DivestOS/Patches/Linux_CVEs/CVE-2016-9576/3.4/0001.patch

72 lines
2.2 KiB
Diff
Raw Normal View History

2017-11-07 22:03:58 -05:00
From 741ab25b1f609f4ca11429b99811c4a427c60024 Mon Sep 17 00:00:00 2001
From: Linus Torvalds <torvalds@linux-foundation.org>
Date: Sat, 07 Jan 2017 19:14:29 +0100
Subject: [PATCH] splice: introduce FMODE_SPLICE_READ and FMODE_SPLICE_WRITE
Introduce FMODE_SPLICE_READ and FMODE_SPLICE_WRITE. These modes check
whether it is legal to read or write a file using splice. Both get
automatically set on regular files and are not checked when a 'struct
fileoperations' includes the splice_{read,write} methods.
Change-Id: Ice6a3fab20bf0ac131f8d908f4bb0f7dc34bf4e3
Suggested-by: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Johannes Thumshirn <jthumshirn@suse.de>
---
diff --git a/fs/open.c b/fs/open.c
index 4c28c4f..7512d8a 100644
--- a/fs/open.c
+++ b/fs/open.c
@@ -683,6 +683,10 @@
return f;
}
+ if (S_ISREG(inode->i_mode))
+ f->f_mode |= FMODE_SPLICE_WRITE | FMODE_SPLICE_READ;
+
+
f->f_op = fops_get(inode->i_fop);
error = security_dentry_open(f, cred);
diff --git a/fs/splice.c b/fs/splice.c
index ea85353..bf597dc5 100644
--- a/fs/splice.c
+++ b/fs/splice.c
@@ -376,6 +376,9 @@
index++;
}
+ if (unlikely(!(in->f_mode & FMODE_SPLICE_READ)))
+ return -EINVAL;
+
/*
* Now loop over the map and see if we need to start IO on any
* pages, fill in the partial map, etc.
@@ -1059,6 +1062,9 @@
{
ssize_t ret;
+ if (unlikely(!(out->f_mode & FMODE_SPLICE_WRITE)))
+ return -EINVAL;
+
ret = splice_from_pipe(pipe, out, ppos, len, flags, write_pipe_buf);
if (ret > 0)
*ppos += ret;
diff --git a/include/linux/fs.h b/include/linux/fs.h
index 0e03633..ef0590d 100644
--- a/include/linux/fs.h
+++ b/include/linux/fs.h
@@ -117,6 +117,11 @@
/* File was opened by fanotify and shouldn't generate fanotify events */
#define FMODE_NONOTIFY ((__force fmode_t)0x1000000)
+/* File can be read using splice */
+#define FMODE_SPLICE_READ ((__force fmode_t)0x8000000)
+/* File can be written using splice */
+#define FMODE_SPLICE_WRITE ((__force fmode_t)0x10000000)
+
/*
* The below are the various read and write types that we support. Some of
* them include behavioral modifiers that send information down to the