#include <linux/file.h>
#include <linux/uio.h>
#include <linux/smp_lock.h>
-#include <linux/dnotify.h>
+#include <linux/fsnotify.h>
#include <linux/security.h>
#include <linux/module.h>
+#include <linux/syscalls.h>
+#include <linux/pagemap.h>
#include <asm/uaccess.h>
#include <asm/unistd.h>
-struct file_operations generic_ro_fops = {
+const struct file_operations generic_ro_fops = {
.llseek = generic_file_llseek,
.read = generic_file_read,
.mmap = generic_file_readonly_mmap,
long long retval;
struct inode *inode = file->f_mapping->host;
- down(&inode->i_sem);
+ mutex_lock(&inode->i_mutex);
switch (origin) {
case 2:
offset += inode->i_size;
}
retval = offset;
}
- up(&inode->i_sem);
+ mutex_unlock(&inode->i_mutex);
return retval;
}
bad:
return retval;
}
-EXPORT_SYMBOL_GPL(sys_lseek);
#ifdef __ARCH_WANT_SYS_LLSEEK
asmlinkage long sys_llseek(unsigned int fd, unsigned long offset_high,
}
#endif
+/*
+ * rw_verify_area doesn't like huge counts. We limit
+ * them to something that fits in "int" so that others
+ * won't have to do range checks all the time.
+ */
+#define MAX_RW_COUNT (INT_MAX & PAGE_CACHE_MASK)
+
+int rw_verify_area(int read_write, struct file *file, loff_t *ppos, size_t count)
+{
+ struct inode *inode;
+ loff_t pos;
+
+ if (unlikely((ssize_t) count < 0))
+ goto Einval;
+ pos = *ppos;
+ if (unlikely((pos < 0) || (loff_t) (pos + count) < 0))
+ goto Einval;
+
+ inode = file->f_dentry->d_inode;
+ if (unlikely(inode->i_flock && MANDATORY_LOCK(inode))) {
+ int retval = locks_mandatory_area(
+ read_write == READ ? FLOCK_VERIFY_READ : FLOCK_VERIFY_WRITE,
+ inode, file, pos, count);
+ if (retval < 0)
+ return retval;
+ }
+ return count > MAX_RW_COUNT ? MAX_RW_COUNT : count;
+
+Einval:
+ return -EINVAL;
+}
+
+static void wait_on_retry_sync_kiocb(struct kiocb *iocb)
+{
+ set_current_state(TASK_UNINTERRUPTIBLE);
+ if (!kiocbIsKicked(iocb))
+ schedule();
+ else
+ kiocbClearKicked(iocb);
+ __set_current_state(TASK_RUNNING);
+}
+
ssize_t do_sync_read(struct file *filp, char __user *buf, size_t len, loff_t *ppos)
{
struct kiocb kiocb;
init_sync_kiocb(&kiocb, filp);
kiocb.ki_pos = *ppos;
- ret = filp->f_op->aio_read(&kiocb, buf, len, kiocb.ki_pos);
+ while (-EIOCBRETRY ==
+ (ret = filp->f_op->aio_read(&kiocb, buf, len, kiocb.ki_pos)))
+ wait_on_retry_sync_kiocb(&kiocb);
+
if (-EIOCBQUEUED == ret)
ret = wait_on_sync_kiocb(&kiocb);
*ppos = kiocb.ki_pos;
ssize_t vfs_read(struct file *file, char __user *buf, size_t count, loff_t *pos)
{
- struct inode *inode = file->f_dentry->d_inode;
ssize_t ret;
if (!(file->f_mode & FMODE_READ))
return -EBADF;
if (!file->f_op || (!file->f_op->read && !file->f_op->aio_read))
return -EINVAL;
+ if (unlikely(!access_ok(VERIFY_WRITE, buf, count)))
+ return -EFAULT;
- ret = locks_verify_area(FLOCK_VERIFY_READ, inode, file, *pos, count);
- if (!ret) {
+ ret = rw_verify_area(READ, file, pos, count);
+ if (ret >= 0) {
+ count = ret;
ret = security_file_permission (file, MAY_READ);
if (!ret) {
if (file->f_op->read)
ret = file->f_op->read(file, buf, count, pos);
else
ret = do_sync_read(file, buf, count, pos);
- if (ret > 0)
- dnotify_parent(file->f_dentry, DN_ACCESS);
+ if (ret > 0) {
+ fsnotify_access(file->f_dentry);
+ current->rchar += ret;
+ }
+ current->syscr++;
}
}
init_sync_kiocb(&kiocb, filp);
kiocb.ki_pos = *ppos;
- ret = filp->f_op->aio_write(&kiocb, buf, len, kiocb.ki_pos);
+ while (-EIOCBRETRY ==
+ (ret = filp->f_op->aio_write(&kiocb, buf, len, kiocb.ki_pos)))
+ wait_on_retry_sync_kiocb(&kiocb);
+
if (-EIOCBQUEUED == ret)
ret = wait_on_sync_kiocb(&kiocb);
*ppos = kiocb.ki_pos;
ssize_t vfs_write(struct file *file, const char __user *buf, size_t count, loff_t *pos)
{
- struct inode *inode = file->f_dentry->d_inode;
ssize_t ret;
if (!(file->f_mode & FMODE_WRITE))
return -EBADF;
