Merge to Fedora kernel-2.6.7-1.441

[linux-2.6.git] / fs / aio.c

diff --git a/fs/aio.c b/fs/aio.c
index a2cf986..6788528 100644 (file)
--- a/fs/aio.c
+++ b/fs/aio.c
@@ -15,7 +15,7 @@
 #include <linux/aio_abi.h>
 #include <linux/module.h>
 
-//#define DEBUG 1
+#define DEBUG 0
 
 #include <linux/sched.h>
 #include <linux/fs.h>
@@ -27,6 +27,7 @@
 #include <linux/aio.h>
 #include <linux/highmem.h>
 #include <linux/workqueue.h>
+#include <linux/security.h>
 
 #include <asm/kmap_types.h>
 #include <asm/uaccess.h>
@@ -394,7 +395,7 @@ static struct kiocb fastcall *__aio_get_req(struct kioctx *ctx)
        req->ki_ctx = ctx;
        req->ki_cancel = NULL;
        req->ki_retry = NULL;
-       req->ki_user_obj = NULL;
+       req->ki_obj.user = NULL;
 
        /* Check if the completion queue has enough free space to
         * accept an event from this io.
@@ -437,7 +438,7 @@ static inline void really_put_req(struct kioctx *ctx, struct kiocb *req)
 {
        req->ki_ctx = NULL;
        req->ki_filp = NULL;
-       req->ki_user_obj = NULL;
+       req->ki_obj.user = NULL;
        kmem_cache_free(kiocb_cachep, req);
        ctx->reqs_active--;
 
@@ -605,7 +606,7 @@ void fastcall kick_iocb(struct kiocb *iocb)
         * single context. */
        if (is_sync_kiocb(iocb)) {
                kiocbSetKicked(iocb);
-               wake_up_process(iocb->ki_user_obj);
+               wake_up_process(iocb->ki_obj.tsk);
                return;
        }
 
@@ -653,7 +654,7 @@ int fastcall aio_complete(struct kiocb *iocb, long res, long res2)
                        spin_unlock_irq(&ctx->ctx_lock);
                }
                /* sync iocbs put the task here for us */
-               wake_up_process(iocb->ki_user_obj);
+               wake_up_process(iocb->ki_obj.tsk);
                return ret;
        }
 
@@ -673,13 +674,13 @@ int fastcall aio_complete(struct kiocb *iocb, long res, long res2)
        event = aio_ring_event(info, tail, KM_IRQ0);
        tail = (tail + 1) % info->nr;
 
-       event->obj = (u64)(unsigned long)iocb->ki_user_obj;
+       event->obj = (u64)(unsigned long)iocb->ki_obj.user;
        event->data = iocb->ki_user_data;
        event->res = res;
        event->res2 = res2;
 
        dprintk("aio_complete: %p[%lu]: %p: %p %Lx %lx %lx\n",
-               ctx, tail, iocb, iocb->ki_user_obj, iocb->ki_user_data,
+               ctx, tail, iocb, iocb->ki_obj.user, iocb->ki_user_data,
                res, res2);
 
        /* after flagging the request as done, we
@@ -777,19 +778,11 @@ static inline void init_timeout(struct timeout *to)
 static inline void set_timeout(long start_jiffies, struct timeout *to,
                               const struct timespec *ts)
 {
-       unsigned long how_long;
-
-       if (ts->tv_sec < 0 || (!ts->tv_sec && !ts->tv_nsec)) {
+       to->timer.expires = start_jiffies + timespec_to_jiffies(ts);
+       if (time_after(to->timer.expires, jiffies))
+               add_timer(&to->timer);
+       else
                to->timed_out = 1;
-               return;
-       }
-
-       how_long = ts->tv_sec * HZ;
-#define HZ_NS (1000000000 / HZ)
-       how_long += (ts->tv_nsec + HZ_NS - 1) / HZ_NS;
-       
-       to->timer.expires = jiffies + how_long;
-       add_timer(&to->timer);
 }
 
 static inline void clear_timeout(struct timeout *to)
@@ -962,6 +955,7 @@ asmlinkage long sys_io_setup(unsigned nr_events, aio_context_t __user *ctxp)
                ret = put_user(ioctx->user_id, ctxp);
                if (!ret)
                        return 0;
+               get_ioctx(ioctx);
                io_destroy(ioctx);
        }
 
@@ -1029,7 +1023,7 @@ int fastcall io_submit_one(struct kioctx *ctx, struct iocb __user *user_iocb,
                goto out_put_req;
        }
 
-       req->ki_user_obj = user_iocb;
+       req->ki_obj.user = user_iocb;
        req->ki_user_data = iocb->aio_data;
        req->ki_pos = iocb->aio_offset;
 
@@ -1043,6 +1037,9 @@ int fastcall io_submit_one(struct kioctx *ctx, struct iocb __user *user_iocb,
                ret = -EFAULT;
                if (unlikely(!access_ok(VERIFY_WRITE, buf, iocb->aio_nbytes)))
                        goto out_put_req;
+               ret = security_file_permission (file, MAY_READ);
+               if (ret)
+                       goto out_put_req;
                ret = -EINVAL;
                if (file->f_op->aio_read)
                        ret = file->f_op->aio_read(req, buf,
@@ -1055,6 +1052,9 @@ int fastcall io_submit_one(struct kioctx *ctx, struct iocb __user *user_iocb,
                ret = -EFAULT;
                if (unlikely(!access_ok(VERIFY_READ, buf, iocb->aio_nbytes)))
                        goto out_put_req;
+               ret = security_file_permission (file, MAY_WRITE);
+               if (ret)
+                       goto out_put_req;
                ret = -EINVAL;
                if (file->f_op->aio_write)
                        ret = file->f_op->aio_write(req, buf,
@@ -1155,7 +1155,7 @@ struct kiocb *lookup_kiocb(struct kioctx *ctx, struct iocb __user *iocb, u32 key
        /* TODO: use a hash or array, this sucks. */
        list_for_each(pos, &ctx->active_reqs) {
                struct kiocb *kiocb = list_kiocb(pos);
-               if (kiocb->ki_user_obj == iocb && kiocb->ki_key == key)
+               if (kiocb->ki_obj.user == iocb && kiocb->ki_key == key)
                        return kiocb;
        }
        return NULL;
@@ -1202,7 +1202,7 @@ asmlinkage long sys_io_cancel(aio_context_t ctx_id, struct iocb __user *iocb,
                struct io_event tmp;
                pr_debug("calling cancel\n");
                memset(&tmp, 0, sizeof(tmp));
-               tmp.obj = (u64)(unsigned long)kiocb->ki_user_obj;
+               tmp.obj = (u64)(unsigned long)kiocb->ki_obj.user;
                tmp.data = kiocb->ki_user_data;
                ret = cancel(kiocb, &tmp);
                if (!ret) {