Home Home > GIT Browse
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJohannes Thumshirn <jthumshirn@suse.de>2016-12-09 11:10:09 +0100
committerJiri Kosina <jkosina@suse.cz>2016-12-12 14:06:13 +0100
commit544b9d1ad5d464dedafcf917a71ddab94014ca6d (patch)
treeb816807ec53417db905cc9def3700dccb23ee1d2
parent2cc745f9acf56be05c21ff9ae39075b536617815 (diff)
splice: introduce FMODE_SPLICE_READ and FMODE_SPLICE_WRITE
(CVE-2016-9576, bsc#1013604). Conflicts: series.conf
-rw-r--r--patches.fixes/splice-introduce-FMODE_SPLICE_READ-and-FMODE_SPLICE_.patch71
-rw-r--r--series.conf1
2 files changed, 72 insertions, 0 deletions
diff --git a/patches.fixes/splice-introduce-FMODE_SPLICE_READ-and-FMODE_SPLICE_.patch b/patches.fixes/splice-introduce-FMODE_SPLICE_READ-and-FMODE_SPLICE_.patch
new file mode 100644
index 0000000000..40a886d412
--- /dev/null
+++ b/patches.fixes/splice-introduce-FMODE_SPLICE_READ-and-FMODE_SPLICE_.patch
@@ -0,0 +1,71 @@
+From 611b5ea689f78a798cfd86aac92a0e4e4a41cafb Mon Sep 17 00:00:00 2001
+From: Johannes Thumshirn <jthumshirn@suse.de>
+Date: Thu, 8 Dec 2016 14:04:57 +0100
+Subject: [PATCH] splice: introduce FMODE_SPLICE_READ and FMODE_SPLICE_WRITE
+References: CVE-2016-9576, bsc#1013604
+Patch-mainline: Submitted on 2016-12-09
+
+Introduce FMODE_SPLICE_READ and FMODE_SPLICE_WRITE. These modes check
+whether it is legal to read or write a file using splice. Both get
+automatically set on regular files and are not checked when a 'struct
+fileoperations' includes the splice_{read,write} methods.
+
+Suggested-by: Linus Torvalds <torvalds@linux-foundation.org>
+Cc: Al Viro <viro@zeniv.linux.org.uk>
+Signed-off-by: Johannes Thumshirn <jthumshirn@suse.de>
+---
+ fs/open.c | 4 ++++
+ fs/splice.c | 7 +++++++
+ include/linux/fs.h | 5 +++++
+ 3 files changed, 16 insertions(+)
+
+--- a/fs/open.c
++++ b/fs/open.c
+@@ -701,6 +701,10 @@ static struct file *__dentry_open(struct
+ return f;
+ }
+
++ if (S_ISREG(inode->i_mode))
++ f->f_mode |= FMODE_SPLICE_WRITE | FMODE_SPLICE_READ;
++
++
+ f->f_op = fops_get(inode->i_fop);
+
+ error = security_dentry_open(f, cred);
+--- a/fs/splice.c
++++ b/fs/splice.c
+@@ -608,6 +608,10 @@ ssize_t default_file_splice_read(struct
+ .spd_release = spd_release_page,
+ };
+
++ if (unlikely(!(in->f_mode & FMODE_SPLICE_READ)))
++ return -EINVAL;
++
++
+ if (splice_grow_spd(pipe, &spd))
+ return -ENOMEM;
+
+@@ -1063,6 +1067,9 @@ static ssize_t default_file_splice_write
+ {
+ ssize_t ret;
+
++ if (unlikely(!(out->f_mode & FMODE_SPLICE_WRITE)))
++ return -EINVAL;
++
+ ret = splice_from_pipe(pipe, out, ppos, len, flags, write_pipe_buf);
+ if (ret > 0)
+ *ppos += ret;
+--- a/include/linux/fs.h
++++ b/include/linux/fs.h
+@@ -111,6 +111,11 @@ struct inodes_stat_t {
+ /* File was opened by fanotify and shouldn't generate fanotify events */
+ #define FMODE_NONOTIFY ((__force fmode_t)0x1000000)
+
++/* File can be read using splice */
++#define FMODE_SPLICE_READ ((__force fmode_t)0x8000000)
++/* File can be written using splice */
++#define FMODE_SPLICE_WRITE ((__force fmode_t)0x10000000)
++
+ /*
+ * The below are the various read and write types that we support. Some of
+ * them include behavioral modifiers that send information down to the
diff --git a/series.conf b/series.conf
index 9d0fe52fa1..be00012825 100644
--- a/series.conf
+++ b/series.conf
@@ -2463,6 +2463,7 @@
patches.fixes/genhd-fix-leftover-might_sleep-in-blk_free_devt.patch
patches.fixes/block-Discard-bios-do-not-have-data.patch
patches.fixes/block-Always-check-queue-limits-for-cloned-requests.patch
+ patches.fixes/splice-introduce-FMODE_SPLICE_READ-and-FMODE_SPLICE_.patch
########################################################
# Networking, IPv6