linux-hardened/fs
Linus Torvalds efc968d450 Don't allow splice() to files opened with O_APPEND
This is debatable, but while we're debating it, let's disallow the
combination of splice and an O_APPEND destination.

It's not entirely clear what the semantics of O_APPEND should be, and
POSIX apparently expects pwrite() to ignore O_APPEND, for example.  So
we could make up any semantics we want, including the old ones.

But Miklos convinced me that we should at least give it some thought,
and that accepting writes at arbitrary offsets is wrong at least for
IS_APPEND() files (which always have O_APPEND set, even if the reverse
isn't true: you can obviously have O_APPEND set on a regular file).

So disallow O_APPEND entirely for now.  I doubt anybody cares, and this
way we have one less gray area to worry about.

Reported-and-argued-for-by: Miklos Szeredi <miklos@szeredi.hu>
Acked-by: Jens Axboe <ens.axboe@oracle.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2008-10-09 14:26:38 -07:00
..
9p 9p: use an IS_ERR test rather than a NULL test 2008-09-24 16:22:22 -05:00
adfs [PATCH] fix ->llseek() for a bunch of directories 2008-08-25 01:18:09 -04:00
affs [PATCH] fix ->llseek() for a bunch of directories 2008-08-25 01:18:09 -04:00
afs mm: rename page trylock 2008-08-04 21:31:34 -07:00
autofs mount options: fix autofs 2008-02-08 09:22:40 -08:00
autofs4 [PATCH] fix ->llseek() for a bunch of directories 2008-08-25 01:18:09 -04:00
befs [PATCH] fix ->llseek() for a bunch of directories 2008-08-25 01:18:09 -04:00
bfs bfs: fix Lockdep warning 2008-09-13 14:41:51 -07:00
cifs [CIFS] Turn off Unicode during session establishment for plaintext authentication 2008-08-28 15:32:22 +00:00
coda [PATCH] sanitize __user_walk_fd() et.al. 2008-07-26 20:53:34 -04:00
configfs [PATCH] configfs: Consolidate locking around configfs_detach_prep() in configfs_rmdir() 2008-08-22 11:09:02 -07:00
cramfs cramfs: fix named-pipe handling 2008-08-20 15:40:32 -07:00
debugfs debugfs: Implement debugfs_remove_recursive() 2008-07-21 21:54:59 -07:00
devpts [PATCH] devpts: switch to IDA 2008-08-01 11:25:29 -04:00
dlm dlm: rename structs 2008-08-13 12:47:36 -05:00
ecryptfs eCryptfs: use page_alloc not kmalloc to get a page of memory 2008-07-28 16:30:21 -07:00
efs [PATCH] fix efs_lookup() 2008-08-25 01:18:04 -04:00
exportfs fs: replace remaining __FUNCTION__ occurrences 2008-04-30 08:29:54 -07:00
ext2 vfs: pagecache usage optimization for pagesize!=blocksize 2008-07-28 16:30:21 -07:00
ext3 [PATCH] fix races and leaks in vfs_quota_on() users 2008-08-01 11:25:25 -04:00
ext4 ext4: Initialize writeback_index to 0 when allocating a new inode 2008-08-19 21:14:52 -04:00
fat vfat: fix 'sync' mount deadlock due to BKL->lock_super conversion 2008-08-20 08:31:19 -07:00
freevxfs fs/freevxfs/: proper externs 2008-04-29 08:06:00 -07:00
fuse [PATCH] fix MAY_CHDIR/MAY_ACCESS/LOOKUP_ACCESS mess 2008-07-26 20:53:21 -04:00
gfs2 [PATCH] don't pass nameidata to gfs2_lookupi() 2008-07-26 20:53:36 -04:00
hfs [PATCH] f_count may wrap around 2008-07-26 20:53:40 -04:00
hfsplus [PATCH] f_count may wrap around 2008-07-26 20:53:40 -04:00
hostfs [PATCH] sanitize ->permission() prototype 2008-07-26 20:53:14 -04:00
hpfs [patch 05/14] hpfs: dont call permission() 2008-07-26 20:53:13 -04:00
hppfs [patch] hppfs: remove hppfs_permission 2008-07-26 20:53:07 -04:00
hugetlbfs SL*B: drop kmem cache argument from constructor 2008-07-26 12:00:07 -07:00
isofs SL*B: drop kmem cache argument from constructor 2008-07-26 12:00:07 -07:00
jbd Merge branch 'core/locking' into core/urgent 2008-08-12 00:11:49 +02:00
jbd2 Merge branch 'core/locking' into core/urgent 2008-08-12 00:11:49 +02:00
jffs2 removed unused #include <linux/version.h>'s 2008-08-23 12:14:12 -07:00
jfs [PATCH] sanitize ->permission() prototype 2008-07-26 20:53:14 -04:00
