diff options
author | Al Viro <viro@zeniv.linux.org.uk> | 2016-12-10 13:17:32 -0500 |
---|---|---|
committer | Al Viro <viro@zeniv.linux.org.uk> | 2016-12-26 23:53:46 -0500 |
commit | 3d6ea290f337cc64cf44290482e36306fc8aaa31 (patch) | |
tree | 17e9bd075723ba87879e9bfa6c392839484350b9 | |
parent | f81dc7d7d5a2528f98f26a0b9406e822d0b35011 (diff) | |
download | linux-3d6ea290f337cc64cf44290482e36306fc8aaa31.tar.bz2 |
splice/tee/vmsplice: validate flags
Long overdue...
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
-rw-r--r-- | fs/splice.c | 8 | ||||
-rw-r--r-- | include/linux/splice.h | 2 |
2 files changed, 10 insertions, 0 deletions
diff --git a/fs/splice.c b/fs/splice.c index bf17a92e26c3..1af65632c371 100644 --- a/fs/splice.c +++ b/fs/splice.c @@ -1351,6 +1351,8 @@ SYSCALL_DEFINE4(vmsplice, int, fd, const struct iovec __user *, iov, struct fd f; long error; + if (unlikely(flags & ~SPLICE_F_ALL)) + return -EINVAL; if (unlikely(nr_segs > UIO_MAXIOV)) return -EINVAL; else if (unlikely(!nr_segs)) @@ -1401,6 +1403,9 @@ SYSCALL_DEFINE6(splice, int, fd_in, loff_t __user *, off_in, if (unlikely(!len)) return 0; + if (unlikely(flags & ~SPLICE_F_ALL)) + return -EINVAL; + error = -EBADF; in = fdget(fd_in); if (in.file) { @@ -1729,6 +1734,9 @@ SYSCALL_DEFINE4(tee, int, fdin, int, fdout, size_t, len, unsigned int, flags) struct fd in; int error; + if (unlikely(flags & ~SPLICE_F_ALL)) + return -EINVAL; + if (unlikely(!len)) return 0; diff --git a/include/linux/splice.h b/include/linux/splice.h index 3c98dad93bf3..db42746bdfea 100644 --- a/include/linux/splice.h +++ b/include/linux/splice.h @@ -20,6 +20,8 @@ #define SPLICE_F_MORE (0x04) /* expect more data */ #define SPLICE_F_GIFT (0x08) /* pages passed in are a gift */ +#define SPLICE_F_ALL (SPLICE_F_MOVE|SPLICE_F_NONBLOCK|SPLICE_F_MORE|SPLICE_F_GIFT) + /* * Passed to the actors */ |