move aio compat to fs/aio.c
... and fix the minor buglet in compat io_submit() - native one kills ioctx as cleanup when put_user() fails. Get rid of bogus compat_... in !CONFIG_AIO case, while we are at it - they should simply fail with ENOSYS, same as for native counterparts. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
This commit is contained in:
parent
e93b1cc8a8
commit
c00d2c7e89
4 changed files with 98 additions and 82 deletions
95
fs/aio.c
95
fs/aio.c
|
@ -1367,6 +1367,39 @@ SYSCALL_DEFINE2(io_setup, unsigned, nr_events, aio_context_t __user *, ctxp)
|
|||
return ret;
|
||||
}
|
||||
|
||||
#ifdef CONFIG_COMPAT
|
||||
COMPAT_SYSCALL_DEFINE2(io_setup, unsigned, nr_events, u32 __user *, ctx32p)
|
||||
{
|
||||
struct kioctx *ioctx = NULL;
|
||||
unsigned long ctx;
|
||||
long ret;
|
||||
|
||||
ret = get_user(ctx, ctx32p);
|
||||
if (unlikely(ret))
|
||||
goto out;
|
||||
|
||||
ret = -EINVAL;
|
||||
if (unlikely(ctx || nr_events == 0)) {
|
||||
pr_debug("EINVAL: ctx %lu nr_events %u\n",
|
||||
ctx, nr_events);
|
||||
goto out;
|
||||
}
|
||||
|
||||
ioctx = ioctx_alloc(nr_events);
|
||||
ret = PTR_ERR(ioctx);
|
||||
if (!IS_ERR(ioctx)) {
|
||||
/* truncating is ok because it's a user address */
|
||||
ret = put_user((u32)ioctx->user_id, ctx32p);
|
||||
if (ret)
|
||||
kill_ioctx(current->mm, ioctx, NULL);
|
||||
percpu_ref_put(&ioctx->users);
|
||||
}
|
||||
|
||||
out:
|
||||
return ret;
|
||||
}
|
||||
#endif
|
||||
|
||||
/* sys_io_destroy:
|
||||
* Destroy the aio_context specified. May cancel any outstanding
|
||||
* AIOs and block on completion. Will fail with -ENOSYS if not
|
||||
|
@ -1591,7 +1624,7 @@ static int io_submit_one(struct kioctx *ctx, struct iocb __user *user_iocb,
|
|||
return ret;
|
||||
}
|
||||
|
||||
long do_io_submit(aio_context_t ctx_id, long nr,
|
||||
static long do_io_submit(aio_context_t ctx_id, long nr,
|
||||
struct iocb __user *__user *iocbpp, bool compat)
|
||||
{
|
||||
struct kioctx *ctx;
|
||||
|
@ -1662,6 +1695,44 @@ SYSCALL_DEFINE3(io_submit, aio_context_t, ctx_id, long, nr,
|
|||
return do_io_submit(ctx_id, nr, iocbpp, 0);
|
||||
}
|
||||
|
||||
#ifdef CONFIG_COMPAT
|
||||
static inline long
|
||||
copy_iocb(long nr, u32 __user *ptr32, struct iocb __user * __user *ptr64)
|
||||
{
|
||||
compat_uptr_t uptr;
|
||||
int i;
|
||||
|
||||
for (i = 0; i < nr; ++i) {
|
||||
if (get_user(uptr, ptr32 + i))
|
||||
return -EFAULT;
|
||||
if (put_user(compat_ptr(uptr), ptr64 + i))
|
||||
return -EFAULT;
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
#define MAX_AIO_SUBMITS (PAGE_SIZE/sizeof(struct iocb *))
|
||||
|
||||
COMPAT_SYSCALL_DEFINE3(io_submit, compat_aio_context_t, ctx_id,
|
||||
int, nr, u32 __user *, iocb)
|
||||
{
|
||||
struct iocb __user * __user *iocb64;
|
||||
long ret;
|
||||
|
||||
if (unlikely(nr < 0))
|
||||
return -EINVAL;
|
||||
|
||||
if (nr > MAX_AIO_SUBMITS)
|
||||
nr = MAX_AIO_SUBMITS;
|
||||
|
||||
iocb64 = compat_alloc_user_space(nr * sizeof(*iocb64));
|
||||
ret = copy_iocb(nr, iocb, iocb64);
|
||||
if (!ret)
|
||||
ret = do_io_submit(ctx_id, nr, iocb64, 1);
|
||||
return ret;
|
||||
}
|
||||
#endif
|
||||
|
||||
/* lookup_kiocb
|
||||
* Finds a given iocb for cancellation.
