is being copied, e.g. by vfs_copy_file_range() or do_sendfile() before calling do_splice_direct(). The rw_verify_area() check inside do_splice_direct() is redundant and is called after sb_start_write(), so it is not "start-write-safe". Remove this redundant check. This is needed for fanotify "pre content" events. Reviewed-by: Josef Bacik Signed-off-by: Amir Goldstein Link: https://lore.kernel.org/r/20231122122715.2561213-3-amir73il@gmail.com Reviewed-by: Christoph Hellwig Reviewed-by: Jan Kara Signed-off-by: Christian Brauner --- fs/splice.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) (limited to 'fs/splice.c') diff --git a/fs/splice.c b/fs/splice.c index d983d375ff11..6e917db6f49a 100644 --- a/fs/splice.c +++ b/fs/splice.c @@ -1166,6 +1166,7 @@ static void direct_file_splice_eof(struct splice_desc *sd) * (splice in + splice out, as compared to just sendfile()). So this helper * can splice directly through a process-private pipe. * + * Callers already called rw_verify_area() on the entire range. */ long do_splice_direct(struct file *in, loff_t *ppos, struct file *out, loff_t *opos, size_t len, unsigned int flags) @@ -1187,10 +1188,6 @@ long do_splice_direct(struct file *in, loff_t *ppos, struct file *out, if (unlikely(out->f_flags & O_APPEND)) return -EINVAL; - ret = rw_verify_area(WRITE, out, opos, len); - if (unlikely(ret < 0)) - return ret; - ret = splice_direct_to_actor(in, &sd, direct_splice_actor); if (ret > 0) *ppos = sd.pos; -- cgit v1.2.3