lockd Merge branch 'for-2.6.27' of git://linux-nfs.org/~bfields/linux 2008-08-12 16:39:22 -07:00
minix SL*B: drop kmem cache argument from constructor 2008-07-26 12:00:07 -07:00
msdos fatfs: add UTC timestamp option 2008-07-25 10:53:34 -07:00
ncpfs [PATCH] don't pass nameidata to __ncp_lookup_validate() 2008-07-26 20:53:37 -04:00
nfs NFS: Restore missing hunk in NFS mount option parser 2008-09-08 15:35:19 -07:00
nfs_common
nfsd nfsd: fix buffer overrun decoding NFSv4 acl 2008-09-01 14:24:24 -04:00
nls
ntfs NTFS: update homepage 2008-09-02 19:21:37 -07:00
ocfs2 ocfs2: Fix a bug in direct IO read. 2008-09-10 01:44:08 -07:00
omfs omfs: fix oops when file metadata is corrupted 2008-08-15 08:35:44 -07:00
openpromfs SL*B: drop kmem cache argument from constructor 2008-07-26 12:00:07 -07:00
partitions rescan_partitions(): make device capacity errors non-fatal 2008-09-13 14:41:52 -07:00
proc mm: ifdef Quicklists in /proc/meminfo 2008-09-13 14:41:51 -07:00
qnx4 SL*B: drop kmem cache argument from constructor 2008-07-26 12:00:07 -07:00
ramfs mm: tiny-shmem nommu fix 2008-10-02 15:53:13 -07:00
reiserfs reiserfs: removed duplicated #include 2008-08-12 16:07:30 -07:00
romfs romfs_readpage: don't report errors for pages beyond i_size 2008-07-30 14:30:34 -07:00
smbfs [PATCH] sanitize ->permission() prototype 2008-07-26 20:53:14 -04:00
sysfs Use WARN() in fs/sysfs 2008-07-26 12:00:07 -07:00
sysv SL*B: drop kmem cache argument from constructor 2008-07-26 12:00:07 -07:00
ubifs UBIFS: fix printk format warnings 2008-09-18 09:57:57 +03:00
udf udf: add llseek method 2008-09-08 20:31:04 +02:00
ufs Revert "UFS: add const to parser token table" 2008-08-04 16:50:38 -07:00
vfat fatfs: add UTC timestamp option 2008-07-25 10:53:34 -07:00
xfs [XFS] Remove xfs_iext_irec_compact_full() 2008-09-26 12:17:57 +10:00
aio.c [PATCH] f_count may wrap around 2008-07-26 20:53:40 -04:00
anon_inodes.c flag parameters: NONBLOCK in anon_inode_getfd 2008-07-24 10:47:28 -07:00
attr.c [patch 4/4] vfs: immutable inode checking cleanup 2008-07-26 20:53:28 -04:00
bad_inode.c [PATCH] sanitize ->permission() prototype 2008-07-26 20:53:14 -04:00
binfmt_aout.c tracehook: exec 2008-07-26 12:00:08 -07:00
binfmt_elf.c tracehook: exec 2008-07-26 12:00:08 -07:00
binfmt_elf_fdpic.c binfmt_elf_fdpic: Magical stack pointer index, for NEW_AUX_ENT compat. 2008-07-28 18:10:28 +09:00
binfmt_em86.c binfmt_misc.c: avoid potential kernel stack overflow 2008-04-29 08:06:04 -07:00
binfmt_flat.c binfmt_flat: Stub in a FLAT_PLAT_INIT(). 2008-08-11 20:17:55 +09:00
binfmt_misc.c binfmt_misc: fix false -ENOEXEC when coupled with other binary handlers 2008-08-20 15:40:31 -07:00
binfmt_script.c binfmt_misc.c: avoid potential kernel stack overflow 2008-04-29 08:06:04 -07:00
binfmt_som.c tracehook: exec 2008-07-26 12:00:08 -07:00
bio-integrity.c bio-integrity: remove EXPORT_SYMBOL for bio_integrity_init_slab() 2008-07-28 16:30:21 -07:00
bio.c bio: fix __bio_copy_iov() handling of bio->bv_len 2008-08-27 09:50:19 +02:00
block_dev.c [PATCH] switch mtd and dm-table to lookup_bdev() 2008-08-01 11:25:31 -04:00
buffer.c block: submit_bh() inadvertently discards barrier flag on a sync write 2008-08-27 09:50:19 +02:00
char_dev.c Remove the lock_kernel() call from chrdev_open() 2008-06-20 14:05:53 -06:00
compat.c [PATCH] fix regular readdir() and friends 2008-08-25 01:18:08 -04:00
compat_binfmt_elf.c x86: compat_binfmt_elf 2008-01-30 13:31:46 +01:00
compat_ioctl.c remove unused #include <linux/dirent.h>'s 2008-07-25 10:53:34 -07:00
dcache.c Fix NULL pointer dereference in proc_sys_compare 2008-09-29 07:42:57 -07:00
dcookies.c d_path: Make d_path() use a struct path 2008-02-14 21:17:09 -08:00
direct-io.c dio: use get_user_pages_fast 2008-07-26 12:00:06 -07:00
dnotify.c [PATCH] split linux/file.h 2008-05-01 13:08:16 -04:00