|
||||
*/
|
||||
|
@ -1761,3 +1832,25 @@ SYSCALL_DEFINE5(io_getevents, aio_context_t, ctx_id,
|
|||
}
|
||||
return ret;
|
||||
}
|
||||
|
||||
#ifdef CONFIG_COMPAT
|
||||
COMPAT_SYSCALL_DEFINE5(io_getevents, compat_aio_context_t, ctx_id,
|
||||
compat_long_t, min_nr,
|
||||
compat_long_t, nr,
|
||||
struct io_event __user *, events,
|
||||
struct compat_timespec __user *, timeout)
|
||||
{
|
||||
struct timespec t;
|
||||
struct timespec __user *ut = NULL;
|
||||
|
||||
if (timeout) {
|
||||
if (compat_get_timespec(&t, timeout))
|
||||
return -EFAULT;
|
||||
|
||||
ut = compat_alloc_user_space(sizeof(*ut));
|
||||
if (copy_to_user(ut, &t, sizeof(t)))
|
||||
return -EFAULT;
|
||||
}
|
||||
return sys_io_getevents(ctx_id, min_nr, nr, events, ut);
|
||||
}
|
||||
#endif
|
||||
|
|
75
fs/compat.c
75
fs/compat.c
|
@ -487,45 +487,6 @@ COMPAT_SYSCALL_DEFINE3(fcntl, unsigned int, fd, unsigned int, cmd,
|
|||
return compat_sys_fcntl64(fd, cmd, arg);
|
||||
}
|
||||
|
||||
COMPAT_SYSCALL_DEFINE2(io_setup, unsigned, nr_reqs, u32 __user *, ctx32p)
|
||||
{
|
||||
long ret;
|
||||
aio_context_t ctx64;
|
||||
|
||||
mm_segment_t oldfs = get_fs();
|
||||
if (unlikely(get_user(ctx64, ctx32p)))
|
||||
return -EFAULT;
|
||||
|
||||
set_fs(KERNEL_DS);
|
||||
/* The __user pointer cast is valid because of the set_fs() */
|
||||
ret = sys_io_setup(nr_reqs, (aio_context_t __user *) &ctx64);
|
||||
set_fs(oldfs);
|
||||
/* truncating is ok because it's a user address */
|
||||
if (!ret)
|
||||
ret = put_user((u32) ctx64, ctx32p);
|
||||
return ret;
|
||||
}
|
||||
|
||||
COMPAT_SYSCALL_DEFINE5(io_getevents, compat_aio_context_t, ctx_id,
|
||||
compat_long_t, min_nr,
|
||||
compat_long_t, nr,
|
||||
struct io_event __user *, events,
|
||||
struct compat_timespec __user *, timeout)
|
||||
{
|
||||
struct timespec t;
|
||||
struct timespec __user *ut = NULL;
|
||||
|
||||
if (timeout) {
|
||||
if (compat_get_timespec(&t, timeout))
|
||||
return -EFAULT;
|
||||
|
||||
ut = compat_alloc_user_space(sizeof(*ut));
|
||||
if (copy_to_user(ut, &t, sizeof(t)) )
|
||||
return -EFAULT;
|
||||
}
|
||||
return sys_io_getevents(ctx_id, min_nr, nr, events, ut);
|
||||
}
|
||||
|
||||
/* A write operation does a read from user space and vice versa */
|
||||
#define vrfy_dir(type) ((type) == READ ? VERIFY_WRITE : VERIFY_READ)
|
||||
|
||||
|