if (!file->f_op || (!file->f_op->write && !file->f_op->aio_write))
return -EINVAL;
+ if (unlikely(!access_ok(VERIFY_READ, buf, count)))
+ return -EFAULT;
- ret = locks_verify_area(FLOCK_VERIFY_WRITE, inode, file, *pos, count);
- if (!ret) {
+ ret = rw_verify_area(WRITE, file, pos, count);
+ if (ret >= 0) {
+ count = ret;
ret = security_file_permission (file, MAY_WRITE);
if (!ret) {
if (file->f_op->write)
ret = file->f_op->write(file, buf, count, pos);
else
ret = do_sync_write(file, buf, count, pos);
- if (ret > 0)
- dnotify_parent(file->f_dentry, DN_MODIFY);
+ if (ret > 0) {
+ fsnotify_modify(file->f_dentry);
+ current->wchar += ret;
+ }
+ current->syscw++;
}
}
return ret;
}
+EXPORT_SYMBOL_GPL(sys_write);
+
asmlinkage ssize_t sys_pread64(unsigned int fd, char __user *buf,
size_t count, loff_t pos)
{
return seg;
}
-EXPORT_SYMBOL(iov_shorten);
+EXPORT_UNUSED_SYMBOL(iov_shorten); /* June 2006 */
+
+/* A write operation does a read from user space and vice versa */
+#define vrfy_dir(type) ((type) == READ ? VERIFY_WRITE : VERIFY_READ)
static ssize_t do_readv_writev(int type, struct file *file,
const struct iovec __user * uvector,
int seg;
io_fn_t fn;
iov_fn_t fnv;
- struct inode *inode;
/*
* SuS says "The readv() function *may* fail if the iovcnt argument
* verify all the pointers
*/
ret = -EINVAL;
- if ((nr_segs > UIO_MAXIOV) || (nr_segs <= 0))
+ if (nr_segs > UIO_MAXIOV)
goto out;
if (!file->f_op)
goto out;
tot_len = 0;
ret = -EINVAL;
for (seg = 0; seg < nr_segs; seg++) {
+ void __user *buf = iov[seg].iov_base;
ssize_t len = (ssize_t)iov[seg].iov_len;
if (len < 0) /* size_t not fitting an ssize_t .. */
goto out;
+ if (unlikely(!access_ok(vrfy_dir(type), buf, len)))
+ goto Efault;
tot_len += len;
if ((ssize_t)tot_len < 0) /* maths overflow on the ssize_t */
goto out;
goto out;
}
- inode = file->f_dentry->d_inode;
- /* VERIFY_WRITE actually means a read, as we write to user space */
- ret = locks_verify_area((type == READ
- ? FLOCK_VERIFY_READ : FLOCK_VERIFY_WRITE),
- inode, file, *pos, tot_len);
+ ret = rw_verify_area(type, file, pos, tot_len);
+ if (ret < 0)
+ goto out;
+ ret = security_file_permission(file, type == READ ? MAY_READ : MAY_WRITE);
if (ret)
goto out;
out:
if (iov != iovstack)
kfree(iov);
- if ((ret + (type == READ)) > 0)
- dnotify_parent(file->f_dentry,
- (type == READ) ? DN_ACCESS : DN_MODIFY);
+ if ((ret + (type == READ)) > 0) {
+ if (type == READ)
+ fsnotify_access(file->f_dentry);
+ else
+ fsnotify_modify(file->f_dentry);
+ }
return ret;
+Efault:
+ ret = -EFAULT;
+ goto out;
}
ssize_t vfs_readv(struct file *file, const struct iovec __user *vec,
fput_light(file, fput_needed);
}
+ if (ret > 0)
+ current->rchar += ret;
+ current->syscr++;
return ret;
}
fput_light(file, fput_needed);
}
+ if (ret > 0)
+ current->wchar += ret;
+ current->syscw++;
return ret;
}
else
if (!(in_file->f_mode & FMODE_PREAD))
goto fput_in;
- retval = locks_verify_area(FLOCK_VERIFY_READ, in_inode, in_file, *ppos, count);
- if (retval)
+ retval = rw_verify_area(READ, in_file, ppos, count);
+ if (retval < 0)
goto fput_in;
+ count = retval;
retval = security_file_permission (in_file, MAY_READ);
if (retval)
if (!out_file->f_op || !out_file->f_op->sendpage)
goto fput_out;
out_inode = out_file->f_dentry->d_inode;
- retval = locks_verify_area(FLOCK_VERIFY_WRITE, out_inode, out_file, out_file->f_pos, count);
- if (retval)
+ retval = rw_verify_area(WRITE, out_file, &out_file->f_pos, count);
+ if (retval < 0)
goto fput_out;
+ count = retval;
retval = security_file_permission (out_file, MAY_WRITE);
if (retval)
retval = in_file->f_op->sendfile(in_file, ppos, count, file_send_actor, out_file);
+ if (retval > 0) {
+ current->rchar += retval;
+ current->wchar += retval;
+ }
+ current->syscr++;
+ current->syscw++;
+
if (*ppos > max)
retval = -EOVERFLOW;