1 // SPDX-License-Identifier: GPL-2.0 1 // SPDX-License-Identifier: GPL-2.0
2 /* 2 /*
3 * linux/fs/read_write.c 3 * linux/fs/read_write.c
4 * 4 *
5 * Copyright (C) 1991, 1992 Linus Torvalds 5 * Copyright (C) 1991, 1992 Linus Torvalds
6 */ 6 */
7 7
8 #include <linux/slab.h> 8 #include <linux/slab.h>
9 #include <linux/stat.h> 9 #include <linux/stat.h>
10 #include <linux/sched/xacct.h> 10 #include <linux/sched/xacct.h>
11 #include <linux/fcntl.h> 11 #include <linux/fcntl.h>
12 #include <linux/file.h> 12 #include <linux/file.h>
13 #include <linux/uio.h> 13 #include <linux/uio.h>
14 #include <linux/fsnotify.h> 14 #include <linux/fsnotify.h>
15 #include <linux/security.h> 15 #include <linux/security.h>
16 #include <linux/export.h> 16 #include <linux/export.h>
17 #include <linux/syscalls.h> 17 #include <linux/syscalls.h>
18 #include <linux/pagemap.h> 18 #include <linux/pagemap.h>
19 #include <linux/splice.h> 19 #include <linux/splice.h>
20 #include <linux/compat.h> 20 #include <linux/compat.h>
21 #include <linux/mount.h> 21 #include <linux/mount.h>
22 #include <linux/fs.h> 22 #include <linux/fs.h>
23 #include "internal.h" 23 #include "internal.h"
24 24
25 #include <linux/uaccess.h> 25 #include <linux/uaccess.h>
26 #include <asm/unistd.h> 26 #include <asm/unistd.h>
27 27
28 const struct file_operations generic_ro_fops = 28 const struct file_operations generic_ro_fops = {
29 .llseek = generic_file_llseek, 29 .llseek = generic_file_llseek,
30 .read_iter = generic_file_read_it 30 .read_iter = generic_file_read_iter,
31 .mmap = generic_file_readonl 31 .mmap = generic_file_readonly_mmap,
32 .splice_read = filemap_splice_read, !! 32 .splice_read = generic_file_splice_read,
33 }; 33 };
34 34
35 EXPORT_SYMBOL(generic_ro_fops); 35 EXPORT_SYMBOL(generic_ro_fops);
36 36
37 static inline bool unsigned_offsets(struct fil 37 static inline bool unsigned_offsets(struct file *file)
38 { 38 {
39 return file->f_op->fop_flags & FOP_UNS !! 39 return file->f_mode & FMODE_UNSIGNED_OFFSET;
40 } 40 }
41 41
42 /** 42 /**
43 * vfs_setpos_cookie - update the file offset !! 43 * vfs_setpos - update the file offset for lseek
44 * @file: file structure in question 44 * @file: file structure in question
45 * @offset: file offset to seek to 45 * @offset: file offset to seek to
46 * @maxsize: maximum file size 46 * @maxsize: maximum file size
47 * @cookie: cookie to reset <<
48 * 47 *
49 * Update the file offset to the value specifi !! 48 * This is a low-level filesystem helper for updating the file offset to
50 * offset is valid and it is not equal to the !! 49 * the value specified by @offset if the given offset is valid and it is
51 * reset the specified cookie to indicate that !! 50 * not equal to the current file offset.
52 * 51 *
53 * Return the specified offset on success and 52 * Return the specified offset on success and -EINVAL on invalid offset.
54 */ 53 */
55 static loff_t vfs_setpos_cookie(struct file *f !! 54 loff_t vfs_setpos(struct file *file, loff_t offset, loff_t maxsize)
56 loff_t maxsize <<
57 { 55 {
58 if (offset < 0 && !unsigned_offsets(fi 56 if (offset < 0 && !unsigned_offsets(file))
59 return -EINVAL; 57 return -EINVAL;
60 if (offset > maxsize) 58 if (offset > maxsize)
61 return -EINVAL; 59 return -EINVAL;
62 60
63 if (offset != file->f_pos) { 61 if (offset != file->f_pos) {
64 file->f_pos = offset; 62 file->f_pos = offset;
65 if (cookie) !! 63 file->f_version = 0;
66 *cookie = 0; <<
67 } 64 }
68 return offset; 65 return offset;
69 } 66 }
70 <<
71 /** <<
72 * vfs_setpos - update the file offset for lse <<
73 * @file: file structure in question <<
74 * @offset: file offset to seek to <<
75 * @maxsize: maximum file size <<
76 * <<
77 * This is a low-level filesystem helper for u <<
78 * the value specified by @offset if the given <<
79 * not equal to the current file offset. <<
80 * <<
81 * Return the specified offset on success and <<
82 */ <<
83 loff_t vfs_setpos(struct file *file, loff_t of <<
84 { <<
85 return vfs_setpos_cookie(file, offset, <<
86 } <<
87 EXPORT_SYMBOL(vfs_setpos); 67 EXPORT_SYMBOL(vfs_setpos);
88 68
89 /** 69 /**
90 * must_set_pos - check whether f_pos has to b !! 70 * generic_file_llseek_size - generic llseek implementation for regular files
91 * @file: file to seek on !! 71 * @file: file structure to seek on
92 * @offset: offset to use !! 72 * @offset: file offset to seek to
93 * @whence: type of seek operation !! 73 * @whence: type of seek
94 * @eof: end of file !! 74 * @size: max size of this file in file system
>> 75 * @eof: offset used for SEEK_END position
95 * 76 *
96 * Check whether f_pos needs to be updated and !! 77 * This is a variant of generic_file_llseek that allows passing in a custom
97 * to @whence. !! 78 * maximum file size and a custom EOF position, for e.g. hashed directories
98 * 79 *
99 * Return: 0 if f_pos doesn't need to be updat !! 80 * Synchronization:
100 * updated, and negative error code on failure !! 81 * SEEK_SET and SEEK_END are unsynchronized (but atomic on 64bit platforms)
>> 82 * SEEK_CUR is synchronized against other SEEK_CURs, but not read/writes.
>> 83 * read/writes behave like SEEK_SET against seeks.
101 */ 84 */
102 static int must_set_pos(struct file *file, lof !! 85 loff_t
>> 86 generic_file_llseek_size(struct file *file, loff_t offset, int whence,
>> 87 loff_t maxsize, loff_t eof)
103 { 88 {
104 switch (whence) { 89 switch (whence) {
105 case SEEK_END: 90 case SEEK_END:
106 *offset += eof; !! 91 offset += eof;
107 break; 92 break;
108 case SEEK_CUR: 93 case SEEK_CUR:
109 /* 94 /*
110 * Here we special-case the ls 95 * Here we special-case the lseek(fd, 0, SEEK_CUR)
111 * position-querying operation 96 * position-querying operation. Avoid rewriting the "same"
112 * f_pos value back to the fil 97 * f_pos value back to the file because a concurrent read(),
113 * write() or lseek() might ha 98 * write() or lseek() might have altered it
114 */ 99 */
115 if (*offset == 0) { !! 100 if (offset == 0)
116 *offset = file->f_pos; !! 101 return file->f_pos;
117 return 0; !! 102 /*
118 } !! 103 * f_lock protects against read/modify/write race with other
119 break; !! 104 * SEEK_CURs. Note that parallel writes and reads behave
>> 105 * like SEEK_SET.
>> 106 */
>> 107 spin_lock(&file->f_lock);
>> 108 offset = vfs_setpos(file, file->f_pos + offset, maxsize);
>> 109 spin_unlock(&file->f_lock);
>> 110 return offset;
120 case SEEK_DATA: 111 case SEEK_DATA:
121 /* 112 /*
122 * In the generic case the ent 113 * In the generic case the entire file is data, so as long as
123 * offset isn't at the end of 114 * offset isn't at the end of the file then the offset is data.
124 */ 115 */
125 if ((unsigned long long)*offse !! 116 if ((unsigned long long)offset >= eof)
126 return -ENXIO; 117 return -ENXIO;
127 break; 118 break;
128 case SEEK_HOLE: 119 case SEEK_HOLE:
129 /* 120 /*
130 * There is a virtual hole at 121 * There is a virtual hole at the end of the file, so as long as
131 * offset isn't i_size or larg 122 * offset isn't i_size or larger, return i_size.
132 */ 123 */
133 if ((unsigned long long)*offse !! 124 if ((unsigned long long)offset >= eof)
134 return -ENXIO; 125 return -ENXIO;
135 *offset = eof; !! 126 offset = eof;
136 break; 127 break;
137 } 128 }
138 129
139 return 1; <<
140 } <<
141 <<
142 /** <<
143 * generic_file_llseek_size - generic llseek i <<
144 * @file: file structure to seek on <<
145 * @offset: file offset to seek to <<
146 * @whence: type of seek <<
147 * @maxsize: max size of this file in file <<
148 * @eof: offset used for SEEK_END posit <<
149 * <<
150 * This is a variant of generic_file_llseek th <<
151 * maximum file size and a custom EOF position <<
152 * <<
153 * Synchronization: <<
154 * SEEK_SET and SEEK_END are unsynchronized (b <<
155 * SEEK_CUR is synchronized against other SEEK <<
156 * read/writes behave like SEEK_SET against se <<
157 */ <<
158 loff_t <<
159 generic_file_llseek_size(struct file *file, lo <<
160 loff_t maxsize, loff_t eof) <<
161 { <<
162 int ret; <<
163 <<
164 ret = must_set_pos(file, &offset, when <<
165 if (ret < 0) <<
166 return ret; <<
167 if (ret == 0) <<
168 return offset; <<
169 <<
170 if (whence == SEEK_CUR) { <<
171 /* <<
172 * f_lock protects against rea <<
173 * other SEEK_CURs. Note that <<
174 * behave like SEEK_SET. <<
175 */ <<
176 guard(spinlock)(&file->f_lock) <<
177 return vfs_setpos(file, file-> <<
178 } <<
179 <<
180 return vfs_setpos(file, offset, maxsiz 130 return vfs_setpos(file, offset, maxsize);
181 } 131 }
182 EXPORT_SYMBOL(generic_file_llseek_size); 132 EXPORT_SYMBOL(generic_file_llseek_size);
183 133
184 /** 134 /**
185 * generic_llseek_cookie - versioned llseek im <<
186 * @file: file structure to seek on <<
187 * @offset: file offset to seek to <<
188 * @whence: type of seek <<
189 * @cookie: cookie to update <<
190 * <<
191 * See generic_file_llseek for a general descr <<
192 * <<
193 * In contrast to generic_file_llseek, this fu <<
194 * specified cookie to indicate a seek took pl <<
195 */ <<
196 loff_t generic_llseek_cookie(struct file *file <<
197 u64 *cookie) <<
198 { <<
199 struct inode *inode = file->f_mapping- <<
200 loff_t maxsize = inode->i_sb->s_maxbyt <<
201 loff_t eof = i_size_read(inode); <<
202 int ret; <<
203 <<
204 if (WARN_ON_ONCE(!cookie)) <<
205 return -EINVAL; <<
206 <<
207 /* <<
208 * Require that this is only used for <<
209 * synchronization between readdir and <<
210 * @cookie is correctly synchronized w <<
211 */ <<
212 if (WARN_ON_ONCE(!(file->f_mode & FMOD <<
213 return -EINVAL; <<
214 <<
215 ret = must_set_pos(file, &offset, when <<
216 if (ret < 0) <<
217 return ret; <<
218 if (ret == 0) <<
219 return offset; <<
220 <<
221 /* No need to hold f_lock because we k <<
222 if (whence == SEEK_CUR) <<
223 return vfs_setpos_cookie(file, <<
224 <<
225 return vfs_setpos_cookie(file, offset, <<
226 } <<
227 EXPORT_SYMBOL(generic_llseek_cookie); <<
228 <<
229 /** <<
230 * generic_file_llseek - generic llseek implem 135 * generic_file_llseek - generic llseek implementation for regular files
231 * @file: file structure to seek on 136 * @file: file structure to seek on
232 * @offset: file offset to seek to 137 * @offset: file offset to seek to
233 * @whence: type of seek 138 * @whence: type of seek
234 * 139 *
235 * This is a generic implemenation of ->llseek 140 * This is a generic implemenation of ->llseek useable for all normal local
236 * filesystems. It just updates the file offs 141 * filesystems. It just updates the file offset to the value specified by
237 * @offset and @whence. 142 * @offset and @whence.
238 */ 143 */
239 loff_t generic_file_llseek(struct file *file, 144 loff_t generic_file_llseek(struct file *file, loff_t offset, int whence)
240 { 145 {
241 struct inode *inode = file->f_mapping- 146 struct inode *inode = file->f_mapping->host;
242 147
243 return generic_file_llseek_size(file, 148 return generic_file_llseek_size(file, offset, whence,
244 inode- 149 inode->i_sb->s_maxbytes,
245 i_size 150 i_size_read(inode));
246 } 151 }
247 EXPORT_SYMBOL(generic_file_llseek); 152 EXPORT_SYMBOL(generic_file_llseek);
248 153
249 /** 154 /**
250 * fixed_size_llseek - llseek implementation f 155 * fixed_size_llseek - llseek implementation for fixed-sized devices
251 * @file: file structure to seek on 156 * @file: file structure to seek on
252 * @offset: file offset to seek to 157 * @offset: file offset to seek to
253 * @whence: type of seek 158 * @whence: type of seek
254 * @size: size of the file 159 * @size: size of the file
255 * 160 *
256 */ 161 */
257 loff_t fixed_size_llseek(struct file *file, lo 162 loff_t fixed_size_llseek(struct file *file, loff_t offset, int whence, loff_t size)
258 { 163 {
259 switch (whence) { 164 switch (whence) {
260 case SEEK_SET: case SEEK_CUR: case SEE 165 case SEEK_SET: case SEEK_CUR: case SEEK_END:
261 return generic_file_llseek_siz 166 return generic_file_llseek_size(file, offset, whence,
262 167 size, size);
263 default: 168 default:
264 return -EINVAL; 169 return -EINVAL;
265 } 170 }
266 } 171 }
267 EXPORT_SYMBOL(fixed_size_llseek); 172 EXPORT_SYMBOL(fixed_size_llseek);
268 173
269 /** 174 /**
270 * no_seek_end_llseek - llseek implementation 175 * no_seek_end_llseek - llseek implementation for fixed-sized devices
271 * @file: file structure to seek on 176 * @file: file structure to seek on
272 * @offset: file offset to seek to 177 * @offset: file offset to seek to
273 * @whence: type of seek 178 * @whence: type of seek
274 * 179 *
275 */ 180 */
276 loff_t no_seek_end_llseek(struct file *file, l 181 loff_t no_seek_end_llseek(struct file *file, loff_t offset, int whence)
277 { 182 {
278 switch (whence) { 183 switch (whence) {
279 case SEEK_SET: case SEEK_CUR: 184 case SEEK_SET: case SEEK_CUR:
280 return generic_file_llseek_siz 185 return generic_file_llseek_size(file, offset, whence,
281 186 OFFSET_MAX, 0);
282 default: 187 default:
283 return -EINVAL; 188 return -EINVAL;
284 } 189 }
285 } 190 }
286 EXPORT_SYMBOL(no_seek_end_llseek); 191 EXPORT_SYMBOL(no_seek_end_llseek);
287 192
288 /** 193 /**
289 * no_seek_end_llseek_size - llseek implementa 194 * no_seek_end_llseek_size - llseek implementation for fixed-sized devices
290 * @file: file structure to seek on 195 * @file: file structure to seek on
291 * @offset: file offset to seek to 196 * @offset: file offset to seek to
292 * @whence: type of seek 197 * @whence: type of seek
293 * @size: maximal offset allowed 198 * @size: maximal offset allowed
294 * 199 *
295 */ 200 */
296 loff_t no_seek_end_llseek_size(struct file *fi 201 loff_t no_seek_end_llseek_size(struct file *file, loff_t offset, int whence, loff_t size)
297 { 202 {
298 switch (whence) { 203 switch (whence) {
299 case SEEK_SET: case SEEK_CUR: 204 case SEEK_SET: case SEEK_CUR:
300 return generic_file_llseek_siz 205 return generic_file_llseek_size(file, offset, whence,
301 206 size, 0);
302 default: 207 default:
303 return -EINVAL; 208 return -EINVAL;
304 } 209 }
305 } 210 }
306 EXPORT_SYMBOL(no_seek_end_llseek_size); 211 EXPORT_SYMBOL(no_seek_end_llseek_size);
307 212
308 /** 213 /**
309 * noop_llseek - No Operation Performed llseek 214 * noop_llseek - No Operation Performed llseek implementation
310 * @file: file structure to seek on 215 * @file: file structure to seek on
311 * @offset: file offset to seek to 216 * @offset: file offset to seek to
312 * @whence: type of seek 217 * @whence: type of seek
313 * 218 *
314 * This is an implementation of ->llseek useab 219 * This is an implementation of ->llseek useable for the rare special case when
315 * userspace expects the seek to succeed but t 220 * userspace expects the seek to succeed but the (device) file is actually not
316 * able to perform the seek. In this case you 221 * able to perform the seek. In this case you use noop_llseek() instead of
317 * falling back to the default implementation 222 * falling back to the default implementation of ->llseek.
