splice/tee/vmsplice: validate flags

Long overdue...

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>

diff --git a/fs/splice.c b/fs/splice.c
index bf17a92e26c3e97db7bb198b42d7c620f4bd80a5..1af65632c371fa27407fc556812d105a336681d7 100644 (file)
--- a/fs/splice.c
+++ b/fs/splice.c
@@ -1351,6 +1351,8 @@ SYSCALL_DEFINE4(vmsplice, int, fd, const struct iovec __user *, iov,
        struct fd f;
        long error;
 
+       if (unlikely(flags & ~SPLICE_F_ALL))
+               return -EINVAL;
        if (unlikely(nr_segs > UIO_MAXIOV))
                return -EINVAL;
        else if (unlikely(!nr_segs))
@@ -1401,6 +1403,9 @@ SYSCALL_DEFINE6(splice, int, fd_in, loff_t __user *, off_in,
        if (unlikely(!len))
                return 0;
 
+       if (unlikely(flags & ~SPLICE_F_ALL))
+               return -EINVAL;
+
        error = -EBADF;
        in = fdget(fd_in);
        if (in.file) {
@@ -1729,6 +1734,9 @@ SYSCALL_DEFINE4(tee, int, fdin, int, fdout, size_t, len, unsigned int, flags)
        struct fd in;
        int error;
 
+       if (unlikely(flags & ~SPLICE_F_ALL))
+               return -EINVAL;
+
        if (unlikely(!len))
                return 0;
 

diff --git a/include/linux/splice.h b/include/linux/splice.h
index 3c98dad93bf37a4a92ad8ec63cd078ebf441c4ee..db42746bdfea54858ba2fae9fdaf5e4141b478a9 100644 (file)
--- a/include/linux/splice.h
+++ b/include/linux/splice.h
@@ -20,6 +20,8 @@
 #define SPLICE_F_MORE  (0x04)  /* expect more data */
 #define SPLICE_F_GIFT  (0x08)  /* pages passed in are a gift */
 
+#define SPLICE_F_ALL (SPLICE_F_MOVE|SPLICE_F_NONBLOCK|SPLICE_F_MORE|SPLICE_F_GIFT)
+
 /*
  * Passed to the actors
  */