dquot.c [PATCH] fix races and leaks in vfs_quota_on() users 2008-08-01 11:25:25 -04:00
drop_caches.c vfs: skip inodes without pages to free in drop_pagecache_sb() 2008-04-29 08:06:05 -07:00
eventfd.c flag parameters: check magic constants 2008-07-24 10:47:29 -07:00
eventpoll.c fs/eventpoll.c: fix sys_epoll_create1() comment 2008-08-12 16:07:30 -07:00
exec.c mm owner: fix race between swapoff and exit 2008-09-29 08:41:47 -07:00
fcntl.c [PATCH] clean dup2() up a bit 2008-08-01 11:25:24 -04:00
fifo.c [PATCH] reuse xxx_fifo_fops for xxx_pipe_fops 2008-07-26 20:53:06 -04:00
file.c [PATCH] merge locate_fd() and get_unused_fd() 2008-08-01 11:25:23 -04:00
file_table.c [PATCH] f_count may wrap around 2008-07-26 20:53:40 -04:00
filesystems.c
fs-writeback.c VFS: export sync_sb_inodes 2008-07-14 19:10:52 +03:00
generic_acl.c
inode.c fs/inode.c: properly init address_space->writeback_index 2008-08-15 08:35:44 -07:00
inotify.c inotify: remove debug code 2008-02-06 10:41:07 -08:00
inotify_user.c inotify: fix lock ordering wrt do_page_fault's mmap_sem 2008-10-02 15:53:13 -07:00
internal.h [PATCH] move a bunch of declarations to fs/internal.h 2008-04-21 23:11:01 -04:00
ioctl.c make vfs_ioctl() static 2008-04-29 08:06:00 -07:00
ioprio.c fix setpriority(PRIO_PGRP) thread iterator breakage 2008-08-20 15:40:32 -07:00
Kconfig [CIFS] Reorder cifs config item for better clarity 2008-08-26 18:32:28 +00:00
Kconfig.binfmt sh: Initial ELF FDPIC support. 2008-07-28 18:10:28 +09:00
libfs.c VFS: increase pseudo-filesystem block size to PAGE_SIZE 2008-07-30 09:41:44 -07:00
locks.c SL*B: drop kmem cache argument from constructor 2008-07-26 12:00:07 -07:00
Makefile omfs: update kbuild to include OMFS 2008-07-26 12:00:05 -07:00
mbcache.c vfs: fix possible deadlock in ext2, ext3, ext4 when using xattrs 2008-04-15 19:35:41 -07:00
mpage.c vfs: add hooks for ext4's delayed allocation support 2008-07-11 19:27:31 -04:00
namei.c [patch 3/4] vfs: remove unused nameidata argument of may_create() 2008-08-01 11:25:30 -04:00
namespace.c [PATCH] pass struct path * to do_add_mount() 2008-08-01 11:25:32 -04:00
nfsctl.c Introduce path_put() 2008-02-14 21:13:33 -08:00
no-block.c
open.c [PATCH] merge locate_fd() and get_unused_fd() 2008-08-01 11:25:23 -04:00
pipe.c [PATCH] reuse xxx_fifo_fops for xxx_pipe_fops 2008-07-26 20:53:06 -04:00
pnode.c [patch 7/7] vfs: mountinfo: show dominating group id 2008-04-23 00:05:09 -04:00
pnode.h [patch 7/7] vfs: mountinfo: show dominating group id 2008-04-23 00:05:09 -04:00
posix_acl.c
quota.c quota: cleanup loop in sync_dquots() 2008-07-25 10:53:35 -07:00
quota_v1.c quota: move function-macros from quota.h to quotaops.h 2008-07-25 10:53:35 -07:00
quota_v2.c quota: move function-macros from quota.h to quotaops.h 2008-07-25 10:53:35 -07:00
read_write.c Remove BKL from remote_llseek v2 2008-07-02 15:06:27 -06:00
read_write.h
readdir.c [PATCH] fix regular readdir() and friends 2008-08-25 01:18:08 -04:00
select.c Fix performance regression on lmbench select benchmark 2008-06-22 12:23:15 -07:00
seq_file.c [PATCH] deal with the first call of ->show() generating no output 2008-08-25 01:18:10 -04:00
signalfd.c flag parameters: check magic constants 2008-07-24 10:47:29 -07:00
splice.c Don't allow splice() to files opened with O_APPEND 2008-10-09 14:26:38 -07:00
stack.c
stat.c [PATCH] sanitize __user_walk_fd() et.al. 2008-07-26 20:53:34 -04:00
super.c fix soft lock up at NFS mount via per-SB LRU-list of unused dentries 2008-07-24 10:47:15 -07:00
sync.c SYNC_FILE_RANGE_WRITE may and will block. Document that. 2008-07-24 10:47:17 -07:00
timerfd.c flag parameters: check magic constants 2008-07-24 10:47:29 -07:00
utimes.c [PATCH] sanitize __user_walk_fd() et.al. 2008-07-26 20:53:34 -04:00
xattr.c [PATCH] sanitize __user_walk_fd() et.al. 2008-07-26 20:53:34 -04:00
xattr_acl.c