318 */ 223 */
319 loff_t noop_llseek(struct file *file, loff_t o 224 loff_t noop_llseek(struct file *file, loff_t offset, int whence)
320 { 225 {
321 return file->f_pos; 226 return file->f_pos;
322 } 227 }
323 EXPORT_SYMBOL(noop_llseek); 228 EXPORT_SYMBOL(noop_llseek);
324 229
>> 230 loff_t no_llseek(struct file *file, loff_t offset, int whence)
>> 231 {
>> 232 return -ESPIPE;
>> 233 }
>> 234 EXPORT_SYMBOL(no_llseek);
>> 235
325 loff_t default_llseek(struct file *file, loff_ 236 loff_t default_llseek(struct file *file, loff_t offset, int whence)
326 { 237 {
327 struct inode *inode = file_inode(file) 238 struct inode *inode = file_inode(file);
328 loff_t retval; 239 loff_t retval;
329 240
330 inode_lock(inode); 241 inode_lock(inode);
331 switch (whence) { 242 switch (whence) {
332 case SEEK_END: 243 case SEEK_END:
333 offset += i_size_read( 244 offset += i_size_read(inode);
334 break; 245 break;
335 case SEEK_CUR: 246 case SEEK_CUR:
336 if (offset == 0) { 247 if (offset == 0) {
337 retval = file- 248 retval = file->f_pos;
338 goto out; 249 goto out;
339 } 250 }
340 offset += file->f_pos; 251 offset += file->f_pos;
341 break; 252 break;
342 case SEEK_DATA: 253 case SEEK_DATA:
343 /* 254 /*
344 * In the generic case 255 * In the generic case the entire file is data, so as
345 * long as offset isn' 256 * long as offset isn't at the end of the file then the
346 * offset is data. 257 * offset is data.
347 */ 258 */
348 if (offset >= inode->i 259 if (offset >= inode->i_size) {
349 retval = -ENXI 260 retval = -ENXIO;
350 goto out; 261 goto out;
351 } 262 }
352 break; 263 break;
353 case SEEK_HOLE: 264 case SEEK_HOLE:
354 /* 265 /*
355 * There is a virtual 266 * There is a virtual hole at the end of the file, so
356 * as long as offset i 267 * as long as offset isn't i_size or larger, return
357 * i_size. 268 * i_size.
358 */ 269 */
359 if (offset >= inode->i 270 if (offset >= inode->i_size) {
360 retval = -ENXI 271 retval = -ENXIO;
361 goto out; 272 goto out;
362 } 273 }
363 offset = inode->i_size 274 offset = inode->i_size;
364 break; 275 break;
365 } 276 }
366 retval = -EINVAL; 277 retval = -EINVAL;
367 if (offset >= 0 || unsigned_offsets(fi 278 if (offset >= 0 || unsigned_offsets(file)) {
368 if (offset != file->f_pos) !! 279 if (offset != file->f_pos) {
369 file->f_pos = offset; 280 file->f_pos = offset;
>> 281 file->f_version = 0;
>> 282 }
370 retval = offset; 283 retval = offset;
371 } 284 }
372 out: 285 out:
373 inode_unlock(inode); 286 inode_unlock(inode);
374 return retval; 287 return retval;
375 } 288 }
376 EXPORT_SYMBOL(default_llseek); 289 EXPORT_SYMBOL(default_llseek);
377 290
378 loff_t vfs_llseek(struct file *file, loff_t of 291 loff_t vfs_llseek(struct file *file, loff_t offset, int whence)
379 { 292 {
380 if (!(file->f_mode & FMODE_LSEEK)) !! 293 loff_t (*fn)(struct file *, loff_t, int);
381 return -ESPIPE; !! 294
382 return file->f_op->llseek(file, offset !! 295 fn = no_llseek;
>> 296 if (file->f_mode & FMODE_LSEEK) {
>> 297 if (file->f_op->llseek)
>> 298 fn = file->f_op->llseek;
>> 299 }
>> 300 return fn(file, offset, whence);
383 } 301 }
384 EXPORT_SYMBOL(vfs_llseek); 302 EXPORT_SYMBOL(vfs_llseek);
385 303
386 static off_t ksys_lseek(unsigned int fd, off_t !! 304 off_t ksys_lseek(unsigned int fd, off_t offset, unsigned int whence)
387 { 305 {
388 off_t retval; 306 off_t retval;
389 struct fd f = fdget_pos(fd); 307 struct fd f = fdget_pos(fd);
390 if (!fd_file(f)) !! 308 if (!f.file)
391 return -EBADF; 309 return -EBADF;
392 310
393 retval = -EINVAL; 311 retval = -EINVAL;
394 if (whence <= SEEK_MAX) { 312 if (whence <= SEEK_MAX) {
395 loff_t res = vfs_llseek(fd_fil !! 313 loff_t res = vfs_llseek(f.file, offset, whence);
396 retval = res; 314 retval = res;
397 if (res != (loff_t)retval) 315 if (res != (loff_t)retval)
398 retval = -EOVERFLOW; 316 retval = -EOVERFLOW; /* LFS: should only happen on 32 bit platforms */
399 } 317 }
400 fdput_pos(f); 318 fdput_pos(f);
401 return retval; 319 return retval;
402 } 320 }
403 321
404 SYSCALL_DEFINE3(lseek, unsigned int, fd, off_t 322 SYSCALL_DEFINE3(lseek, unsigned int, fd, off_t, offset, unsigned int, whence)
405 { 323 {
406 return ksys_lseek(fd, offset, whence); 324 return ksys_lseek(fd, offset, whence);
407 } 325 }
408 326
409 #ifdef CONFIG_COMPAT 327 #ifdef CONFIG_COMPAT
410 COMPAT_SYSCALL_DEFINE3(lseek, unsigned int, fd 328 COMPAT_SYSCALL_DEFINE3(lseek, unsigned int, fd, compat_off_t, offset, unsigned int, whence)
411 { 329 {
412 return ksys_lseek(fd, offset, whence); 330 return ksys_lseek(fd, offset, whence);
413 } 331 }
414 #endif 332 #endif
415 333
416 #if !defined(CONFIG_64BIT) || defined(CONFIG_C !! 334 #ifdef __ARCH_WANT_SYS_LLSEEK
417 defined(__ARCH_WANT_SYS_LLSEEK) <<
418 SYSCALL_DEFINE5(llseek, unsigned int, fd, unsi 335 SYSCALL_DEFINE5(llseek, unsigned int, fd, unsigned long, offset_high,
419 unsigned long, offset_low, lof 336 unsigned long, offset_low, loff_t __user *, result,
420 unsigned int, whence) 337 unsigned int, whence)
421 { 338 {
422 int retval; 339 int retval;
423 struct fd f = fdget_pos(fd); 340 struct fd f = fdget_pos(fd);
424 loff_t offset; 341 loff_t offset;
425 342
426 if (!fd_file(f)) !! 343 if (!f.file)
427 return -EBADF; 344 return -EBADF;
428 345
429 retval = -EINVAL; 346 retval = -EINVAL;
430 if (whence > SEEK_MAX) 347 if (whence > SEEK_MAX)
431 goto out_putf; 348 goto out_putf;
432 349
433 offset = vfs_llseek(fd_file(f), ((loff !! 350 offset = vfs_llseek(f.file, ((loff_t) offset_high << 32) | offset_low,
434 whence); 351 whence);
435 352
436 retval = (int)offset; 353 retval = (int)offset;
437 if (offset >= 0) { 354 if (offset >= 0) {
438 retval = -EFAULT; 355 retval = -EFAULT;
439 if (!copy_to_user(result, &off 356 if (!copy_to_user(result, &offset, sizeof(offset)))
440 retval = 0; 357 retval = 0;
441 } 358 }
442 out_putf: 359 out_putf:
443 fdput_pos(f); 360 fdput_pos(f);
444 return retval; 361 return retval;
445 } 362 }
446 #endif 363 #endif
447 364
448 int rw_verify_area(int read_write, struct file 365 int rw_verify_area(int read_write, struct file *file, const loff_t *ppos, size_t count)
449 { 366 {
450 int mask = read_write == READ ? MAY_RE !! 367 struct inode *inode;
451 int ret; !! 368 loff_t pos;
>> 369 int retval = -EINVAL;
452 370
>> 371 inode = file_inode(file);
453 if (unlikely((ssize_t) count < 0)) 372 if (unlikely((ssize_t) count < 0))
454 return -EINVAL; !! 373 return retval;
455 !! 374 pos = *ppos;
456 if (ppos) { !! 375 if (unlikely(pos < 0)) {
457 loff_t pos = *ppos; !! 376 if (!unsigned_offsets(file))
458 !! 377 return retval;
459 if (unlikely(pos < 0)) { !! 378 if (count >= -pos) /* both values are in 0..LLONG_MAX */
460 if (!unsigned_offsets( !! 379 return -EOVERFLOW;
461 return -EINVAL !! 380 } else if (unlikely((loff_t) (pos + count) < 0)) {
462 if (count >= -pos) /* !! 381 if (!unsigned_offsets(file))
463 return -EOVERF !! 382 return retval;
464 } else if (unlikely((loff_t) ( <<
465 if (!unsigned_offsets( <<
466 return -EINVAL <<
467 } <<
468 } 383 }
469 384
470 ret = security_file_permission(file, m !! 385 if (unlikely(inode->i_flctx && mandatory_lock(inode))) {
471 if (ret) !! 386 retval = locks_mandatory_area(inode, file, pos, pos + count - 1,
472 return ret; !! 387 read_write == READ ? F_RDLCK : F_WRLCK);
473 !! 388 if (retval < 0)
474 return fsnotify_file_area_perm(file, m !! 389 return retval;
>> 390 }
>> 391 return security_file_permission(file,
>> 392 read_write == READ ? MAY_READ : MAY_WRITE);
475 } 393 }
476 EXPORT_SYMBOL(rw_verify_area); <<
477 394
478 static ssize_t new_sync_read(struct file *filp 395 static ssize_t new_sync_read(struct file *filp, char __user *buf, size_t len, loff_t *ppos)
479 { 396 {
>> 397 struct iovec iov = { .iov_base = buf, .iov_len = len };
480 struct kiocb kiocb; 398 struct kiocb kiocb;
481 struct iov_iter iter; 399 struct iov_iter iter;
482 ssize_t ret; 400 ssize_t ret;
483 401
484 init_sync_kiocb(&kiocb, filp); 402 init_sync_kiocb(&kiocb, filp);
485 kiocb.ki_pos = (ppos ? *ppos : 0); !! 403 kiocb.ki_pos = *ppos;
486 iov_iter_ubuf(&iter, ITER_DEST, buf, l !! 404 iov_iter_init(&iter, READ, &iov, 1, len);
487 405
488 ret = filp->f_op->read_iter(&kiocb, &i !! 406 ret = call_read_iter(filp, &kiocb, &iter);
489 BUG_ON(ret == -EIOCBQUEUED); 407 BUG_ON(ret == -EIOCBQUEUED);
490 if (ppos) !! 408 *ppos = kiocb.ki_pos;
491 *ppos = kiocb.ki_pos; <<
492 return ret; 409 return ret;
493 } 410 }
494 411
495 static int warn_unsupported(struct file *file, !! 412 ssize_t __vfs_read(struct file *file, char __user *buf, size_t count,
>> 413 loff_t *pos)
496 { 414 {
497 pr_warn_ratelimited( !! 415 if (file->f_op->read)
498 "kernel %s not supported for f !! 416 return file->f_op->read(file, buf, count, pos);
499 op, file, current->pid, curren !! 417 else if (file->f_op->read_iter)
500 return -EINVAL; !! 418 return new_sync_read(file, buf, count, pos);
501 } !! 419 else
502 <<
503 ssize_t __kernel_read(struct file *file, void <<
504 { <<
505 struct kvec iov = { <<
506 .iov_base = buf, <<
507 .iov_len = min_t(size_t <<
508 }; <<
509 struct kiocb kiocb; <<
510 struct iov_iter iter; <<
511 ssize_t ret; <<
512 <<
513 if (WARN_ON_ONCE(!(file->f_mode & FMOD <<
514 return -EINVAL; <<
515 if (!(file->f_mode & FMODE_CAN_READ)) <<
516 return -EINVAL; 420 return -EINVAL;
517 /* <<
518 * Also fail if ->read_iter and ->read <<
519 * implies very convoluted semantics. <<
520 */ <<
521 if (unlikely(!file->f_op->read_iter || <<
522 return warn_unsupported(file, <<
523 <<
524 init_sync_kiocb(&kiocb, file); <<
525 kiocb.ki_pos = pos ? *pos : 0; <<
526 iov_iter_kvec(&iter, ITER_DEST, &iov, <<
527 ret = file->f_op->read_iter(&kiocb, &i <<
528 if (ret > 0) { <<
529 if (pos) <<
530 *pos = kiocb.ki_pos; <<
531 fsnotify_access(file); <<
532 add_rchar(current, ret); <<
533 } <<
534 inc_syscr(current); <<
535 return ret; <<
536 } 421 }
537 422
538 ssize_t kernel_read(struct file *file, void *b 423 ssize_t kernel_read(struct file *file, void *buf, size_t count, loff_t *pos)
539 { 424 {
540 ssize_t ret; !! 425 mm_segment_t old_fs;
>> 426 ssize_t result;
541 427
542 ret = rw_verify_area(READ, file, pos, !! 428 old_fs = get_fs();
543 if (ret) !! 429 set_fs(get_ds());
544 return ret; !! 430 /* The cast to a user pointer is valid due to the set_fs() */
545 return __kernel_read(file, buf, count, !! 431 result = vfs_read(file, (void __user *)buf, count, pos);
>> 432 set_fs(old_fs);
>> 433 return result;
546 } 434 }
547 EXPORT_SYMBOL(kernel_read); 435 EXPORT_SYMBOL(kernel_read);
548 436
549 ssize_t vfs_read(struct file *file, char __use 437 ssize_t vfs_read(struct file *file, char __user *buf, size_t count, loff_t *pos)
550 { 438 {
551 ssize_t ret; 439 ssize_t ret;
552 440
553 if (!(file->f_mode & FMODE_READ)) 441 if (!(file->f_mode & FMODE_READ))
554 return -EBADF; 442 return -EBADF;
555 if (!(file->f_mode & FMODE_CAN_READ)) 443 if (!(file->f_mode & FMODE_CAN_READ))
556 return -EINVAL; 444 return -EINVAL;
557 if (unlikely(!access_ok(buf, count))) !! 445 if (unlikely(!access_ok(VERIFY_WRITE, buf, count)))
558 return -EFAULT; 446 return -EFAULT;
559 447
560 ret = rw_verify_area(READ, file, pos, 448 ret = rw_verify_area(READ, file, pos, count);
561 if (ret) !! 449 if (!ret) {
562 return ret; !! 450 if (count > MAX_RW_COUNT)
563 if (count > MAX_RW_COUNT) !! 451 count = MAX_RW_COUNT;
564 count = MAX_RW_COUNT; !! 452 ret = __vfs_read(file, buf, count, pos);
565 !! 453 if (ret > 0) {
566 if (file->f_op->read) !! 454 fsnotify_access(file);
567 ret = file->f_op->read(file, b !! 455 add_rchar(current, ret);
568 else if (file->f_op->read_iter) !! 456 }
569 ret = new_sync_read(file, buf, !! 457 inc_syscr(current);
570 else <<
571 ret = -EINVAL; <<
572 if (ret > 0) { <<
573 fsnotify_access(file); <<
574 add_rchar(current, ret); <<
575 } 458 }
576 inc_syscr(current); !! 459
577 return ret; 460 return ret;
578 } 461 }
579 462
580 static ssize_t new_sync_write(struct file *fil 463 static ssize_t new_sync_write(struct file *filp, const char __user *buf, size_t len, loff_t *ppos)
581 { 464 {
>> 465 struct iovec iov = { .iov_base = (void __user *)buf, .iov_len = len };
582 struct kiocb kiocb; 466 struct kiocb kiocb;
583 struct iov_iter iter; 467 struct iov_iter iter;
584 ssize_t ret; 468 ssize_t ret;
585 469
586 init_sync_kiocb(&kiocb, filp); 470 init_sync_kiocb(&kiocb, filp);
587 kiocb.ki_pos = (ppos ? *ppos : 0); !! 471 kiocb.ki_pos = *ppos;
588 iov_iter_ubuf(&iter, ITER_SOURCE, (voi !! 472 iov_iter_init(&iter, WRITE, &iov, 1, len);
589 473
590 ret = filp->f_op->write_iter(&kiocb, & !! 474 ret = call_write_iter(filp, &kiocb, &iter);
