summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAl Viro <viro@zeniv.linux.org.uk>2016-12-10 13:17:32 -0500
committerAl Viro <viro@zeniv.linux.org.uk>2016-12-26 23:53:46 -0500
commit3d6ea290f337cc64cf44290482e36306fc8aaa31 (patch)
tree17e9bd075723ba87879e9bfa6c392839484350b9
parentf81dc7d7d5a2528f98f26a0b9406e822d0b35011 (diff)
downloadlwn-3d6ea290f337cc64cf44290482e36306fc8aaa31.tar.gz
lwn-3d6ea290f337cc64cf44290482e36306fc8aaa31.zip
splice/tee/vmsplice: validate flags
Long overdue... Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
-rw-r--r--fs/splice.c8
-rw-r--r--include/linux/splice.h2
2 files changed, 10 insertions, 0 deletions
diff --git a/fs/splice.c b/fs/splice.c
index bf17a92e26c3..1af65632c371 100644
--- a/fs/splice.c
+++ b/fs/splice.c
@@ -1351,6 +1351,8 @@ SYSCALL_DEFINE4(vmsplice, int, fd, const struct iovec __user *, iov,
struct fd f;
long error;
+ if (unlikely(flags & ~SPLICE_F_ALL))
+ return -EINVAL;
if (unlikely(nr_segs > UIO_MAXIOV))
return -EINVAL;
else if (unlikely(!nr_segs))
@@ -1401,6 +1403,9 @@ SYSCALL_DEFINE6(splice, int, fd_in, loff_t __user *, off_in,
if (unlikely(!len))
return 0;
+ if (unlikely(flags & ~SPLICE_F_ALL))
+ return -EINVAL;
+
error = -EBADF;
in = fdget(fd_in);
if (in.file) {
@@ -1729,6 +1734,9 @@ SYSCALL_DEFINE4(tee, int, fdin, int, fdout, size_t, len, unsigned int, flags)
struct fd in;
int error;
+ if (unlikely(flags & ~SPLICE_F_ALL))
+ return -EINVAL;
+
if (unlikely(!len))
return 0;
diff --git a/include/linux/splice.h b/include/linux/splice.h
index 3c98dad93bf3..db42746bdfea 100644
--- a/include/linux/splice.h
+++ b/include/linux/splice.h
@@ -20,6 +20,8 @@
#define SPLICE_F_MORE (0x04) /* expect more data */
#define SPLICE_F_GIFT (0x08) /* pages passed in are a gift */
+#define SPLICE_F_ALL (SPLICE_F_MOVE|SPLICE_F_NONBLOCK|SPLICE_F_MORE|SPLICE_F_GIFT)
+
/*
* Passed to the actors
*/