@ -602,42 +563,6 @@ ssize_t compat_rw_copy_check_uvector(int type,
|
|||
return ret;
|
||||
}
|
||||
|
||||
static inline long
|
||||
copy_iocb(long nr, u32 __user *ptr32, struct iocb __user * __user *ptr64)
|
||||
{
|
||||
compat_uptr_t uptr;
|
||||
int i;
|
||||
|
||||
for (i = 0; i < nr; ++i) {
|
||||
if (get_user(uptr, ptr32 + i))
|
||||
return -EFAULT;
|
||||
if (put_user(compat_ptr(uptr), ptr64 + i))
|
||||
return -EFAULT;
|
||||
}
|
||||
return 0;
|
||||
}
|
||||
|
||||
#define MAX_AIO_SUBMITS (PAGE_SIZE/sizeof(struct iocb *))
|
||||
|
||||
COMPAT_SYSCALL_DEFINE3(io_submit, compat_aio_context_t, ctx_id,
|
||||
int, nr, u32 __user *, iocb)
|
||||
{
|
||||
struct iocb __user * __user *iocb64;
|
||||
long ret;
|
||||
|
||||
if (unlikely(nr < 0))
|
||||
return -EINVAL;
|
||||
|
||||
if (nr > MAX_AIO_SUBMITS)
|
||||
nr = MAX_AIO_SUBMITS;
|
||||
|
||||
iocb64 = compat_alloc_user_space(nr * sizeof(*iocb64));
|
||||
ret = copy_iocb(nr, iocb, iocb64);
|
||||
if (!ret)
|
||||
ret = do_io_submit(ctx_id, nr, iocb64, 1);
|
||||
return ret;
|
||||
}
|
||||
|
||||
struct compat_ncp_mount_data {
|
||||
compat_int_t version;
|
||||
compat_uint_t ncp_fd;
|
||||
|
|
|
@ -14,14 +14,9 @@ typedef int (kiocb_cancel_fn)(struct kiocb *);
|
|||
/* prototypes */
|
||||
#ifdef CONFIG_AIO
|
||||
extern void exit_aio(struct mm_struct *mm);
|
||||
extern long do_io_submit(aio_context_t ctx_id, long nr,
|
||||
struct iocb __user *__user *iocbpp, bool compat);
|
||||
void kiocb_set_cancel_fn(struct kiocb *req, kiocb_cancel_fn *cancel);
|
||||
#else
|
||||
static inline void exit_aio(struct mm_struct *mm) { }
|
||||
static inline long do_io_submit(aio_context_t ctx_id, long nr,
|
||||
struct iocb __user * __user *iocbpp,
|
||||
bool compat) { return 0; }
|
||||
static inline void kiocb_set_cancel_fn(struct kiocb *req,
|
||||
kiocb_cancel_fn *cancel) { }
|
||||
#endif /* CONFIG_AIO */
|
||||
|
|
|
@ -150,6 +150,9 @@ cond_syscall(sys_io_destroy);
|
|||
cond_syscall(sys_io_submit);
|
||||
cond_syscall(sys_io_cancel);
|
||||
cond_syscall(sys_io_getevents);
|
||||
cond_syscall(compat_sys_io_setup);
|
||||
cond_syscall(compat_sys_io_submit);
|
||||
cond_syscall(compat_sys_io_getevents);
|
||||
cond_syscall(sys_sysfs);
|
||||
cond_syscall(sys_syslog);
|
||||
cond_syscall(sys_process_vm_readv);
|
||||
|
|
Loading…
Reference in a new issue