591 BUG_ON(ret == -EIOCBQUEUED); 475 BUG_ON(ret == -EIOCBQUEUED);
592 if (ret > 0 && ppos) !! 476 if (ret > 0)
593 *ppos = kiocb.ki_pos; 477 *ppos = kiocb.ki_pos;
594 return ret; 478 return ret;
595 } 479 }
596 480
597 /* caller is responsible for file_start_write/ !! 481 ssize_t __vfs_write(struct file *file, const char __user *p, size_t count,
598 ssize_t __kernel_write_iter(struct file *file, !! 482 loff_t *pos)
599 { 483 {
600 struct kiocb kiocb; !! 484 if (file->f_op->write)
>> 485 return file->f_op->write(file, p, count, pos);
>> 486 else if (file->f_op->write_iter)
>> 487 return new_sync_write(file, p, count, pos);
>> 488 else
>> 489 return -EINVAL;
>> 490 }
>> 491
>> 492 ssize_t __kernel_write(struct file *file, const void *buf, size_t count, loff_t *pos)
>> 493 {
>> 494 mm_segment_t old_fs;
>> 495 const char __user *p;
601 ssize_t ret; 496 ssize_t ret;
602 497
603 if (WARN_ON_ONCE(!(file->f_mode & FMOD <<
604 return -EBADF; <<
605 if (!(file->f_mode & FMODE_CAN_WRITE)) 498 if (!(file->f_mode & FMODE_CAN_WRITE))
606 return -EINVAL; 499 return -EINVAL;
607 /* <<
608 * Also fail if ->write_iter and ->wri <<
609 * implies very convoluted semantics. <<
610 */ <<
611 if (unlikely(!file->f_op->write_iter | <<
612 return warn_unsupported(file, <<
613 500
614 init_sync_kiocb(&kiocb, file); !! 501 old_fs = get_fs();
615 kiocb.ki_pos = pos ? *pos : 0; !! 502 set_fs(get_ds());
616 ret = file->f_op->write_iter(&kiocb, f !! 503 p = (__force const char __user *)buf;
>> 504 if (count > MAX_RW_COUNT)
>> 505 count = MAX_RW_COUNT;
>> 506 ret = __vfs_write(file, p, count, pos);
>> 507 set_fs(old_fs);
617 if (ret > 0) { 508 if (ret > 0) {
618 if (pos) <<
619 *pos = kiocb.ki_pos; <<
620 fsnotify_modify(file); 509 fsnotify_modify(file);
621 add_wchar(current, ret); 510 add_wchar(current, ret);
622 } 511 }
623 inc_syscw(current); 512 inc_syscw(current);
624 return ret; 513 return ret;
625 } 514 }
626 !! 515 EXPORT_SYMBOL(__kernel_write);
627 /* caller is responsible for file_start_write/ <<
628 ssize_t __kernel_write(struct file *file, cons <<
629 { <<
630 struct kvec iov = { <<
631 .iov_base = (void *)buf, <<
632 .iov_len = min_t(size_t <<
633 }; <<
634 struct iov_iter iter; <<
635 iov_iter_kvec(&iter, ITER_SOURCE, &iov <<
636 return __kernel_write_iter(file, &iter <<
637 } <<
638 /* <<
639 * This "EXPORT_SYMBOL_GPL()" is more of a "EX <<
640 * but autofs is one of the few internal kerne <<
641 * wants this _and_ can be built as a module. <<
642 * this symbol for autofs, even though it real <<
643 * for any other kernel modules. <<
644 */ <<
645 EXPORT_SYMBOL_GPL(__kernel_write); <<
646 516
647 ssize_t kernel_write(struct file *file, const 517 ssize_t kernel_write(struct file *file, const void *buf, size_t count,
648 loff_t *pos) 518 loff_t *pos)
649 { 519 {
650 ssize_t ret; !! 520 mm_segment_t old_fs;
>> 521 ssize_t res;
651 522
652 ret = rw_verify_area(WRITE, file, pos, !! 523 old_fs = get_fs();
653 if (ret) !! 524 set_fs(get_ds());
654 return ret; !! 525 /* The cast to a user pointer is valid due to the set_fs() */
>> 526 res = vfs_write(file, (__force const char __user *)buf, count, pos);
>> 527 set_fs(old_fs);
655 528
656 file_start_write(file); !! 529 return res;
657 ret = __kernel_write(file, buf, count <<
658 file_end_write(file); <<
659 return ret; <<
660 } 530 }
661 EXPORT_SYMBOL(kernel_write); 531 EXPORT_SYMBOL(kernel_write);
662 532
663 ssize_t vfs_write(struct file *file, const cha 533 ssize_t vfs_write(struct file *file, const char __user *buf, size_t count, loff_t *pos)
664 { 534 {
665 ssize_t ret; 535 ssize_t ret;
666 536
667 if (!(file->f_mode & FMODE_WRITE)) 537 if (!(file->f_mode & FMODE_WRITE))
668 return -EBADF; 538 return -EBADF;
669 if (!(file->f_mode & FMODE_CAN_WRITE)) 539 if (!(file->f_mode & FMODE_CAN_WRITE))
670 return -EINVAL; 540 return -EINVAL;
671 if (unlikely(!access_ok(buf, count))) !! 541 if (unlikely(!access_ok(VERIFY_READ, buf, count)))
672 return -EFAULT; 542 return -EFAULT;
673 543
674 ret = rw_verify_area(WRITE, file, pos, 544 ret = rw_verify_area(WRITE, file, pos, count);
675 if (ret) !! 545 if (!ret) {
676 return ret; !! 546 if (count > MAX_RW_COUNT)
677 if (count > MAX_RW_COUNT) !! 547 count = MAX_RW_COUNT;
678 count = MAX_RW_COUNT; !! 548 file_start_write(file);
679 file_start_write(file); !! 549 ret = __vfs_write(file, buf, count, pos);
680 if (file->f_op->write) !! 550 if (ret > 0) {
681 ret = file->f_op->write(file, !! 551 fsnotify_modify(file);
682 else if (file->f_op->write_iter) !! 552 add_wchar(current, ret);
683 ret = new_sync_write(file, buf !! 553 }
684 else !! 554 inc_syscw(current);
685 ret = -EINVAL; !! 555 file_end_write(file);
686 if (ret > 0) { <<
687 fsnotify_modify(file); <<
688 add_wchar(current, ret); <<
689 } 556 }
690 inc_syscw(current); !! 557
691 file_end_write(file); <<
692 return ret; 558 return ret;
693 } 559 }
694 560
695 /* file_ppos returns &file->f_pos or NULL if f !! 561 static inline loff_t file_pos_read(struct file *file)
696 static inline loff_t *file_ppos(struct file *f !! 562 {
>> 563 return file->f_pos;
>> 564 }
>> 565
>> 566 static inline void file_pos_write(struct file *file, loff_t pos)
697 { 567 {
698 return file->f_mode & FMODE_STREAM ? N !! 568 file->f_pos = pos;
699 } 569 }
700 570
701 ssize_t ksys_read(unsigned int fd, char __user 571 ssize_t ksys_read(unsigned int fd, char __user *buf, size_t count)
702 { 572 {
703 struct fd f = fdget_pos(fd); 573 struct fd f = fdget_pos(fd);
704 ssize_t ret = -EBADF; 574 ssize_t ret = -EBADF;
705 575
706 if (fd_file(f)) { !! 576 if (f.file) {
707 loff_t pos, *ppos = file_ppos( !! 577 loff_t pos = file_pos_read(f.file);
708 if (ppos) { !! 578 ret = vfs_read(f.file, buf, count, &pos);
709 pos = *ppos; !! 579 if (ret >= 0)
710 ppos = &pos; !! 580 file_pos_write(f.file, pos);
711 } <<
712 ret = vfs_read(fd_file(f), buf <<
713 if (ret >= 0 && ppos) <<
714 fd_file(f)->f_pos = po <<
715 fdput_pos(f); 581 fdput_pos(f);
716 } 582 }
717 return ret; 583 return ret;
718 } 584 }
719 585
720 SYSCALL_DEFINE3(read, unsigned int, fd, char _ 586 SYSCALL_DEFINE3(read, unsigned int, fd, char __user *, buf, size_t, count)
721 { 587 {
722 return ksys_read(fd, buf, count); 588 return ksys_read(fd, buf, count);
723 } 589 }
724 590
725 ssize_t ksys_write(unsigned int fd, const char 591 ssize_t ksys_write(unsigned int fd, const char __user *buf, size_t count)
726 { 592 {
727 struct fd f = fdget_pos(fd); 593 struct fd f = fdget_pos(fd);
728 ssize_t ret = -EBADF; 594 ssize_t ret = -EBADF;
729 595
730 if (fd_file(f)) { !! 596 if (f.file) {
731 loff_t pos, *ppos = file_ppos( !! 597 loff_t pos = file_pos_read(f.file);
732 if (ppos) { !! 598 ret = vfs_write(f.file, buf, count, &pos);
733 pos = *ppos; !! 599 if (ret >= 0)
734 ppos = &pos; !! 600 file_pos_write(f.file, pos);
735 } <<
736 ret = vfs_write(fd_file(f), bu <<
737 if (ret >= 0 && ppos) <<
738 fd_file(f)->f_pos = po <<
739 fdput_pos(f); 601 fdput_pos(f);
740 } 602 }
741 603
742 return ret; 604 return ret;
743 } 605 }
744 606
745 SYSCALL_DEFINE3(write, unsigned int, fd, const 607 SYSCALL_DEFINE3(write, unsigned int, fd, const char __user *, buf,
746 size_t, count) 608 size_t, count)
747 { 609 {
748 return ksys_write(fd, buf, count); 610 return ksys_write(fd, buf, count);
749 } 611 }
750 612
751 ssize_t ksys_pread64(unsigned int fd, char __u 613 ssize_t ksys_pread64(unsigned int fd, char __user *buf, size_t count,
752 loff_t pos) 614 loff_t pos)
753 { 615 {
754 struct fd f; 616 struct fd f;
755 ssize_t ret = -EBADF; 617 ssize_t ret = -EBADF;
756 618
757 if (pos < 0) 619 if (pos < 0)
758 return -EINVAL; 620 return -EINVAL;
759 621
760 f = fdget(fd); 622 f = fdget(fd);
761 if (fd_file(f)) { !! 623 if (f.file) {
762 ret = -ESPIPE; 624 ret = -ESPIPE;
763 if (fd_file(f)->f_mode & FMODE !! 625 if (f.file->f_mode & FMODE_PREAD)
764 ret = vfs_read(fd_file !! 626 ret = vfs_read(f.file, buf, count, &pos);
765 fdput(f); 627 fdput(f);
766 } 628 }
767 629
768 return ret; 630 return ret;
769 } 631 }
770 632
771 SYSCALL_DEFINE4(pread64, unsigned int, fd, cha 633 SYSCALL_DEFINE4(pread64, unsigned int, fd, char __user *, buf,
772 size_t, count, loff_t, 634 size_t, count, loff_t, pos)
773 { 635 {
774 return ksys_pread64(fd, buf, count, po 636 return ksys_pread64(fd, buf, count, pos);
775 } 637 }
776 638
777 #if defined(CONFIG_COMPAT) && defined(__ARCH_W <<
778 COMPAT_SYSCALL_DEFINE5(pread64, unsigned int, <<
779 size_t, count, compat_a <<
780 { <<
781 return ksys_pread64(fd, buf, count, co <<
782 } <<
783 #endif <<
784 <<
785 ssize_t ksys_pwrite64(unsigned int fd, const c 639 ssize_t ksys_pwrite64(unsigned int fd, const char __user *buf,
786 size_t count, loff_t pos 640 size_t count, loff_t pos)
787 { 641 {
788 struct fd f; 642 struct fd f;
789 ssize_t ret = -EBADF; 643 ssize_t ret = -EBADF;
790 644
791 if (pos < 0) 645 if (pos < 0)
792 return -EINVAL; 646 return -EINVAL;
793 647
794 f = fdget(fd); 648 f = fdget(fd);
795 if (fd_file(f)) { !! 649 if (f.file) {
796 ret = -ESPIPE; 650 ret = -ESPIPE;
797 if (fd_file(f)->f_mode & FMODE !! 651 if (f.file->f_mode & FMODE_PWRITE)
798 ret = vfs_write(fd_fil !! 652 ret = vfs_write(f.file, buf, count, &pos);
799 fdput(f); 653 fdput(f);
800 } 654 }
801 655
802 return ret; 656 return ret;
803 } 657 }
804 658
805 SYSCALL_DEFINE4(pwrite64, unsigned int, fd, co 659 SYSCALL_DEFINE4(pwrite64, unsigned int, fd, const char __user *, buf,
806 size_t, count, loff_t 660 size_t, count, loff_t, pos)
807 { 661 {
808 return ksys_pwrite64(fd, buf, count, p 662 return ksys_pwrite64(fd, buf, count, pos);
809 } 663 }
810 664
811 #if defined(CONFIG_COMPAT) && defined(__ARCH_W <<
812 COMPAT_SYSCALL_DEFINE5(pwrite64, unsigned int, <<
813 size_t, count, compat_a <<
814 { <<
815 return ksys_pwrite64(fd, buf, count, c <<
816 } <<
817 #endif <<
818 <<
819 static ssize_t do_iter_readv_writev(struct fil 665 static ssize_t do_iter_readv_writev(struct file *filp, struct iov_iter *iter,
820 loff_t *ppos, int type, rwf_t 666 loff_t *ppos, int type, rwf_t flags)
821 { 667 {
822 struct kiocb kiocb; 668 struct kiocb kiocb;
823 ssize_t ret; 669 ssize_t ret;
824 670
825 init_sync_kiocb(&kiocb, filp); 671 init_sync_kiocb(&kiocb, filp);
826 ret = kiocb_set_rw_flags(&kiocb, flags !! 672 ret = kiocb_set_rw_flags(&kiocb, flags);
827 if (ret) 673 if (ret)
828 return ret; 674 return ret;
829 kiocb.ki_pos = (ppos ? *ppos : 0); !! 675 kiocb.ki_pos = *ppos;
830 676
831 if (type == READ) 677 if (type == READ)
832 ret = filp->f_op->read_iter(&k !! 678 ret = call_read_iter(filp, &kiocb, iter);
833 else 679 else
834 ret = filp->f_op->write_iter(& !! 680 ret = call_write_iter(filp, &kiocb, iter);
835 BUG_ON(ret == -EIOCBQUEUED); 681 BUG_ON(ret == -EIOCBQUEUED);
836 if (ppos) !! 682 *ppos = kiocb.ki_pos;
837 *ppos = kiocb.ki_pos; <<
838 return ret; 683 return ret;
839 } 684 }
840 685
841 /* Do it by hand, with file-ops */ 686 /* Do it by hand, with file-ops */
842 static ssize_t do_loop_readv_writev(struct fil 687 static ssize_t do_loop_readv_writev(struct file *filp, struct iov_iter *iter,
843 loff_t *ppos, int type, rwf_t 688 loff_t *ppos, int type, rwf_t flags)
844 { 689 {
845 ssize_t ret = 0; 690 ssize_t ret = 0;
846 691
847 if (flags & ~RWF_HIPRI) 692 if (flags & ~RWF_HIPRI)
848 return -EOPNOTSUPP; 693 return -EOPNOTSUPP;
849 694
850 while (iov_iter_count(iter)) { 695 while (iov_iter_count(iter)) {
>> 696 struct iovec iovec = iov_iter_iovec(iter);
851 ssize_t nr; 697 ssize_t nr;
852 698
853 if (type == READ) { 699 if (type == READ) {
854 nr = filp->f_op->read( !! 700 nr = filp->f_op->read(filp, iovec.iov_base,
855 !! 701 iovec.iov_len, ppos);
856 } else { 702 } else {
857 nr = filp->f_op->write !! 703 nr = filp->f_op->write(filp, iovec.iov_base,
858 !! 704 iovec.iov_len, ppos);
859 } 705 }
860 706
861 if (nr < 0) { 707 if (nr < 0) {
862 if (!ret) 708 if (!ret)
863 ret = nr; 709 ret = nr;
864 break; 710 break;
865 } 711 }
866 ret += nr; 712 ret += nr;
867 if (nr != iter_iov_len(iter)) !! 713 if (nr != iovec.iov_len)
868 break; 714 break;
869 iov_iter_advance(iter, nr); 715 iov_iter_advance(iter, nr);
870 } 716 }
871 717
872 return ret; 718 return ret;
873 } 719 }
874 720
875 ssize_t vfs_iocb_iter_read(struct file *file, !! 721 /* A write operation does a read from user space and vice versa */
876 struct iov_iter *it !! 722 #define vrfy_dir(type) ((type) == READ ? VERIFY_WRITE : VERIFY_READ)
>> 723
>> 724 /**
>> 725 * rw_copy_check_uvector() - Copy an array of &struct iovec from userspace
>> 726 * into the kernel and check that it is valid.
