| From efc968d450e013049a662d22727cf132618dcb2f Mon Sep 17 00:00:00 2001 |
| From: Linus Torvalds <torvalds@linux-foundation.org> |
| Date: Thu, 9 Oct 2008 14:04:54 -0700 |
| Subject: Don't allow splice() to files opened with O_APPEND |
| |
| From: Linus Torvalds <torvalds@linux-foundation.org> |
| |
| commit efc968d450e013049a662d22727cf132618dcb2f upstream |
| |
| This is debatable, but while we're debating it, let's disallow the |
| combination of splice and an O_APPEND destination. |
| |
| It's not entirely clear what the semantics of O_APPEND should be, and |
| POSIX apparently expects pwrite() to ignore O_APPEND, for example. So |
| we could make up any semantics we want, including the old ones. |
| |
| But Miklos convinced me that we should at least give it some thought, |
| and that accepting writes at arbitrary offsets is wrong at least for |
| IS_APPEND() files (which always have O_APPEND set, even if the reverse |
| isn't true: you can obviously have O_APPEND set on a regular file). |
| |
| So disallow O_APPEND entirely for now. I doubt anybody cares, and this |
| way we have one less gray area to worry about. |
| |
| Reported-and-argued-for-by: Miklos Szeredi <miklos@szeredi.hu> |
| Acked-by: Jens Axboe <ens.axboe@oracle.com> |
| Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> |
| |
| --- |
| fs/splice.c | 3 +++ |
| 1 file changed, 3 insertions(+) |
| |
| --- a/fs/splice.c |
| +++ b/fs/splice.c |
| @@ -889,6 +889,9 @@ static long do_splice_from(struct pipe_i |
| if (unlikely(!(out->f_mode & FMODE_WRITE))) |
| return -EBADF; |
| |
| + if (unlikely(out->f_flags & O_APPEND)) |
| + return -EINVAL; |
| + |
| ret = rw_verify_area(WRITE, out, ppos, len); |
| if (unlikely(ret < 0)) |
| return ret; |