Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-4.9 / 8c34e2d63231d4bf4852bac8521883944d770fe3^! / . / fs / splice.c
commit8c34e2d63231d4bf4852bac8521883944d770fe3[log] [tgz]
authorJens Axboe <jens.axboe@oracle.com>Tue Oct 17 19:43:22 2006 +0200
committerJens Axboe <axboe@nelson.home.kernel.dk>Thu Oct 19 20:53:09 2006 +0200
tree13e3332384bd1c5844d7827066815ae0ae75f8aa
parent01de85e057328ecbef36e108673b1e81059d54c1 [diff] [blame]
[PATCH] Remove SUID when splicing into an inode

Originally from Mark Fasheh <mark.fasheh@oracle.com>

generic_file_splice_write() does not remove S_ISUID or S_ISGID. This is
inconsistent with the way we generally write to files.

Signed-off-by: Mark Fasheh <mark.fasheh@oracle.com>
Signed-off-by: Jens Axboe <jens.axboe@oracle.com>

diff --git a/fs/splice.c b/fs/splice.c
index 68e20e6..49fb9f1 100644
--- a/fs/splice.c
+++ b/fs/splice.c

@@ -845,6 +845,10 @@
 	ssize_t ret;
 	int err;
 
+	err = remove_suid(out->f_dentry);
+	if (unlikely(err))
+		return err;
+
 	ret = __splice_from_pipe(pipe, out, ppos, len, flags, pipe_to_file);
 	if (ret > 0) {
 		*ppos += ret;
@@ -883,12 +887,21 @@
 			  loff_t *ppos, size_t len, unsigned int flags)
 {
 	struct address_space *mapping = out->f_mapping;
+	struct inode *inode = mapping->host;
 	ssize_t ret;
+	int err;
+
+	err = should_remove_suid(out->f_dentry);
+	if (unlikely(err)) {
+		mutex_lock(&inode->i_mutex);
+		err = __remove_suid(out->f_dentry, err);
+		mutex_unlock(&inode->i_mutex);
+		if (err)
+			return err;
+	}
 
 	ret = splice_from_pipe(pipe, out, ppos, len, flags, pipe_to_file);
 	if (ret > 0) {
-		struct inode *inode = mapping->host;
-
 		*ppos += ret;
 
 		/*
@@ -896,8 +909,6 @@
 		 * sync it.
 		 */
 		if (unlikely((out->f_flags & O_SYNC) || IS_SYNC(inode))) {
-			int err;
-
 			mutex_lock(&inode->i_mutex);
 			err = generic_osync_inode(inode, mapping,
 						  OSYNC_METADATA|OSYNC_DATA);