>> 727 *
>> 728 * @type: One of %CHECK_IOVEC_ONLY, %READ, or %WRITE.
>> 729 * @uvector: Pointer to the userspace array.
>> 730 * @nr_segs: Number of elements in userspace array.
>> 731 * @fast_segs: Number of elements in @fast_pointer.
>> 732 * @fast_pointer: Pointer to (usually small on-stack) kernel array.
>> 733 * @ret_pointer: (output parameter) Pointer to a variable that will point to
>> 734 * either @fast_pointer, a newly allocated kernel array, or NULL,
>> 735 * depending on which array was used.
>> 736 *
>> 737 * This function copies an array of &struct iovec of @nr_segs from
>> 738 * userspace into the kernel and checks that each element is valid (e.g.
>> 739 * it does not point to a kernel address or cause overflow by being too
>> 740 * large, etc.).
>> 741 *
>> 742 * As an optimization, the caller may provide a pointer to a small
>> 743 * on-stack array in @fast_pointer, typically %UIO_FASTIOV elements long
>> 744 * (the size of this array, or 0 if unused, should be given in @fast_segs).
>> 745 *
>> 746 * @ret_pointer will always point to the array that was used, so the
>> 747 * caller must take care not to call kfree() on it e.g. in case the
>> 748 * @fast_pointer array was used and it was allocated on the stack.
>> 749 *
>> 750 * Return: The total number of bytes covered by the iovec array on success
>> 751 * or a negative error code on error.
>> 752 */
>> 753 ssize_t rw_copy_check_uvector(int type, const struct iovec __user * uvector,
>> 754 unsigned long nr_segs, unsigned long fast_segs,
>> 755 struct iovec *fast_pointer,
>> 756 struct iovec **ret_pointer)
877 { 757 {
878 size_t tot_len; !! 758 unsigned long seg;
>> 759 ssize_t ret;
>> 760 struct iovec *iov = fast_pointer;
>> 761
>> 762 /*
>> 763 * SuS says "The readv() function *may* fail if the iovcnt argument
>> 764 * was less than or equal to 0, or greater than {IOV_MAX}. Linux has
>> 765 * traditionally returned zero for zero segments, so...
>> 766 */
>> 767 if (nr_segs == 0) {
>> 768 ret = 0;
>> 769 goto out;
>> 770 }
>> 771
>> 772 /*
>> 773 * First get the "struct iovec" from user memory and
>> 774 * verify all the pointers
>> 775 */
>> 776 if (nr_segs > UIO_MAXIOV) {
>> 777 ret = -EINVAL;
>> 778 goto out;
>> 779 }
>> 780 if (nr_segs > fast_segs) {
>> 781 iov = kmalloc(nr_segs*sizeof(struct iovec), GFP_KERNEL);
>> 782 if (iov == NULL) {
>> 783 ret = -ENOMEM;
>> 784 goto out;
>> 785 }
>> 786 }
>> 787 if (copy_from_user(iov, uvector, nr_segs*sizeof(*uvector))) {
>> 788 ret = -EFAULT;
>> 789 goto out;
>> 790 }
>> 791
>> 792 /*
>> 793 * According to the Single Unix Specification we should return EINVAL
>> 794 * if an element length is < 0 when cast to ssize_t or if the
>> 795 * total length would overflow the ssize_t return value of the
>> 796 * system call.
>> 797 *
>> 798 * Linux caps all read/write calls to MAX_RW_COUNT, and avoids the
>> 799 * overflow case.
>> 800 */
>> 801 ret = 0;
>> 802 for (seg = 0; seg < nr_segs; seg++) {
>> 803 void __user *buf = iov[seg].iov_base;
>> 804 ssize_t len = (ssize_t)iov[seg].iov_len;
>> 805
>> 806 /* see if we we're about to use an invalid len or if
>> 807 * it's about to overflow ssize_t */
>> 808 if (len < 0) {
>> 809 ret = -EINVAL;
>> 810 goto out;
>> 811 }
>> 812 if (type >= 0
>> 813 && unlikely(!access_ok(vrfy_dir(type), buf, len))) {
>> 814 ret = -EFAULT;
>> 815 goto out;
>> 816 }
>> 817 if (len > MAX_RW_COUNT - ret) {
>> 818 len = MAX_RW_COUNT - ret;
>> 819 iov[seg].iov_len = len;
>> 820 }
>> 821 ret += len;
>> 822 }
>> 823 out:
>> 824 *ret_pointer = iov;
>> 825 return ret;
>> 826 }
>> 827
>> 828 #ifdef CONFIG_COMPAT
>> 829 ssize_t compat_rw_copy_check_uvector(int type,
>> 830 const struct compat_iovec __user *uvector, unsigned long nr_segs,
>> 831 unsigned long fast_segs, struct iovec *fast_pointer,
>> 832 struct iovec **ret_pointer)
>> 833 {
>> 834 compat_ssize_t tot_len;
>> 835 struct iovec *iov = *ret_pointer = fast_pointer;
879 ssize_t ret = 0; 836 ssize_t ret = 0;
>> 837 int seg;
880 838
881 if (!file->f_op->read_iter) !! 839 /*
882 return -EINVAL; !! 840 * SuS says "The readv() function *may* fail if the iovcnt argument
883 if (!(file->f_mode & FMODE_READ)) !! 841 * was less than or equal to 0, or greater than {IOV_MAX}. Linux has
884 return -EBADF; !! 842 * traditionally returned zero for zero segments, so...
885 if (!(file->f_mode & FMODE_CAN_READ)) !! 843 */
886 return -EINVAL; !! 844 if (nr_segs == 0)
>> 845 goto out;
887 846
888 tot_len = iov_iter_count(iter); !! 847 ret = -EINVAL;
889 if (!tot_len) !! 848 if (nr_segs > UIO_MAXIOV)
890 goto out; 849 goto out;
891 ret = rw_verify_area(READ, file, &iocb !! 850 if (nr_segs > fast_segs) {
892 if (ret < 0) !! 851 ret = -ENOMEM;
893 return ret; !! 852 iov = kmalloc(nr_segs*sizeof(struct iovec), GFP_KERNEL);
>> 853 if (iov == NULL)
>> 854 goto out;
>> 855 }
>> 856 *ret_pointer = iov;
>> 857
>> 858 ret = -EFAULT;
>> 859 if (!access_ok(VERIFY_READ, uvector, nr_segs*sizeof(*uvector)))
>> 860 goto out;
>> 861
>> 862 /*
>> 863 * Single unix specification:
>> 864 * We should -EINVAL if an element length is not >= 0 and fitting an
>> 865 * ssize_t.
>> 866 *
>> 867 * In Linux, the total length is limited to MAX_RW_COUNT, there is
>> 868 * no overflow possibility.
>> 869 */
>> 870 tot_len = 0;
>> 871 ret = -EINVAL;
>> 872 for (seg = 0; seg < nr_segs; seg++) {
>> 873 compat_uptr_t buf;
>> 874 compat_ssize_t len;
>> 875
>> 876 if (__get_user(len, &uvector->iov_len) ||
>> 877 __get_user(buf, &uvector->iov_base)) {
>> 878 ret = -EFAULT;
>> 879 goto out;
>> 880 }
>> 881 if (len < 0) /* size_t not fitting in compat_ssize_t .. */
>> 882 goto out;
>> 883 if (type >= 0 &&
>> 884 !access_ok(vrfy_dir(type), compat_ptr(buf), len)) {
>> 885 ret = -EFAULT;
>> 886 goto out;
>> 887 }
>> 888 if (len > MAX_RW_COUNT - tot_len)
>> 889 len = MAX_RW_COUNT - tot_len;
>> 890 tot_len += len;
>> 891 iov->iov_base = compat_ptr(buf);
>> 892 iov->iov_len = (compat_size_t) len;
>> 893 uvector++;
>> 894 iov++;
>> 895 }
>> 896 ret = tot_len;
894 897
895 ret = file->f_op->read_iter(iocb, iter <<
896 out: 898 out:
897 if (ret >= 0) <<
898 fsnotify_access(file); <<
899 return ret; 899 return ret;
900 } 900 }
901 EXPORT_SYMBOL(vfs_iocb_iter_read); !! 901 #endif
902 902
903 ssize_t vfs_iter_read(struct file *file, struc !! 903 static ssize_t do_iter_read(struct file *file, struct iov_iter *iter,
904 rwf_t flags) !! 904 loff_t *pos, rwf_t flags)
905 { 905 {
906 size_t tot_len; 906 size_t tot_len;
907 ssize_t ret = 0; 907 ssize_t ret = 0;
908 908
909 if (!file->f_op->read_iter) <<
910 return -EINVAL; <<
911 if (!(file->f_mode & FMODE_READ)) 909 if (!(file->f_mode & FMODE_READ))
912 return -EBADF; 910 return -EBADF;
913 if (!(file->f_mode & FMODE_CAN_READ)) 911 if (!(file->f_mode & FMODE_CAN_READ))
914 return -EINVAL; 912 return -EINVAL;
915 913
916 tot_len = iov_iter_count(iter); 914 tot_len = iov_iter_count(iter);
917 if (!tot_len) 915 if (!tot_len)
918 goto out; 916 goto out;
919 ret = rw_verify_area(READ, file, ppos, !! 917 ret = rw_verify_area(READ, file, pos, tot_len);
920 if (ret < 0) 918 if (ret < 0)
921 return ret; 919 return ret;
922 920
923 ret = do_iter_readv_writev(file, iter, !! 921 if (file->f_op->read_iter)
>> 922 ret = do_iter_readv_writev(file, iter, pos, READ, flags);
>> 923 else
>> 924 ret = do_loop_readv_writev(file, iter, pos, READ, flags);
924 out: 925 out:
925 if (ret >= 0) 926 if (ret >= 0)
926 fsnotify_access(file); 927 fsnotify_access(file);
927 return ret; 928 return ret;
928 } 929 }
>> 930
>> 931 ssize_t vfs_iter_read(struct file *file, struct iov_iter *iter, loff_t *ppos,
>> 932 rwf_t flags)
>> 933 {
>> 934 if (!file->f_op->read_iter)
>> 935 return -EINVAL;
>> 936 return do_iter_read(file, iter, ppos, flags);
>> 937 }
929 EXPORT_SYMBOL(vfs_iter_read); 938 EXPORT_SYMBOL(vfs_iter_read);
930 939
931 /* !! 940 static ssize_t do_iter_write(struct file *file, struct iov_iter *iter,
932 * Caller is responsible for calling kiocb_end !! 941 loff_t *pos, rwf_t flags)
933 * if async iocb was queued. <<
934 */ <<
935 ssize_t vfs_iocb_iter_write(struct file *file, <<
936 struct iov_iter *i <<
937 { 942 {
938 size_t tot_len; 943 size_t tot_len;
939 ssize_t ret = 0; 944 ssize_t ret = 0;
940 945
941 if (!file->f_op->write_iter) <<
942 return -EINVAL; <<
943 if (!(file->f_mode & FMODE_WRITE)) 946 if (!(file->f_mode & FMODE_WRITE))
944 return -EBADF; 947 return -EBADF;
945 if (!(file->f_mode & FMODE_CAN_WRITE)) 948 if (!(file->f_mode & FMODE_CAN_WRITE))
946 return -EINVAL; 949 return -EINVAL;
947 950
948 tot_len = iov_iter_count(iter); 951 tot_len = iov_iter_count(iter);
949 if (!tot_len) 952 if (!tot_len)
950 return 0; 953 return 0;
951 ret = rw_verify_area(WRITE, file, &ioc !! 954 ret = rw_verify_area(WRITE, file, pos, tot_len);
952 if (ret < 0) 955 if (ret < 0)
953 return ret; 956 return ret;
954 957
955 kiocb_start_write(iocb); !! 958 if (file->f_op->write_iter)
956 ret = file->f_op->write_iter(iocb, ite !! 959 ret = do_iter_readv_writev(file, iter, pos, WRITE, flags);
957 if (ret != -EIOCBQUEUED) !! 960 else
958 kiocb_end_write(iocb); !! 961 ret = do_loop_readv_writev(file, iter, pos, WRITE, flags);
959 if (ret > 0) 962 if (ret > 0)
960 fsnotify_modify(file); 963 fsnotify_modify(file);
961 <<
962 return ret; 964 return ret;
963 } 965 }
964 EXPORT_SYMBOL(vfs_iocb_iter_write); <<
965 966
966 ssize_t vfs_iter_write(struct file *file, stru 967 ssize_t vfs_iter_write(struct file *file, struct iov_iter *iter, loff_t *ppos,
967 rwf_t flags) !! 968 rwf_t flags)
968 { 969 {
969 size_t tot_len; <<
970 ssize_t ret; <<
971 <<
972 if (!(file->f_mode & FMODE_WRITE)) <<
973 return -EBADF; <<
974 if (!(file->f_mode & FMODE_CAN_WRITE)) <<
975 return -EINVAL; <<
976 if (!file->f_op->write_iter) 970 if (!file->f_op->write_iter)
977 return -EINVAL; 971 return -EINVAL;
978 !! 972 return do_iter_write(file, iter, ppos, flags);
979 tot_len = iov_iter_count(iter); <<
980 if (!tot_len) <<
981 return 0; <<
982 <<
983 ret = rw_verify_area(WRITE, file, ppos <<
984 if (ret < 0) <<
985 return ret; <<
986 <<
987 file_start_write(file); <<
988 ret = do_iter_readv_writev(file, iter, <<
989 if (ret > 0) <<
990 fsnotify_modify(file); <<
991 file_end_write(file); <<
992 <<
993 return ret; <<
994 } 973 }
995 EXPORT_SYMBOL(vfs_iter_write); 974 EXPORT_SYMBOL(vfs_iter_write);
996 975
997 static ssize_t vfs_readv(struct file *file, co !! 976 ssize_t vfs_readv(struct file *file, const struct iovec __user *vec,
998 unsigned long vlen, l !! 977 unsigned long vlen, loff_t *pos, rwf_t flags)
999 { 978 {
1000 struct iovec iovstack[UIO_FASTIOV]; 979 struct iovec iovstack[UIO_FASTIOV];
1001 struct iovec *iov = iovstack; 980 struct iovec *iov = iovstack;
1002 struct iov_iter iter; 981 struct iov_iter iter;
1003 size_t tot_len; !! 982 ssize_t ret;
1004 ssize_t ret = 0; <<
1005 <<
1006 if (!(file->f_mode & FMODE_READ)) <<
1007 return -EBADF; <<
1008 if (!(file->f_mode & FMODE_CAN_READ)) <<
1009 return -EINVAL; <<
1010 <<
1011 ret = import_iovec(ITER_DEST, vec, vl <<
1012 &iter); <<
1013 if (ret < 0) <<
1014 return ret; <<
1015 <<
1016 tot_len = iov_iter_count(&iter); <<
1017 if (!tot_len) <<
1018 goto out; <<
1019 983
1020 ret = rw_verify_area(READ, file, pos, !! 984 ret = import_iovec(READ, vec, vlen, ARRAY_SIZE(iovstack), &iov, &iter);
1021 if (ret < 0) !! 985 if (ret >= 0) {
1022 goto out; !! 986 ret = do_iter_read(file, &iter, pos, flags);
>> 987 kfree(iov);
>> 988 }
1023 989
1024 if (file->f_op->read_iter) <<
1025 ret = do_iter_readv_writev(fi <<
1026 else <<
1027 ret = do_loop_readv_writev(fi <<
1028 out: <<
1029 if (ret >= 0) <<
1030 fsnotify_access(file); <<
1031 kfree(iov); <<
1032 return ret; 990 return ret;
1033 } 991 }
1034 992
1035 static ssize_t vfs_writev(struct file *file, 993 static ssize_t vfs_writev(struct file *file, const struct iovec __user *vec,
1036 unsigned long vlen, !! 994 unsigned long vlen, loff_t *pos, rwf_t flags)
1037 { 995 {
1038 struct iovec iovstack[UIO_FASTIOV]; 996 struct iovec iovstack[UIO_FASTIOV];
1039 struct iovec *iov = iovstack; 997 struct iovec *iov = iovstack;
1040 struct iov_iter iter; 998 struct iov_iter iter;
1041 size_t tot_len; !! 999 ssize_t ret;
1042 ssize_t ret = 0; <<
1043 <<
1044 if (!(file->f_mode & FMODE_WRITE)) <<
1045 return -EBADF; <<
1046 if (!(file->f_mode & FMODE_CAN_WRITE) <<
1047 return -EINVAL; <<
1048 <<
1049 ret = import_iovec(ITER_SOURCE, vec, <<
1050 &iter); <<
1051 if (ret < 0) <<
1052 return ret; <<
1053 <<
1054 tot_len = iov_iter_count(&iter); <<
1055 if (!tot_len) <<
1056 goto out; <<
1057 <<
1058 ret = rw_verify_area(WRITE, file, pos <<
1059 if (ret < 0) <<
1060 goto out; <<
1061 1000
1062 file_start_write(file); !! 1001 ret = import_iovec(WRITE, vec, vlen, ARRAY_SIZE(iovstack), &iov, &iter);
1063 if (file->f_op->write_iter) !! 1002 if (ret >= 0) {
1064 ret = do_iter_readv_writev(fi !! 1003 file_start_write(file);
1065 else !! 1004 ret = do_iter_write(file, &iter, pos, flags);
1066 ret = do_loop_readv_writev(fi !! 1005 file_end_write(file);
1067 if (ret > 0) !! 1006 kfree(iov);
1068 fsnotify_modify(file); !! 1007 }
1069 file_end_write(file); <<
1070 out: <<
1071 kfree(iov); <<
1072 return ret; 1008 return ret;
1073 } 1009 }
1074 1010
1075 static ssize_t do_readv(unsigned long fd, con 1011 static ssize_t do_readv(unsigned long fd, const struct iovec __user *vec,
