[PATCH] Remove SUID when splicing into an inode (8c34e2d6) · Commits · e / devices / android_kernel_xiaomi_markw

fs/splice.c

+15 −4

Original line number	Diff line number	Diff line
		@@ -845,6 +845,10 @@ generic_file_splice_write_nolock(struct pipe_inode_info pipe, struct file out,
		ssize_t ret;
		int err;

		err = remove_suid(out->f_dentry);
		if (unlikely(err))
		return err;

		ret = __splice_from_pipe(pipe, out, ppos, len, flags, pipe_to_file);
		if (ret > 0) {
		*ppos += ret;
		@@ -883,12 +887,21 @@ generic_file_splice_write(struct pipe_inode_info pipe, struct file out,
		loff_t *ppos, size_t len, unsigned int flags)
		{
		struct address_space *mapping = out->f_mapping;
		struct inode *inode = mapping->host;
		ssize_t ret;
		int err;

		err = should_remove_suid(out->f_dentry);
		if (unlikely(err)) {
		mutex_lock(&inode->i_mutex);
		err = __remove_suid(out->f_dentry, err);
		mutex_unlock(&inode->i_mutex);
		if (err)
		return err;
		}

		ret = splice_from_pipe(pipe, out, ppos, len, flags, pipe_to_file);
		if (ret > 0) {
		struct inode *inode = mapping->host;

		*ppos += ret;

		/*
		@@ -896,8 +909,6 @@ generic_file_splice_write(struct pipe_inode_info pipe, struct file out,
		* sync it.
		*/
		if (unlikely((out->f_flags & O_SYNC) \|\| IS_SYNC(inode))) {
		int err;

		mutex_lock(&inode->i_mutex);
		err = generic_osync_inode(inode, mapping,
		OSYNC_METADATA\|OSYNC_DATA);