From: Amir Goldstein <amir73il@gmail.com> mainline inclusion from mainline-v6.8-rc1 commit 2a33e2ddc6ebf9b5468091aded8a38f57de9a580 category: feature bugzilla: https://gitee.com/src-openeuler/kernel/issues/IBHLU4 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?i... -------------------------------- All callers of do_splice_direct() have a call to rw_verify_area() for the entire range that is being copied, e.g. by vfs_copy_file_range() or do_sendfile() before calling do_splice_direct(). The rw_verify_area() check inside do_splice_direct() is redundant and is called after sb_start_write(), so it is not "start-write-safe". Remove this redundant check. This is needed for fanotify "pre content" events. Reviewed-by: Josef Bacik <josef@toxicpanda.com> Signed-off-by: Amir Goldstein <amir73il@gmail.com> Link: https://lore.kernel.org/r/20231122122715.2561213-3-amir73il@gmail.com Reviewed-by: Christoph Hellwig <hch@lst.de> Reviewed-by: Jan Kara <jack@suse.cz> Signed-off-by: Christian Brauner <brauner@kernel.org> Signed-off-by: Yifan Qiao <qiaoyifan4@huawei.com> --- fs/splice.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/fs/splice.c b/fs/splice.c index d983d375ff11..6e917db6f49a 100644 --- a/fs/splice.c +++ b/fs/splice.c @@ -1166,6 +1166,7 @@ static void direct_file_splice_eof(struct splice_desc *sd) * (splice in + splice out, as compared to just sendfile()). So this helper * can splice directly through a process-private pipe. * + * Callers already called rw_verify_area() on the entire range. */ long do_splice_direct(struct file *in, loff_t *ppos, struct file *out, loff_t *opos, size_t len, unsigned int flags) @@ -1187,10 +1188,6 @@ long do_splice_direct(struct file *in, loff_t *ppos, struct file *out, if (unlikely(out->f_flags & O_APPEND)) return -EINVAL; - ret = rw_verify_area(WRITE, out, opos, len); - if (unlikely(ret < 0)) - return ret; - ret = splice_direct_to_actor(in, &sd, direct_splice_actor); if (ret > 0) *ppos = sd.pos; -- 2.39.2