1076 unsigned long vlen, r 1012 unsigned long vlen, rwf_t flags)
1077 { 1013 {
1078 struct fd f = fdget_pos(fd); 1014 struct fd f = fdget_pos(fd);
1079 ssize_t ret = -EBADF; 1015 ssize_t ret = -EBADF;
1080 1016
1081 if (fd_file(f)) { !! 1017 if (f.file) {
1082 loff_t pos, *ppos = file_ppos !! 1018 loff_t pos = file_pos_read(f.file);
1083 if (ppos) { !! 1019 ret = vfs_readv(f.file, vec, vlen, &pos, flags);
1084 pos = *ppos; !! 1020 if (ret >= 0)
1085 ppos = &pos; !! 1021 file_pos_write(f.file, pos);
1086 } <<
1087 ret = vfs_readv(fd_file(f), v <<
1088 if (ret >= 0 && ppos) <<
1089 fd_file(f)->f_pos = p <<
1090 fdput_pos(f); 1022 fdput_pos(f);
1091 } 1023 }
1092 1024
1093 if (ret > 0) 1025 if (ret > 0)
1094 add_rchar(current, ret); 1026 add_rchar(current, ret);
1095 inc_syscr(current); 1027 inc_syscr(current);
1096 return ret; 1028 return ret;
1097 } 1029 }
1098 1030
1099 static ssize_t do_writev(unsigned long fd, co 1031 static ssize_t do_writev(unsigned long fd, const struct iovec __user *vec,
1100 unsigned long vlen, 1032 unsigned long vlen, rwf_t flags)
1101 { 1033 {
1102 struct fd f = fdget_pos(fd); 1034 struct fd f = fdget_pos(fd);
1103 ssize_t ret = -EBADF; 1035 ssize_t ret = -EBADF;
1104 1036
1105 if (fd_file(f)) { !! 1037 if (f.file) {
1106 loff_t pos, *ppos = file_ppos !! 1038 loff_t pos = file_pos_read(f.file);
1107 if (ppos) { !! 1039 ret = vfs_writev(f.file, vec, vlen, &pos, flags);
1108 pos = *ppos; !! 1040 if (ret >= 0)
1109 ppos = &pos; !! 1041 file_pos_write(f.file, pos);
1110 } <<
1111 ret = vfs_writev(fd_file(f), <<
1112 if (ret >= 0 && ppos) <<
1113 fd_file(f)->f_pos = p <<
1114 fdput_pos(f); 1042 fdput_pos(f);
1115 } 1043 }
1116 1044
1117 if (ret > 0) 1045 if (ret > 0)
1118 add_wchar(current, ret); 1046 add_wchar(current, ret);
1119 inc_syscw(current); 1047 inc_syscw(current);
1120 return ret; 1048 return ret;
1121 } 1049 }
1122 1050
1123 static inline loff_t pos_from_hilo(unsigned l 1051 static inline loff_t pos_from_hilo(unsigned long high, unsigned long low)
1124 { 1052 {
1125 #define HALF_LONG_BITS (BITS_PER_LONG / 2) 1053 #define HALF_LONG_BITS (BITS_PER_LONG / 2)
1126 return (((loff_t)high << HALF_LONG_BI 1054 return (((loff_t)high << HALF_LONG_BITS) << HALF_LONG_BITS) | low;
1127 } 1055 }
1128 1056
1129 static ssize_t do_preadv(unsigned long fd, co 1057 static ssize_t do_preadv(unsigned long fd, const struct iovec __user *vec,
1130 unsigned long vlen, 1058 unsigned long vlen, loff_t pos, rwf_t flags)
1131 { 1059 {
1132 struct fd f; 1060 struct fd f;
1133 ssize_t ret = -EBADF; 1061 ssize_t ret = -EBADF;
1134 1062
1135 if (pos < 0) 1063 if (pos < 0)
1136 return -EINVAL; 1064 return -EINVAL;
1137 1065
1138 f = fdget(fd); 1066 f = fdget(fd);
1139 if (fd_file(f)) { !! 1067 if (f.file) {
1140 ret = -ESPIPE; 1068 ret = -ESPIPE;
1141 if (fd_file(f)->f_mode & FMOD !! 1069 if (f.file->f_mode & FMODE_PREAD)
1142 ret = vfs_readv(fd_fi !! 1070 ret = vfs_readv(f.file, vec, vlen, &pos, flags);
1143 fdput(f); 1071 fdput(f);
1144 } 1072 }
1145 1073
1146 if (ret > 0) 1074 if (ret > 0)
1147 add_rchar(current, ret); 1075 add_rchar(current, ret);
1148 inc_syscr(current); 1076 inc_syscr(current);
1149 return ret; 1077 return ret;
1150 } 1078 }
1151 1079
1152 static ssize_t do_pwritev(unsigned long fd, c 1080 static ssize_t do_pwritev(unsigned long fd, const struct iovec __user *vec,
1153 unsigned long vlen, 1081 unsigned long vlen, loff_t pos, rwf_t flags)
1154 { 1082 {
1155 struct fd f; 1083 struct fd f;
1156 ssize_t ret = -EBADF; 1084 ssize_t ret = -EBADF;
1157 1085
1158 if (pos < 0) 1086 if (pos < 0)
1159 return -EINVAL; 1087 return -EINVAL;
1160 1088
1161 f = fdget(fd); 1089 f = fdget(fd);
1162 if (fd_file(f)) { !! 1090 if (f.file) {
1163 ret = -ESPIPE; 1091 ret = -ESPIPE;
1164 if (fd_file(f)->f_mode & FMOD !! 1092 if (f.file->f_mode & FMODE_PWRITE)
1165 ret = vfs_writev(fd_f !! 1093 ret = vfs_writev(f.file, vec, vlen, &pos, flags);
1166 fdput(f); 1094 fdput(f);
1167 } 1095 }
1168 1096
1169 if (ret > 0) 1097 if (ret > 0)
1170 add_wchar(current, ret); 1098 add_wchar(current, ret);
1171 inc_syscw(current); 1099 inc_syscw(current);
1172 return ret; 1100 return ret;
1173 } 1101 }
1174 1102
1175 SYSCALL_DEFINE3(readv, unsigned long, fd, con 1103 SYSCALL_DEFINE3(readv, unsigned long, fd, const struct iovec __user *, vec,
1176 unsigned long, vlen) 1104 unsigned long, vlen)
1177 { 1105 {
1178 return do_readv(fd, vec, vlen, 0); 1106 return do_readv(fd, vec, vlen, 0);
1179 } 1107 }
1180 1108
1181 SYSCALL_DEFINE3(writev, unsigned long, fd, co 1109 SYSCALL_DEFINE3(writev, unsigned long, fd, const struct iovec __user *, vec,
1182 unsigned long, vlen) 1110 unsigned long, vlen)
1183 { 1111 {
1184 return do_writev(fd, vec, vlen, 0); 1112 return do_writev(fd, vec, vlen, 0);
1185 } 1113 }
1186 1114
1187 SYSCALL_DEFINE5(preadv, unsigned long, fd, co 1115 SYSCALL_DEFINE5(preadv, unsigned long, fd, const struct iovec __user *, vec,
1188 unsigned long, vlen, unsigned 1116 unsigned long, vlen, unsigned long, pos_l, unsigned long, pos_h)
1189 { 1117 {
1190 loff_t pos = pos_from_hilo(pos_h, pos 1118 loff_t pos = pos_from_hilo(pos_h, pos_l);
1191 1119
1192 return do_preadv(fd, vec, vlen, pos, 1120 return do_preadv(fd, vec, vlen, pos, 0);
1193 } 1121 }
1194 1122
1195 SYSCALL_DEFINE6(preadv2, unsigned long, fd, c 1123 SYSCALL_DEFINE6(preadv2, unsigned long, fd, const struct iovec __user *, vec,
1196 unsigned long, vlen, unsigned 1124 unsigned long, vlen, unsigned long, pos_l, unsigned long, pos_h,
1197 rwf_t, flags) 1125 rwf_t, flags)
1198 { 1126 {
1199 loff_t pos = pos_from_hilo(pos_h, pos 1127 loff_t pos = pos_from_hilo(pos_h, pos_l);
1200 1128
1201 if (pos == -1) 1129 if (pos == -1)
1202 return do_readv(fd, vec, vlen 1130 return do_readv(fd, vec, vlen, flags);
1203 1131
1204 return do_preadv(fd, vec, vlen, pos, 1132 return do_preadv(fd, vec, vlen, pos, flags);
1205 } 1133 }
1206 1134
1207 SYSCALL_DEFINE5(pwritev, unsigned long, fd, c 1135 SYSCALL_DEFINE5(pwritev, unsigned long, fd, const struct iovec __user *, vec,
1208 unsigned long, vlen, unsigned 1136 unsigned long, vlen, unsigned long, pos_l, unsigned long, pos_h)
1209 { 1137 {
1210 loff_t pos = pos_from_hilo(pos_h, pos 1138 loff_t pos = pos_from_hilo(pos_h, pos_l);
1211 1139
1212 return do_pwritev(fd, vec, vlen, pos, 1140 return do_pwritev(fd, vec, vlen, pos, 0);
1213 } 1141 }
1214 1142
1215 SYSCALL_DEFINE6(pwritev2, unsigned long, fd, 1143 SYSCALL_DEFINE6(pwritev2, unsigned long, fd, const struct iovec __user *, vec,
1216 unsigned long, vlen, unsigned 1144 unsigned long, vlen, unsigned long, pos_l, unsigned long, pos_h,
1217 rwf_t, flags) 1145 rwf_t, flags)
1218 { 1146 {
1219 loff_t pos = pos_from_hilo(pos_h, pos 1147 loff_t pos = pos_from_hilo(pos_h, pos_l);
1220 1148
1221 if (pos == -1) 1149 if (pos == -1)
1222 return do_writev(fd, vec, vle 1150 return do_writev(fd, vec, vlen, flags);
1223 1151
1224 return do_pwritev(fd, vec, vlen, pos, 1152 return do_pwritev(fd, vec, vlen, pos, flags);
1225 } 1153 }
1226 1154
1227 /* <<
1228 * Various compat syscalls. Note that they a <<
1229 * iovec - import_iovec will properly treat t <<
1230 * in_compat_syscall(). <<
1231 */ <<
1232 #ifdef CONFIG_COMPAT 1155 #ifdef CONFIG_COMPAT
>> 1156 static size_t compat_readv(struct file *file,
>> 1157 const struct compat_iovec __user *vec,
>> 1158 unsigned long vlen, loff_t *pos, rwf_t flags)
>> 1159 {
>> 1160 struct iovec iovstack[UIO_FASTIOV];
>> 1161 struct iovec *iov = iovstack;
>> 1162 struct iov_iter iter;
>> 1163 ssize_t ret;
>> 1164
>> 1165 ret = compat_import_iovec(READ, vec, vlen, UIO_FASTIOV, &iov, &iter);
>> 1166 if (ret >= 0) {
>> 1167 ret = do_iter_read(file, &iter, pos, flags);
>> 1168 kfree(iov);
>> 1169 }
>> 1170 if (ret > 0)
>> 1171 add_rchar(current, ret);
>> 1172 inc_syscr(current);
>> 1173 return ret;
>> 1174 }
>> 1175
>> 1176 static size_t do_compat_readv(compat_ulong_t fd,
>> 1177 const struct compat_iovec __user *vec,
>> 1178 compat_ulong_t vlen, rwf_t flags)
>> 1179 {
>> 1180 struct fd f = fdget_pos(fd);
>> 1181 ssize_t ret;
>> 1182 loff_t pos;
>> 1183
>> 1184 if (!f.file)
>> 1185 return -EBADF;
>> 1186 pos = f.file->f_pos;
>> 1187 ret = compat_readv(f.file, vec, vlen, &pos, flags);
>> 1188 if (ret >= 0)
>> 1189 f.file->f_pos = pos;
>> 1190 fdput_pos(f);
>> 1191 return ret;
>> 1192
>> 1193 }
>> 1194
>> 1195 COMPAT_SYSCALL_DEFINE3(readv, compat_ulong_t, fd,
>> 1196 const struct compat_iovec __user *,vec,
>> 1197 compat_ulong_t, vlen)
>> 1198 {
>> 1199 return do_compat_readv(fd, vec, vlen, 0);
>> 1200 }
>> 1201
>> 1202 static long do_compat_preadv64(unsigned long fd,
>> 1203 const struct compat_iovec __user *vec,
>> 1204 unsigned long vlen, loff_t pos, rwf_t flags)
>> 1205 {
>> 1206 struct fd f;
>> 1207 ssize_t ret;
>> 1208
>> 1209 if (pos < 0)
>> 1210 return -EINVAL;
>> 1211 f = fdget(fd);
>> 1212 if (!f.file)
>> 1213 return -EBADF;
>> 1214 ret = -ESPIPE;
>> 1215 if (f.file->f_mode & FMODE_PREAD)
>> 1216 ret = compat_readv(f.file, vec, vlen, &pos, flags);
>> 1217 fdput(f);
>> 1218 return ret;
>> 1219 }
>> 1220
1233 #ifdef __ARCH_WANT_COMPAT_SYS_PREADV64 1221 #ifdef __ARCH_WANT_COMPAT_SYS_PREADV64
1234 COMPAT_SYSCALL_DEFINE4(preadv64, unsigned lon 1222 COMPAT_SYSCALL_DEFINE4(preadv64, unsigned long, fd,
1235 const struct iovec __user *, !! 1223 const struct compat_iovec __user *,vec,
1236 unsigned long, vlen, loff_t, 1224 unsigned long, vlen, loff_t, pos)
1237 { 1225 {
1238 return do_preadv(fd, vec, vlen, pos, !! 1226 return do_compat_preadv64(fd, vec, vlen, pos, 0);
1239 } 1227 }
1240 #endif 1228 #endif
1241 1229
1242 COMPAT_SYSCALL_DEFINE5(preadv, compat_ulong_t 1230 COMPAT_SYSCALL_DEFINE5(preadv, compat_ulong_t, fd,
1243 const struct iovec __user *, !! 1231 const struct compat_iovec __user *,vec,
1244 compat_ulong_t, vlen, u32, po 1232 compat_ulong_t, vlen, u32, pos_low, u32, pos_high)
1245 { 1233 {
1246 loff_t pos = ((loff_t)pos_high << 32) 1234 loff_t pos = ((loff_t)pos_high << 32) | pos_low;
1247 1235
1248 return do_preadv(fd, vec, vlen, pos, !! 1236 return do_compat_preadv64(fd, vec, vlen, pos, 0);
1249 } 1237 }
1250 1238
1251 #ifdef __ARCH_WANT_COMPAT_SYS_PREADV64V2 1239 #ifdef __ARCH_WANT_COMPAT_SYS_PREADV64V2
1252 COMPAT_SYSCALL_DEFINE5(preadv64v2, unsigned l 1240 COMPAT_SYSCALL_DEFINE5(preadv64v2, unsigned long, fd,
1253 const struct iovec __user *, !! 1241 const struct compat_iovec __user *,vec,
1254 unsigned long, vlen, loff_t, 1242 unsigned long, vlen, loff_t, pos, rwf_t, flags)
1255 { 1243 {
1256 if (pos == -1) !! 1244 return do_compat_preadv64(fd, vec, vlen, pos, flags);
1257 return do_readv(fd, vec, vlen <<
1258 return do_preadv(fd, vec, vlen, pos, <<
1259 } 1245 }
1260 #endif 1246 #endif
1261 1247
1262 COMPAT_SYSCALL_DEFINE6(preadv2, compat_ulong_ 1248 COMPAT_SYSCALL_DEFINE6(preadv2, compat_ulong_t, fd,
1263 const struct iovec __user *, !! 1249 const struct compat_iovec __user *,vec,
1264 compat_ulong_t, vlen, u32, po 1250 compat_ulong_t, vlen, u32, pos_low, u32, pos_high,
1265 rwf_t, flags) 1251 rwf_t, flags)
1266 { 1252 {
1267 loff_t pos = ((loff_t)pos_high << 32) 1253 loff_t pos = ((loff_t)pos_high << 32) | pos_low;
1268 1254
1269 if (pos == -1) 1255 if (pos == -1)
1270 return do_readv(fd, vec, vlen !! 1256 return do_compat_readv(fd, vec, vlen, flags);
1271 return do_preadv(fd, vec, vlen, pos, !! 1257
>> 1258 return do_compat_preadv64(fd, vec, vlen, pos, flags);
>> 1259 }
>> 1260
>> 1261 static size_t compat_writev(struct file *file,
>> 1262 const struct compat_iovec __user *vec,
>> 1263 unsigned long vlen, loff_t *pos, rwf_t flags)
>> 1264 {
>> 1265 struct iovec iovstack[UIO_FASTIOV];
>> 1266 struct iovec *iov = iovstack;
>> 1267 struct iov_iter iter;
>> 1268 ssize_t ret;
>> 1269
>> 1270 ret = compat_import_iovec(WRITE, vec, vlen, UIO_FASTIOV, &iov, &iter);
>> 1271 if (ret >= 0) {
>> 1272 file_start_write(file);
>> 1273 ret = do_iter_write(file, &iter, pos, flags);
>> 1274 file_end_write(file);
>> 1275 kfree(iov);
>> 1276 }
>> 1277 if (ret > 0)
>> 1278 add_wchar(current, ret);
>> 1279 inc_syscw(current);
>> 1280 return ret;
>> 1281 }
>> 1282
>> 1283 static size_t do_compat_writev(compat_ulong_t fd,
>> 1284 const struct compat_iovec __user* vec,
>> 1285 compat_ulong_t vlen, rwf_t flags)
>> 1286 {
>> 1287 struct fd f = fdget_pos(fd);
>> 1288 ssize_t ret;
>> 1289 loff_t pos;
>> 1290
>> 1291 if (!f.file)
>> 1292 return -EBADF;
>> 1293 pos = f.file->f_pos;
>> 1294 ret = compat_writev(f.file, vec, vlen, &pos, flags);
>> 1295 if (ret >= 0)
>> 1296 f.file->f_pos = pos;
>> 1297 fdput_pos(f);
>> 1298 return ret;
>> 1299 }
>> 1300
>> 1301 COMPAT_SYSCALL_DEFINE3(writev, compat_ulong_t, fd,
>> 1302 const struct compat_iovec __user *, vec,
>> 1303 compat_ulong_t, vlen)
>> 1304 {
>> 1305 return do_compat_writev(fd, vec, vlen, 0);
>> 1306 }
>> 1307
>> 1308 static long do_compat_pwritev64(unsigned long fd,
>> 1309 const struct compat_iovec __user *vec,
>> 1310 unsigned long vlen, loff_t pos, rwf_t flags)
>> 1311 {
>> 1312 struct fd f;
>> 1313 ssize_t ret;
>> 1314
>> 1315 if (pos < 0)
>> 1316 return -EINVAL;
>> 1317 f = fdget(fd);
>> 1318 if (!f.file)
>> 1319 return -EBADF;
>> 1320 ret = -ESPIPE;
>> 1321 if (f.file->f_mode & FMODE_PWRITE)
>> 1322 ret = compat_writev(f.file, vec, vlen, &pos, flags);
>> 1323 fdput(f);
>> 1324 return ret;
1272 } 1325 }
1273 1326
1274 #ifdef __ARCH_WANT_COMPAT_SYS_PWRITEV64 1327 #ifdef __ARCH_WANT_COMPAT_SYS_PWRITEV64
1275 COMPAT_SYSCALL_DEFINE4(pwritev64, unsigned lo 1328 COMPAT_SYSCALL_DEFINE4(pwritev64, unsigned long, fd,
1276 const struct iovec __user *, !! 1329 const struct compat_iovec __user *,vec,
1277 unsigned long, vlen, loff_t, 1330 unsigned long, vlen, loff_t, pos)
1278 { 1331 {
1279 return do_pwritev(fd, vec, vlen, pos, !! 1332 return do_compat_pwritev64(fd, vec, vlen, pos, 0);
1280 } 1333 }
1281 #endif 1334 #endif
1282 1335
1283 COMPAT_SYSCALL_DEFINE5(pwritev, compat_ulong_ 1336 COMPAT_SYSCALL_DEFINE5(pwritev, compat_ulong_t, fd,
1284 const struct iovec __user *,v !! 1337 const struct compat_iovec __user *,vec,
1285 compat_ulong_t, vlen, u32, po 1338 compat_ulong_t, vlen, u32, pos_low, u32, pos_high)
1286 { 1339 {
1287 loff_t pos = ((loff_t)pos_high << 32) 1340 loff_t pos = ((loff_t)pos_high << 32) | pos_low;
1288 1341
1289 return do_pwritev(fd, vec, vlen, pos, !! 1342 return do_compat_pwritev64(fd, vec, vlen, pos, 0);
1290 } 1343 }
1291 1344
1292 #ifdef __ARCH_WANT_COMPAT_SYS_PWRITEV64V2 1345 #ifdef __ARCH_WANT_COMPAT_SYS_PWRITEV64V2
1293 COMPAT_SYSCALL_DEFINE5(pwritev64v2, unsigned 1346 COMPAT_SYSCALL_DEFINE5(pwritev64v2, unsigned long, fd,
1294 const struct iovec __user *, !! 1347 const struct compat_iovec __user *,vec,
1295 unsigned long, vlen, loff_t, 1348 unsigned long, vlen, loff_t, pos, rwf_t, flags)
1296 { 1349 {
1297 if (pos == -1) !! 1350 return do_compat_pwritev64(fd, vec, vlen, pos, flags);
1298 return do_writev(fd, vec, vle <<
1299 return do_pwritev(fd, vec, vlen, pos, <<
1300 } 1351 }
1301 #endif 1352 #endif
1302 1353
1303 COMPAT_SYSCALL_DEFINE6(pwritev2, compat_ulong 1354 COMPAT_SYSCALL_DEFINE6(pwritev2, compat_ulong_t, fd,
1304 const struct iovec __user *,v !! 1355 const struct compat_iovec __user *,vec,
1305 compat_ulong_t, vlen, u32, po 1356 compat_ulong_t, vlen, u32, pos_low, u32, pos_high, rwf_t, flags)
1306 { 1357 {
1307 loff_t pos = ((loff_t)pos_high << 32) 1358 loff_t pos = ((loff_t)pos_high << 32) | pos_low;
1308 1359
1309 if (pos == -1) 1360 if (pos == -1)
1310 return do_writev(fd, vec, vle !! 1361 return do_compat_writev(fd, vec, vlen, flags);
1311 return do_pwritev(fd, vec, vlen, pos, !! 1362
>> 1363 return do_compat_pwritev64(fd, vec, vlen, pos, flags);
1312 } 1364 }
1313 #endif /* CONFIG_COMPAT */ !! 1365
>> 1366 #endif
1314 1367
1315 static ssize_t do_sendfile(int out_fd, int in 1368 static ssize_t do_sendfile(int out_fd, int in_fd, loff_t *ppos,
1316 size_t count, loff !! 1369 size_t count, loff_t max)
1317 { 1370 {
1318 struct fd in, out; 1371 struct fd in, out;
1319 struct inode *in_inode, *out_inode; 1372 struct inode *in_inode, *out_inode;
1320 struct pipe_inode_info *opipe; <<
1321 loff_t pos; 1373 loff_t pos;
1322 loff_t out_pos; 1374 loff_t out_pos;
1323 ssize_t retval; 1375 ssize_t retval;
1324 int fl; 1376 int fl;
1325 1377
1326 /* 1378 /*
1327 * Get input file, and verify that it 1379 * Get input file, and verify that it is ok..
1328 */ 1380 */
1329 retval = -EBADF; 1381 retval = -EBADF;
1330 in = fdget(in_fd); 1382 in = fdget(in_fd);
1331 if (!fd_file(in)) !! 1383 if (!in.file)
1332 goto out; 1384 goto out;
1333 if (!(fd_file(in)->f_mode & FMODE_REA !! 1385 if (!(in.file->f_mode & FMODE_READ))
1334 goto fput_in; 1386 goto fput_in;
1335 retval = -ESPIPE; 1387 retval = -ESPIPE;
1336 if (!ppos) { 1388 if (!ppos) {
1337 pos = fd_file(in)->f_pos; !! 1389 pos = in.file->f_pos;
1338 } else { 1390 } else {
1339 pos = *ppos; 1391 pos = *ppos;
1340 if (!(fd_file(in)->f_mode & F !! 1392 if (!(in.file->f_mode & FMODE_PREAD))
1341 goto fput_in; 1393 goto fput_in;
1342 } 1394 }
1343 retval = rw_verify_area(READ, fd_file !! 1395 retval = rw_verify_area(READ, in.file, &pos, count);
1344 if (retval < 0) 1396 if (retval < 0)
1345 goto fput_in; 1397 goto fput_in;
1346 if (count > MAX_RW_COUNT) 1398 if (count > MAX_RW_COUNT)
1347 count = MAX_RW_COUNT; 1399 count = MAX_RW_COUNT;
1348 1400
1349 /* 1401 /*
1350 * Get output file, and verify that i 1402 * Get output file, and verify that it is ok..
1351 */ 1403 */
1352 retval = -EBADF; 1404 retval = -EBADF;
1353 out = fdget(out_fd); 1405 out = fdget(out_fd);
1354 if (!fd_file(out)) !! 1406 if (!out.file)
1355 goto fput_in; 1407 goto fput_in;
1356 if (!(fd_file(out)->f_mode & FMODE_WR !! 1408 if (!(out.file->f_mode & FMODE_WRITE))
>> 1409 goto fput_out;
>> 1410 retval = -EINVAL;
>> 1411 in_inode = file_inode(in.file);
>> 1412 out_inode = file_inode(out.file);
>> 1413 out_pos = out.file->f_pos;
>> 1414 retval = rw_verify_area(WRITE, out.file, &out_pos, count);
>> 1415 if (retval < 0)
1357 goto fput_out; 1416 goto fput_out;
1358 in_inode = file_inode(fd_file(in)); <<
1359 out_inode = file_inode(fd_file(out)); <<
1360 out_pos = fd_file(out)->f_pos; <<
1361 1417
1362 if (!max) 1418 if (!max)
1363 max = min(in_inode->i_sb->s_m 1419 max = min(in_inode->i_sb->s_maxbytes, out_inode->i_sb->s_maxbytes);
1364 1420
1365 if (unlikely(pos + count > max)) { 1421 if (unlikely(pos + count > max)) {
1366 retval = -EOVERFLOW; 1422 retval = -EOVERFLOW;
1367 if (pos >= max) 1423 if (pos >= max)
1368 goto fput_out; 1424 goto fput_out;
1369 count = max - pos; 1425 count = max - pos;
1370 } 1426 }
1371 1427
1372 fl = 0; 1428 fl = 0;
1373 #if 0 1429 #if 0
1374 /* 1430 /*
1375 * We need to debate whether we can e 1431 * We need to debate whether we can enable this or not. The
1376 * man page documents EAGAIN return f 1432 * man page documents EAGAIN return for the output at least,
1377 * and the application is arguably bu 1433 * and the application is arguably buggy if it doesn't expect
1378 * EAGAIN on a non-blocking file desc 1434 * EAGAIN on a non-blocking file descriptor.
1379 */ 1435 */
1380 if (fd_file(in)->f_flags & O_NONBLOCK !! 1436 if (in.file->f_flags & O_NONBLOCK)
1381 fl = SPLICE_F_NONBLOCK; 1437 fl = SPLICE_F_NONBLOCK;
1382 #endif 1438 #endif
1383 opipe = get_pipe_info(fd_file(out), t !! 1439 file_start_write(out.file);
1384 if (!opipe) { !! 1440 retval = do_splice_direct(in.file, &pos, out.file, &out_pos, count, fl);
1385 retval = rw_verify_area(WRITE !! 1441 file_end_write(out.file);
1386 if (retval < 0) <<
1387 goto fput_out; <<
1388 retval = do_splice_direct(fd_ <<
1389 cou <<
1390 } else { <<
1391 if (fd_file(out)->f_flags & O <<
1392 fl |= SPLICE_F_NONBLO <<
1393 <<
1394 retval = splice_file_to_pipe( <<
1395 } <<
1396 1442
1397 if (retval > 0) { 1443 if (retval > 0) {
1398 add_rchar(current, retval); 1444 add_rchar(current, retval);
1399 add_wchar(current, retval); 1445 add_wchar(current, retval);
1400 fsnotify_access(fd_file(in)); !! 1446 fsnotify_access(in.file);
1401 fsnotify_modify(fd_file(out)) !! 1447 fsnotify_modify(out.file);
1402 fd_file(out)->f_pos = out_pos !! 1448 out.file->f_pos = out_pos;
1403 if (ppos) 1449 if (ppos)
1404 *ppos = pos; 1450 *ppos = pos;
1405 else 1451 else
1406 fd_file(in)->f_pos = !! 1452 in.file->f_pos = pos;
1407 } 1453 }
1408 1454
1409 inc_syscr(current); 1455 inc_syscr(current);
1410 inc_syscw(current); 1456 inc_syscw(current);
1411 if (pos > max) 1457 if (pos > max)
1412 retval = -EOVERFLOW; 1458 retval = -EOVERFLOW;
1413 1459
1414 fput_out: 1460 fput_out:
1415 fdput(out); 1461 fdput(out);
1416 fput_in: 1462 fput_in:
1417 fdput(in); 1463 fdput(in);
1418 out: 1464 out:
1419 return retval; 1465 return retval;
1420 } 1466 }
1421 1467
1422 SYSCALL_DEFINE4(sendfile, int, out_fd, int, i 1468 SYSCALL_DEFINE4(sendfile, int, out_fd, int, in_fd, off_t __user *, offset, size_t, count)
1423 { 1469 {
1424 loff_t pos; 1470 loff_t pos;
1425 off_t off; 1471 off_t off;
1426 ssize_t ret; 1472 ssize_t ret;
1427 1473
1428 if (offset) { 1474 if (offset) {
1429 if (unlikely(get_user(off, of 1475 if (unlikely(get_user(off, offset)))
1430 return -EFAULT; 1476 return -EFAULT;
1431 pos = off; 1477 pos = off;
1432 ret = do_sendfile(out_fd, in_ 1478 ret = do_sendfile(out_fd, in_fd, &pos, count, MAX_NON_LFS);
1433 if (unlikely(put_user(pos, of 1479 if (unlikely(put_user(pos, offset)))
1434 return -EFAULT; 1480 return -EFAULT;
1435 return ret; 1481 return ret;
1436 } 1482 }
1437 1483
1438 return do_sendfile(out_fd, in_fd, NUL 1484 return do_sendfile(out_fd, in_fd, NULL, count, 0);
1439 } 1485 }
1440 1486
1441 SYSCALL_DEFINE4(sendfile64, int, out_fd, int, 1487 SYSCALL_DEFINE4(sendfile64, int, out_fd, int, in_fd, loff_t __user *, offset, size_t, count)
1442 { 1488 {
1443 loff_t pos; 1489 loff_t pos;
1444 ssize_t ret; 1490 ssize_t ret;
1445 1491
1446 if (offset) { 1492 if (offset) {
1447 if (unlikely(copy_from_user(& 1493 if (unlikely(copy_from_user(&pos, offset, sizeof(loff_t))))
1448 return -EFAULT; 1494 return -EFAULT;
1449 ret = do_sendfile(out_fd, in_ 1495 ret = do_sendfile(out_fd, in_fd, &pos, count, 0);
1450 if (unlikely(put_user(pos, of 1496 if (unlikely(put_user(pos, offset)))
1451 return -EFAULT; 1497 return -EFAULT;
1452 return ret; 1498 return ret;
1453 } 1499 }
1454 1500
1455 return do_sendfile(out_fd, in_fd, NUL 1501 return do_sendfile(out_fd, in_fd, NULL, count, 0);
1456 } 1502 }
1457 1503
1458 #ifdef CONFIG_COMPAT 1504 #ifdef CONFIG_COMPAT
1459 COMPAT_SYSCALL_DEFINE4(sendfile, int, out_fd, 1505 COMPAT_SYSCALL_DEFINE4(sendfile, int, out_fd, int, in_fd,
1460 compat_off_t __user *, offset 1506 compat_off_t __user *, offset, compat_size_t, count)
1461 { 1507 {
1462 loff_t pos; 1508 loff_t pos;
1463 off_t off; 1509 off_t off;
1464 ssize_t ret; 1510 ssize_t ret;
1465 1511
1466 if (offset) { 1512 if (offset) {
1467 if (unlikely(get_user(off, of 1513 if (unlikely(get_user(off, offset)))
1468 return -EFAULT; 1514 return -EFAULT;
1469 pos = off; 1515 pos = off;
1470 ret = do_sendfile(out_fd, in_ 1516 ret = do_sendfile(out_fd, in_fd, &pos, count, MAX_NON_LFS);
1471 if (unlikely(put_user(pos, of 1517 if (unlikely(put_user(pos, offset)))
1472 return -EFAULT; 1518 return -EFAULT;
1473 return ret; 1519 return ret;
1474 } 1520 }
1475 1521
1476 return do_sendfile(out_fd, in_fd, NUL 1522 return do_sendfile(out_fd, in_fd, NULL, count, 0);
1477 } 1523 }
1478 1524
1479 COMPAT_SYSCALL_DEFINE4(sendfile64, int, out_f 1525 COMPAT_SYSCALL_DEFINE4(sendfile64, int, out_fd, int, in_fd,
1480 compat_loff_t __user *, offse 1526 compat_loff_t __user *, offset, compat_size_t, count)
1481 { 1527 {
1482 loff_t pos; 1528 loff_t pos;
1483 ssize_t ret; 1529 ssize_t ret;
1484 1530
1485 if (offset) { 1531 if (offset) {
1486 if (unlikely(copy_from_user(& 1532 if (unlikely(copy_from_user(&pos, offset, sizeof(loff_t))))
1487 return -EFAULT; 1533 return -EFAULT;
1488 ret = do_sendfile(out_fd, in_ 1534 ret = do_sendfile(out_fd, in_fd, &pos, count, 0);
1489 if (unlikely(put_user(pos, of 1535 if (unlikely(put_user(pos, offset)))
1490 return -EFAULT; 1536 return -EFAULT;
1491 return ret; 1537 return ret;
1492 } 1538 }
1493 1539
1494 return do_sendfile(out_fd, in_fd, NUL 1540 return do_sendfile(out_fd, in_fd, NULL, count, 0);
1495 } 1541 }
1496 #endif 1542 #endif
1497 1543
1498 /* 1544 /*
1499 * Performs necessary checks before doing a f <<
1500 * <<
1501 * Can adjust amount of bytes to copy via @re <<
1502 * Returns appropriate error code that caller <<
1503 * zero in case the copy should be allowed. <<
1504 */ <<
1505 static int generic_copy_file_checks(struct fi <<
1506 struct fi <<
1507 size_t *r <<
1508 { <<
1509 struct inode *inode_in = file_inode(f <<
1510 struct inode *inode_out = file_inode( <<
1511 uint64_t count = *req_count; <<
1512 loff_t size_in; <<
1513 int ret; <<
1514 <<
1515 ret = generic_file_rw_checks(file_in, <<
1516 if (ret) <<
1517 return ret; <<
1518 <<
1519 /* <<
1520 * We allow some filesystems to handl <<
1521 * a file of the wrong filesystem typ <<
1522 * in an attempt to dereference the w <<
1523 * avoid doing that until we really h <<
1524 * <<
1525 * nfs and cifs define several differ <<
1526 * and several different sets of file <<
1527 * using the same ->copy_file_range() <<
1528 */ <<
1529 if (flags & COPY_FILE_SPLICE) { <<
1530 /* cross sb splice is allowed <<
1531 } else if (file_out->f_op->copy_file_ <<
1532 if (file_in->f_op->copy_file_ <<
1533 file_out->f_op->copy_file <<
1534 return -EXDEV; <<
1535 } else if (file_inode(file_in)->i_sb <<
1536 return -EXDEV; <<
1537 } <<
1538 <<
1539 /* Don't touch certain kinds of inode <<
1540 if (IS_IMMUTABLE(inode_out)) <<
1541 return -EPERM; <<
1542 <<
1543 if (IS_SWAPFILE(inode_in) || IS_SWAPF <<
1544 return -ETXTBSY; <<
1545 <<
1546 /* Ensure offsets don't wrap. */ <<
1547 if (pos_in + count < pos_in || pos_ou <<
1548 return -EOVERFLOW; <<
1549 <<
1550 /* Shorten the copy to EOF */ <<
1551 size_in = i_size_read(inode_in); <<
1552 if (pos_in >= size_in) <<
1553 count = 0; <<
1554 else <<
1555 count = min(count, size_in - <<
1556 <<
1557 ret = generic_write_check_limits(file <<
1558 if (ret) <<
1559 return ret; <<
1560 <<
1561 /* Don't allow overlapped copying wit <<
1562 if (inode_in == inode_out && <<
1563 pos_out + count > pos_in && <<
1564 pos_out < pos_in + count) <<
1565 return -EINVAL; <<
1566 <<
1567 *req_count = count; <<
1568 return 0; <<
1569 } <<
1570 <<
1571 /* <<
1572 * copy_file_range() differs from regular fil 1545 * copy_file_range() differs from regular file read and write in that it
1573 * specifically allows return partial success 1546 * specifically allows return partial success. When it does so is up to
1574 * the copy_file_range method. 1547 * the copy_file_range method.
1575 */ 1548 */
1576 ssize_t vfs_copy_file_range(struct file *file 1549 ssize_t vfs_copy_file_range(struct file *file_in, loff_t pos_in,
1577 struct file *file 1550 struct file *file_out, loff_t pos_out,
1578 size_t len, unsig 1551 size_t len, unsigned int flags)
1579 { 1552 {
>> 1553 struct inode *inode_in = file_inode(file_in);
>> 1554 struct inode *inode_out = file_inode(file_out);
1580 ssize_t ret; 1555 ssize_t ret;
1581 bool splice = flags & COPY_FILE_SPLIC <<
1582 bool samesb = file_inode(file_in)->i_ <<
1583 1556
1584 if (flags & ~COPY_FILE_SPLICE) !! 1557 if (flags != 0)
1585 return -EINVAL; 1558 return -EINVAL;
1586 1559
1587 ret = generic_copy_file_checks(file_i !! 1560 if (S_ISDIR(inode_in->i_mode) || S_ISDIR(inode_out->i_mode))
1588 flags) !! 1561 return -EISDIR;
1589 if (unlikely(ret)) !! 1562 if (!S_ISREG(inode_in->i_mode) || !S_ISREG(inode_out->i_mode))
1590 return ret; !! 1563 return -EINVAL;
1591 1564
1592 ret = rw_verify_area(READ, file_in, & 1565 ret = rw_verify_area(READ, file_in, &pos_in, len);
1593 if (unlikely(ret)) 1566 if (unlikely(ret))
1594 return ret; 1567 return ret;
1595 1568
1596 ret = rw_verify_area(WRITE, file_out, 1569 ret = rw_verify_area(WRITE, file_out, &pos_out, len);
1597 if (unlikely(ret)) 1570 if (unlikely(ret))
1598 return ret; 1571 return ret;
1599 1572
>> 1573 if (!(file_in->f_mode & FMODE_READ) ||
>> 1574 !(file_out->f_mode & FMODE_WRITE) ||
>> 1575 (file_out->f_flags & O_APPEND))
>> 1576 return -EBADF;
>> 1577
>> 1578 /* this could be relaxed once a method supports cross-fs copies */
>> 1579 if (inode_in->i_sb != inode_out->i_sb)
>> 1580 return -EXDEV;
>> 1581
1600 if (len == 0) 1582 if (len == 0)
1601 return 0; 1583 return 0;
1602 1584
1603 file_start_write(file_out); 1585 file_start_write(file_out);
1604 1586
1605 /* 1587 /*
1606 * Cloning is supported by more file !! 1588 * Try cloning first, this is supported by more file systems, and
1607 * same sb using clone, but for files !! 1589 * more efficient if both clone and copy are supported (e.g. NFS).
1608 * are supported (e.g. nfs,cifs), we <<
1609 */ 1590 */
1610 if (!splice && file_out->f_op->copy_f !! 1591 if (file_in->f_op->clone_file_range) {
1611 ret = file_out->f_op->copy_fi !! 1592 ret = file_in->f_op->clone_file_range(file_in, pos_in,
1612 !! 1593 file_out, pos_out, len);
1613 !! 1594 if (ret == 0) {
1614 } else if (!splice && file_in->f_op-> !! 1595 ret = len;
1615 ret = file_in->f_op->remap_fi !! 1596 goto done;
1616 file_out, pos !! 1597 }
1617 min_t(loff_t, <<
1618 REMAP_FILE_CA <<
1619 /* fallback to splice */ <<
1620 if (ret <= 0) <<
1621 splice = true; <<
1622 } else if (samesb) { <<
1623 /* Fallback to splice for sam <<
1624 splice = true; <<
1625 } 1598 }
1626 1599
1627 file_end_write(file_out); !! 1600 if (file_out->f_op->copy_file_range) {
1628 !! 1601 ret = file_out->f_op->copy_file_range(file_in, pos_in, file_out,
1629 if (!splice) !! 1602 pos_out, len, flags);
1630 goto done; !! 1603 if (ret != -EOPNOTSUPP)
>> 1604 goto done;
>> 1605 }
1631 1606
1632 /* <<
1633 * We can get here for same sb copy o <<
1634 * ->copy_file_range() in case filesy <<
1635 * case filesystem supports clone but <<
1636 * because it was not block aligned). <<
1637 * <<
1638 * In both cases, fall back to kernel <<
1639 * consistent story about which files <<
1640 * and which filesystems do not, that <<
1641 * make consistent desicions w.r.t us <<
1642 * <<
1643 * We also get here if caller (e.g. n <<
1644 * for server-side-copy between any t <<
1645 * <<
1646 * In any case, we call do_splice_dir <<
1647 * without file_start_write() held, t <<
1648 * to splicing from input file, while <<
1649 * the output file on a different sb. <<
1650 */ <<
1651 ret = do_splice_direct(file_in, &pos_ 1607 ret = do_splice_direct(file_in, &pos_in, file_out, &pos_out,
1652 min_t(size_t, !! 1608 len > MAX_RW_COUNT ? MAX_RW_COUNT : len, 0);
>> 1609
1653 done: 1610 done:
1654 if (ret > 0) { 1611 if (ret > 0) {
1655 fsnotify_access(file_in); 1612 fsnotify_access(file_in);
1656 add_rchar(current, ret); 1613 add_rchar(current, ret);
1657 fsnotify_modify(file_out); 1614 fsnotify_modify(file_out);
1658 add_wchar(current, ret); 1615 add_wchar(current, ret);
1659 } 1616 }
1660 1617
1661 inc_syscr(current); 1618 inc_syscr(current);
1662 inc_syscw(current); 1619 inc_syscw(current);
1663 1620
>> 1621 file_end_write(file_out);
>> 1622
1664 return ret; 1623 return ret;
1665 } 1624 }
1666 EXPORT_SYMBOL(vfs_copy_file_range); 1625 EXPORT_SYMBOL(vfs_copy_file_range);
1667 1626
1668 SYSCALL_DEFINE6(copy_file_range, int, fd_in, 1627 SYSCALL_DEFINE6(copy_file_range, int, fd_in, loff_t __user *, off_in,
1669 int, fd_out, loff_t __user *, 1628 int, fd_out, loff_t __user *, off_out,
1670 size_t, len, unsigned int, fl 1629 size_t, len, unsigned int, flags)
1671 { 1630 {
1672 loff_t pos_in; 1631 loff_t pos_in;
1673 loff_t pos_out; 1632 loff_t pos_out;
1674 struct fd f_in; 1633 struct fd f_in;
1675 struct fd f_out; 1634 struct fd f_out;
1676 ssize_t ret = -EBADF; 1635 ssize_t ret = -EBADF;
1677 1636
1678 f_in = fdget(fd_in); 1637 f_in = fdget(fd_in);
1679 if (!fd_file(f_in)) !! 1638 if (!f_in.file)
1680 goto out2; 1639 goto out2;
1681 1640
1682 f_out = fdget(fd_out); 1641 f_out = fdget(fd_out);
1683 if (!fd_file(f_out)) !! 1642 if (!f_out.file)
1684 goto out1; 1643 goto out1;
1685 1644
1686 ret = -EFAULT; 1645 ret = -EFAULT;
1687 if (off_in) { 1646 if (off_in) {
1688 if (copy_from_user(&pos_in, o 1647 if (copy_from_user(&pos_in, off_in, sizeof(loff_t)))
1689 goto out; 1648 goto out;
1690 } else { 1649 } else {
1691 pos_in = fd_file(f_in)->f_pos !! 1650 pos_in = f_in.file->f_pos;
1692 } 1651 }
1693 1652
1694 if (off_out) { 1653 if (off_out) {
1695 if (copy_from_user(&pos_out, 1654 if (copy_from_user(&pos_out, off_out, sizeof(loff_t)))
1696 goto out; 1655 goto out;
1697 } else { 1656 } else {
1698 pos_out = fd_file(f_out)->f_p !! 1657 pos_out = f_out.file->f_pos;
1699 } 1658 }
1700 1659
1701 ret = -EINVAL; !! 1660 ret = vfs_copy_file_range(f_in.file, pos_in, f_out.file, pos_out, len,
1702 if (flags != 0) <<
1703 goto out; <<
1704 <<
1705 ret = vfs_copy_file_range(fd_file(f_i <<
1706 flags); 1661 flags);
1707 if (ret > 0) { 1662 if (ret > 0) {
1708 pos_in += ret; 1663 pos_in += ret;
1709 pos_out += ret; 1664 pos_out += ret;
1710 1665
1711 if (off_in) { 1666 if (off_in) {
1712 if (copy_to_user(off_ 1667 if (copy_to_user(off_in, &pos_in, sizeof(loff_t)))
1713 ret = -EFAULT 1668 ret = -EFAULT;
1714 } else { 1669 } else {
1715 fd_file(f_in)->f_pos !! 1670 f_in.file->f_pos = pos_in;
1716 } 1671 }
1717 1672
1718 if (off_out) { 1673 if (off_out) {
1719 if (copy_to_user(off_ 1674 if (copy_to_user(off_out, &pos_out, sizeof(loff_t)))
1720 ret = -EFAULT 1675 ret = -EFAULT;
1721 } else { 1676 } else {
1722 fd_file(f_out)->f_pos !! 1677 f_out.file->f_pos = pos_out;
1723 } 1678 }
1724 } 1679 }
1725 1680
1726 out: 1681 out:
1727 fdput(f_out); 1682 fdput(f_out);
1728 out1: 1683 out1:
1729 fdput(f_in); 1684 fdput(f_in);
1730 out2: 1685 out2:
1731 return ret; 1686 return ret;
1732 } 1687 }
1733 1688
1734 /* !! 1689 static int clone_verify_area(struct file *file, loff_t pos, u64 len, bool write)
1735 * Don't operate on ranges the page cache doe <<
1736 * LFS limits. If pos is under the limit it <<
1737 * exceeds the limit we return -EFBIG. <<
1738 */ <<
1739 int generic_write_check_limits(struct file *f <<
1740 { 1690 {
1741 struct inode *inode = file->f_mapping !! 1691 struct inode *inode = file_inode(file);
1742 loff_t max_size = inode->i_sb->s_maxb <<
1743 loff_t limit = rlimit(RLIMIT_FSIZE); <<
1744 1692
1745 if (limit != RLIM_INFINITY) { !! 1693 if (unlikely(pos < 0))
1746 if (pos >= limit) { !! 1694 return -EINVAL;
1747 send_sig(SIGXFSZ, cur <<
1748 return -EFBIG; <<
1749 } <<
1750 *count = min(*count, limit - <<
1751 } <<
1752 1695
1753 if (!(file->f_flags & O_LARGEFILE)) !! 1696 if (unlikely((loff_t) (pos + len) < 0))
1754 max_size = MAX_NON_LFS; !! 1697 return -EINVAL;
1755 1698
1756 if (unlikely(pos >= max_size)) !! 1699 if (unlikely(inode->i_flctx && mandatory_lock(inode))) {
1757 return -EFBIG; !! 1700 loff_t end = len ? pos + len - 1 : OFFSET_MAX;
>> 1701 int retval;
1758 1702
1759 *count = min(*count, max_size - pos); !! 1703 retval = locks_mandatory_area(inode, file, pos, end,
>> 1704 write ? F_WRLCK : F_RDLCK);
>> 1705 if (retval < 0)
>> 1706 return retval;
>> 1707 }
1760 1708
1761 return 0; !! 1709 return security_file_permission(file, write ? MAY_WRITE : MAY_READ);
1762 } 1710 }
1763 EXPORT_SYMBOL_GPL(generic_write_check_limits) <<
1764 1711
1765 /* Like generic_write_checks(), but takes siz !! 1712 /*
1766 int generic_write_checks_count(struct kiocb * !! 1713 * Check that the two inodes are eligible for cloning, the ranges make
1767 { !! 1714 * sense, and then flush all dirty data. Caller must ensure that the
1768 struct file *file = iocb->ki_filp; !! 1715 * inodes have been locked against any other modifications.
1769 struct inode *inode = file->f_mapping !! 1716 *
>> 1717 * Returns: 0 for "nothing to clone", 1 for "something to clone", or
>> 1718 * the usual negative error code.
>> 1719 */
>> 1720 int vfs_clone_file_prep_inodes(struct inode *inode_in, loff_t pos_in,
>> 1721 struct inode *inode_out, loff_t pos_out,
>> 1722 u64 *len, bool is_dedupe)
>> 1723 {
>> 1724 loff_t bs = inode_out->i_sb->s_blocksize;
>> 1725 loff_t blen;
>> 1726 loff_t isize;
>> 1727 bool same_inode = (inode_in == inode_out);
>> 1728 int ret;
1770 1729
1771 if (IS_SWAPFILE(inode)) !! 1730 /* Don't touch certain kinds of inodes */
>> 1731 if (IS_IMMUTABLE(inode_out))
>> 1732 return -EPERM;
>> 1733
>> 1734 if (IS_SWAPFILE(inode_in) || IS_SWAPFILE(inode_out))
1772 return -ETXTBSY; 1735 return -ETXTBSY;
1773 1736
1774 if (!*count) !! 1737 /* Don't reflink dirs, pipes, sockets... */
>> 1738 if (S_ISDIR(inode_in->i_mode) || S_ISDIR(inode_out->i_mode))
>> 1739 return -EISDIR;
>> 1740 if (!S_ISREG(inode_in->i_mode) || !S_ISREG(inode_out->i_mode))
>> 1741 return -EINVAL;
>> 1742
>> 1743 /* Are we going all the way to the end? */
>> 1744 isize = i_size_read(inode_in);
>> 1745 if (isize == 0)
1775 return 0; 1746 return 0;
1776 1747
1777 if (iocb->ki_flags & IOCB_APPEND) !! 1748 /* Zero length dedupe exits immediately; reflink goes to EOF. */
1778 iocb->ki_pos = i_size_read(in !! 1749 if (*len == 0) {
>> 1750 if (is_dedupe || pos_in == isize)
>> 1751 return 0;
>> 1752 if (pos_in > isize)
>> 1753 return -EINVAL;
>> 1754 *len = isize - pos_in;
>> 1755 }
1779 1756
1780 if ((iocb->ki_flags & IOCB_NOWAIT) && !! 1757 /* Ensure offsets don't wrap and the input is inside i_size */
1781 !((iocb->ki_flags & IOCB_DIRECT) !! 1758 if (pos_in + *len < pos_in || pos_out + *len < pos_out ||
1782 (file->f_op->fop_flags & FOP_BU !! 1759 pos_in + *len > isize)
1783 return -EINVAL; 1760 return -EINVAL;
1784 1761
1785 return generic_write_check_limits(ioc !! 1762 /* Don't allow dedupe past EOF in the dest file */
1786 } !! 1763 if (is_dedupe) {
1787 EXPORT_SYMBOL(generic_write_checks_count); !! 1764 loff_t disize;
1788 1765
1789 /* !! 1766 disize = i_size_read(inode_out);
1790 * Performs necessary checks before doing a w !! 1767 if (pos_out >= disize || pos_out + *len > disize)
1791 * !! 1768 return -EINVAL;
1792 * Can adjust writing position or amount of b !! 1769 }
1793 * Returns appropriate error code that caller !! 1770
1794 * zero in case that write should be allowed. !! 1771 /* If we're linking to EOF, continue to the block boundary. */
1795 */ !! 1772 if (pos_in + *len == isize)
1796 ssize_t generic_write_checks(struct kiocb *io !! 1773 blen = ALIGN(isize, bs) - pos_in;
1797 { !! 1774 else
1798 loff_t count = iov_iter_count(from); !! 1775 blen = *len;
1799 int ret; !! 1776
>> 1777 /* Only reflink if we're aligned to block boundaries */
>> 1778 if (!IS_ALIGNED(pos_in, bs) || !IS_ALIGNED(pos_in + blen, bs) ||
>> 1779 !IS_ALIGNED(pos_out, bs) || !IS_ALIGNED(pos_out + blen, bs))
>> 1780 return -EINVAL;
>> 1781
>> 1782 /* Don't allow overlapped reflink within the same file */
>> 1783 if (same_inode) {
>> 1784 if (pos_out + blen > pos_in && pos_out < pos_in + blen)
>> 1785 return -EINVAL;
>> 1786 }
>> 1787
>> 1788 /* Wait for the completion of any pending IOs on both files */
>> 1789 inode_dio_wait(inode_in);
>> 1790 if (!same_inode)
>> 1791 inode_dio_wait(inode_out);
1800 1792
1801 ret = generic_write_checks_count(iocb !! 1793 ret = filemap_write_and_wait_range(inode_in->i_mapping,
>> 1794 pos_in, pos_in + *len - 1);
1802 if (ret) 1795 if (ret)
1803 return ret; 1796 return ret;
1804 1797
1805 iov_iter_truncate(from, count); !! 1798 ret = filemap_write_and_wait_range(inode_out->i_mapping,
1806 return iov_iter_count(from); !! 1799 pos_out, pos_out + *len - 1);
>> 1800 if (ret)
>> 1801 return ret;
>> 1802
>> 1803 /*
>> 1804 * Check that the extents are the same.
>> 1805 */
>> 1806 if (is_dedupe) {
>> 1807 bool is_same = false;
>> 1808
>> 1809 ret = vfs_dedupe_file_range_compare(inode_in, pos_in,
>> 1810 inode_out, pos_out, *len, &is_same);
>> 1811 if (ret)
>> 1812 return ret;
>> 1813 if (!is_same)
>> 1814 return -EBADE;
>> 1815 }
>> 1816
>> 1817 return 1;
1807 } 1818 }
1808 EXPORT_SYMBOL(generic_write_checks); !! 1819 EXPORT_SYMBOL(vfs_clone_file_prep_inodes);
1809 1820
1810 /* !! 1821 int vfs_clone_file_range(struct file *file_in, loff_t pos_in,
1811 * Performs common checks before doing a file !! 1822 struct file *file_out, loff_t pos_out, u64 len)
1812 * from @file_in to @file_out. <<
1813 */ <<
1814 int generic_file_rw_checks(struct file *file_ <<
1815 { 1823 {
1816 struct inode *inode_in = file_inode(f 1824 struct inode *inode_in = file_inode(file_in);
1817 struct inode *inode_out = file_inode( 1825 struct inode *inode_out = file_inode(file_out);
>> 1826 int ret;
1818 1827
1819 /* Don't copy dirs, pipes, sockets... <<
1820 if (S_ISDIR(inode_in->i_mode) || S_IS 1828 if (S_ISDIR(inode_in->i_mode) || S_ISDIR(inode_out->i_mode))
1821 return -EISDIR; 1829 return -EISDIR;
1822 if (!S_ISREG(inode_in->i_mode) || !S_ 1830 if (!S_ISREG(inode_in->i_mode) || !S_ISREG(inode_out->i_mode))
1823 return -EINVAL; 1831 return -EINVAL;
1824 1832
>> 1833 /*
>> 1834 * FICLONE/FICLONERANGE ioctls enforce that src and dest files are on
>> 1835 * the same mount. Practically, they only need to be on the same file
>> 1836 * system.
>> 1837 */
>> 1838 if (inode_in->i_sb != inode_out->i_sb)
>> 1839 return -EXDEV;
>> 1840
1825 if (!(file_in->f_mode & FMODE_READ) | 1841 if (!(file_in->f_mode & FMODE_READ) ||
1826 !(file_out->f_mode & FMODE_WRITE) 1842 !(file_out->f_mode & FMODE_WRITE) ||
1827 (file_out->f_flags & O_APPEND)) 1843 (file_out->f_flags & O_APPEND))
1828 return -EBADF; 1844 return -EBADF;
1829 1845
>> 1846 if (!file_in->f_op->clone_file_range)
>> 1847 return -EOPNOTSUPP;
>> 1848
>> 1849 ret = clone_verify_area(file_in, pos_in, len, false);
>> 1850 if (ret)
>> 1851 return ret;
>> 1852
>> 1853 ret = clone_verify_area(file_out, pos_out, len, true);
>> 1854 if (ret)
>> 1855 return ret;
>> 1856
>> 1857 if (pos_in + len > i_size_read(inode_in))
>> 1858 return -EINVAL;
>> 1859
>> 1860 ret = file_in->f_op->clone_file_range(file_in, pos_in,
>> 1861 file_out, pos_out, len);
>> 1862 if (!ret) {
>> 1863 fsnotify_access(file_in);
>> 1864 fsnotify_modify(file_out);
>> 1865 }
>> 1866
>> 1867 return ret;
>> 1868 }
>> 1869 EXPORT_SYMBOL(vfs_clone_file_range);
>> 1870
>> 1871 /*
>> 1872 * Read a page's worth of file data into the page cache. Return the page
>> 1873 * locked.
>> 1874 */
>> 1875 static struct page *vfs_dedupe_get_page(struct inode *inode, loff_t offset)
>> 1876 {
>> 1877 struct address_space *mapping;
>> 1878 struct page *page;
>> 1879 pgoff_t n;
>> 1880
>> 1881 n = offset >> PAGE_SHIFT;
>> 1882 mapping = inode->i_mapping;
>> 1883 page = read_mapping_page(mapping, n, NULL);
>> 1884 if (IS_ERR(page))
>> 1885 return page;
>> 1886 if (!PageUptodate(page)) {
>> 1887 put_page(page);
>> 1888 return ERR_PTR(-EIO);
>> 1889 }
>> 1890 lock_page(page);
>> 1891 return page;
>> 1892 }
>> 1893
>> 1894 /*
>> 1895 * Compare extents of two files to see if they are the same.
>> 1896 * Caller must have locked both inodes to prevent write races.
>> 1897 */
>> 1898 int vfs_dedupe_file_range_compare(struct inode *src, loff_t srcoff,
>> 1899 struct inode *dest, loff_t destoff,
>> 1900 loff_t len, bool *is_same)
>> 1901 {
>> 1902 loff_t src_poff;
>> 1903 loff_t dest_poff;
>> 1904 void *src_addr;
>> 1905 void *dest_addr;
>> 1906 struct page *src_page;
>> 1907 struct page *dest_page;
>> 1908 loff_t cmp_len;
>> 1909 bool same;
>> 1910 int error;
>> 1911
>> 1912 error = -EINVAL;
>> 1913 same = true;
>> 1914 while (len) {
>> 1915 src_poff = srcoff & (PAGE_SIZE - 1);
>> 1916 dest_poff = destoff & (PAGE_SIZE - 1);
>> 1917 cmp_len = min(PAGE_SIZE - src_poff,
>> 1918 PAGE_SIZE - dest_poff);
>> 1919 cmp_len = min(cmp_len, len);
>> 1920 if (cmp_len <= 0)
>> 1921 goto out_error;
>> 1922
>> 1923 src_page = vfs_dedupe_get_page(src, srcoff);
>> 1924 if (IS_ERR(src_page)) {
>> 1925 error = PTR_ERR(src_page);
>> 1926 goto out_error;
>> 1927 }
>> 1928 dest_page = vfs_dedupe_get_page(dest, destoff);
>> 1929 if (IS_ERR(dest_page)) {
>> 1930 error = PTR_ERR(dest_page);
>> 1931 unlock_page(src_page);
>> 1932 put_page(src_page);
>> 1933 goto out_error;
>> 1934 }
>> 1935 src_addr = kmap_atomic(src_page);
>> 1936 dest_addr = kmap_atomic(dest_page);
>> 1937
>> 1938 flush_dcache_page(src_page);
>> 1939 flush_dcache_page(dest_page);
>> 1940
>> 1941 if (memcmp(src_addr + src_poff, dest_addr + dest_poff, cmp_len))
>> 1942 same = false;
>> 1943
>> 1944 kunmap_atomic(dest_addr);
>> 1945 kunmap_atomic(src_addr);
>> 1946 unlock_page(dest_page);
>> 1947 unlock_page(src_page);
>> 1948 put_page(dest_page);
>> 1949 put_page(src_page);
>> 1950
>> 1951 if (!same)
>> 1952 break;
>> 1953
>> 1954 srcoff += cmp_len;
>> 1955 destoff += cmp_len;
>> 1956 len -= cmp_len;
>> 1957 }
>> 1958
>> 1959 *is_same = same;
1830 return 0; 1960 return 0;
>> 1961
>> 1962 out_error:
>> 1963 return error;
1831 } 1964 }
>> 1965 EXPORT_SYMBOL(vfs_dedupe_file_range_compare);
1832 1966
1833 bool generic_atomic_write_valid(struct iov_it !! 1967 int vfs_dedupe_file_range(struct file *file, struct file_dedupe_range *same)
1834 { 1968 {
1835 size_t len = iov_iter_count(iter); !! 1969 struct file_dedupe_range_info *info;
>> 1970 struct inode *src = file_inode(file);
>> 1971 u64 off;
>> 1972 u64 len;
>> 1973 int i;
>> 1974 int ret;
>> 1975 bool is_admin = capable(CAP_SYS_ADMIN);
>> 1976 u16 count = same->dest_count;
>> 1977 struct file *dst_file;
>> 1978 loff_t dst_off;
>> 1979 ssize_t deduped;
>> 1980
>> 1981 if (!(file->f_mode & FMODE_READ))
>> 1982 return -EINVAL;
>> 1983
>> 1984 if (same->reserved1 || same->reserved2)
>> 1985 return -EINVAL;
>> 1986
>> 1987 off = same->src_offset;
>> 1988 len = same->src_length;
>> 1989
>> 1990 ret = -EISDIR;
>> 1991 if (S_ISDIR(src->i_mode))
>> 1992 goto out;
>> 1993
>> 1994 ret = -EINVAL;
>> 1995 if (!S_ISREG(src->i_mode))
>> 1996 goto out;
>> 1997
>> 1998 ret = clone_verify_area(file, off, len, false);
>> 1999 if (ret < 0)
>> 2000 goto out;
>> 2001 ret = 0;
1836 2002
1837 if (!iter_is_ubuf(iter)) !! 2003 if (off + len > i_size_read(src))
1838 return false; !! 2004 return -EINVAL;
1839 2005
1840 if (!is_power_of_2(len)) !! 2006 /* pre-format output fields to sane values */
1841 return false; !! 2007 for (i = 0; i < count; i++) {
>> 2008 same->info[i].bytes_deduped = 0ULL;
>> 2009 same->info[i].status = FILE_DEDUPE_RANGE_SAME;
>> 2010 }
1842 2011
1843 if (!IS_ALIGNED(pos, len)) !! 2012 for (i = 0, info = same->info; i < count; i++, info++) {
1844 return false; !! 2013 struct inode *dst;
>> 2014 struct fd dst_fd = fdget(info->dest_fd);
1845 2015
1846 return true; !! 2016 dst_file = dst_fd.file;
>> 2017 if (!dst_file) {
>> 2018 info->status = -EBADF;
>> 2019 goto next_loop;
>> 2020 }
>> 2021 dst = file_inode(dst_file);
>> 2022
>> 2023 ret = mnt_want_write_file(dst_file);
>> 2024 if (ret) {
>> 2025 info->status = ret;
>> 2026 goto next_loop;
>> 2027 }
>> 2028
>> 2029 dst_off = info->dest_offset;
>> 2030 ret = clone_verify_area(dst_file, dst_off, len, true);
>> 2031 if (ret < 0) {
>> 2032 info->status = ret;
>> 2033 goto next_file;
>> 2034 }
>> 2035 ret = 0;
>> 2036
>> 2037 if (info->reserved) {
>> 2038 info->status = -EINVAL;
>> 2039 } else if (!(is_admin || (dst_file->f_mode & FMODE_WRITE))) {
>> 2040 info->status = -EINVAL;
>> 2041 } else if (file->f_path.mnt != dst_file->f_path.mnt) {
>> 2042 info->status = -EXDEV;
>> 2043 } else if (S_ISDIR(dst->i_mode)) {
>> 2044 info->status = -EISDIR;
>> 2045 } else if (dst_file->f_op->dedupe_file_range == NULL) {
>> 2046 info->status = -EINVAL;
>> 2047 } else {
>> 2048 deduped = dst_file->f_op->dedupe_file_range(file, off,
>> 2049 len, dst_file,
>> 2050 info->dest_offset);
>> 2051 if (deduped == -EBADE)
>> 2052 info->status = FILE_DEDUPE_RANGE_DIFFERS;
>> 2053 else if (deduped < 0)
>> 2054 info->status = deduped;
>> 2055 else
>> 2056 info->bytes_deduped += deduped;
>> 2057 }
>> 2058
>> 2059 next_file:
>> 2060 mnt_drop_write_file(dst_file);
>> 2061 next_loop:
>> 2062 fdput(dst_fd);
>> 2063
>> 2064 if (fatal_signal_pending(current))
>> 2065 goto out;
>> 2066 }
>> 2067
>> 2068 out:
>> 2069 return ret;
1847 } 2070 }
>> 2071 EXPORT_SYMBOL(vfs_dedupe_file_range);
1848 2072
Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.