From 474fe9f7f551b151222db07a968b15bf05ffe4c4 Mon Sep 17 00:00:00 2001 From: Al Viro Date: Sun, 12 Jul 2015 21:06:44 -0400 Subject: [PATCH 01/63] 9p/trans_virtio: don't bother with p9_tag_lookup() Just store the pointer to req instead of that to req->tc as opaque data. Signed-off-by: Al Viro --- net/9p/trans_virtio.c | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/net/9p/trans_virtio.c b/net/9p/trans_virtio.c index 6e70ddb158b4bc..9fc6a56c506aaa 100644 --- a/net/9p/trans_virtio.c +++ b/net/9p/trans_virtio.c @@ -143,7 +143,6 @@ static void p9_virtio_close(struct p9_client *client) static void req_done(struct virtqueue *vq) { struct virtio_chan *chan = vq->vdev->priv; - struct p9_fcall *rc; unsigned int len; struct p9_req_t *req; unsigned long flags; @@ -152,8 +151,8 @@ static void req_done(struct virtqueue *vq) while (1) { spin_lock_irqsave(&chan->lock, flags); - rc = virtqueue_get_buf(chan->vq, &len); - if (rc == NULL) { + req = virtqueue_get_buf(chan->vq, &len); + if (req == NULL) { spin_unlock_irqrestore(&chan->lock, flags); break; } @@ -161,9 +160,6 @@ static void req_done(struct virtqueue *vq) spin_unlock_irqrestore(&chan->lock, flags); /* Wakeup if anyone waiting for VirtIO ring space. */ wake_up(chan->vc_wq); - p9_debug(P9_DEBUG_TRANS, ": rc %p\n", rc); - p9_debug(P9_DEBUG_TRANS, ": lookup tag %d\n", rc->tag); - req = p9_tag_lookup(chan->client, rc->tag); p9_client_cb(chan->client, req, REQ_STATUS_RCVD); } } @@ -284,7 +280,7 @@ p9_virtio_request(struct p9_client *client, struct p9_req_t *req) if (in) sgs[out_sgs + in_sgs++] = chan->sg + out; - err = virtqueue_add_sgs(chan->vq, sgs, out_sgs, in_sgs, req->tc, + err = virtqueue_add_sgs(chan->vq, sgs, out_sgs, in_sgs, req, GFP_ATOMIC); if (err < 0) { if (err == -ENOSPC) { @@ -469,7 +465,7 @@ p9_virtio_zc_request(struct p9_client *client, struct p9_req_t *req, } BUG_ON(out_sgs + in_sgs > ARRAY_SIZE(sgs)); - err = virtqueue_add_sgs(chan->vq, sgs, out_sgs, in_sgs, req->tc, + err = virtqueue_add_sgs(chan->vq, sgs, out_sgs, in_sgs, req, GFP_ATOMIC); if (err < 0) { if (err == -ENOSPC) { From 752343be63d90c84d275f046e43371febe217863 Mon Sep 17 00:00:00 2001 From: Rasmus Villemoes Date: Thu, 29 Oct 2015 12:01:41 +0100 Subject: [PATCH 02/63] fs/file.c: __const_max is actually __const_min :-) 7f4b36f9bb930 "get rid of files_defer_init()" inexplicably changed a min() to a __const_max() - but the __const_max macro actually gives the minimum... So no functional change, just less confusing naming. Signed-off-by: Rasmus Villemoes Signed-off-by: Al Viro --- fs/file.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/fs/file.c b/fs/file.c index 39f8f15921da79..1aed0add16a2c0 100644 --- a/fs/file.c +++ b/fs/file.c @@ -25,9 +25,9 @@ int sysctl_nr_open __read_mostly = 1024*1024; int sysctl_nr_open_min = BITS_PER_LONG; -/* our max() is unusable in constant expressions ;-/ */ -#define __const_max(x, y) ((x) < (y) ? (x) : (y)) -int sysctl_nr_open_max = __const_max(INT_MAX, ~(size_t)0/sizeof(void *)) & +/* our min() is unusable in constant expressions ;-/ */ +#define __const_min(x, y) ((x) < (y) ? (x) : (y)) +int sysctl_nr_open_max = __const_min(INT_MAX, ~(size_t)0/sizeof(void *)) & -BITS_PER_LONG; static void *alloc_fdmem(size_t size) From 42a561e56fb9b581a4adb89efe54a387e3d4dc1b Mon Sep 17 00:00:00 2001 From: Julia Lawall Date: Sat, 14 Nov 2015 13:30:34 +0100 Subject: [PATCH 03/63] lustre: constify inode_operations structures The inode_operations structures are never modified, so declare them as const, like all the other inode_operations structures. Done with the help of Coccinelle. Signed-off-by: Julia Lawall Signed-off-by: Al Viro --- drivers/staging/lustre/lustre/llite/file.c | 2 +- drivers/staging/lustre/lustre/llite/llite_internal.h | 4 ++-- drivers/staging/lustre/lustre/llite/symlink.c | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/drivers/staging/lustre/lustre/llite/file.c b/drivers/staging/lustre/lustre/llite/file.c index 02f27593013e36..31cd6b323a39f4 100644 --- a/drivers/staging/lustre/lustre/llite/file.c +++ b/drivers/staging/lustre/lustre/llite/file.c @@ -3139,7 +3139,7 @@ struct file_operations ll_file_operations_noflock = { .lock = ll_file_noflock }; -struct inode_operations ll_file_inode_operations = { +const struct inode_operations ll_file_inode_operations = { .setattr = ll_setattr, .getattr = ll_getattr, .permission = ll_inode_permission, diff --git a/drivers/staging/lustre/lustre/llite/llite_internal.h b/drivers/staging/lustre/lustre/llite/llite_internal.h index 9096d311e45d76..6102b29dbf3076 100644 --- a/drivers/staging/lustre/lustre/llite/llite_internal.h +++ b/drivers/staging/lustre/lustre/llite/llite_internal.h @@ -705,7 +705,7 @@ extern const struct address_space_operations ll_aops; extern struct file_operations ll_file_operations; extern struct file_operations ll_file_operations_flock; extern struct file_operations ll_file_operations_noflock; -extern struct inode_operations ll_file_inode_operations; +extern const struct inode_operations ll_file_inode_operations; int ll_have_md_lock(struct inode *inode, __u64 *bits, ldlm_mode_t l_req_mode); ldlm_mode_t ll_take_md_lock(struct inode *inode, __u64 bits, @@ -805,7 +805,7 @@ struct inode *search_inode_for_lustre(struct super_block *sb, const struct lu_fid *fid); /* llite/symlink.c */ -extern struct inode_operations ll_fast_symlink_inode_operations; +extern const struct inode_operations ll_fast_symlink_inode_operations; /* llite/llite_close.c */ struct ll_close_queue { diff --git a/drivers/staging/lustre/lustre/llite/symlink.c b/drivers/staging/lustre/lustre/llite/symlink.c index 69b203651905e9..32c4cf48b31839 100644 --- a/drivers/staging/lustre/lustre/llite/symlink.c +++ b/drivers/staging/lustre/lustre/llite/symlink.c @@ -146,7 +146,7 @@ static void ll_put_link(struct inode *unused, void *cookie) ptlrpc_req_finished(cookie); } -struct inode_operations ll_fast_symlink_inode_operations = { +const struct inode_operations ll_fast_symlink_inode_operations = { .readlink = generic_readlink, .setattr = ll_setattr, .follow_link = ll_follow_link, From 3e004eea56b4f2cb6768ebe9000c830eda0c71b1 Mon Sep 17 00:00:00 2001 From: Yaowei Bai Date: Tue, 17 Nov 2015 14:40:09 +0800 Subject: [PATCH 04/63] fs/block_dev.c: make sb_is_blkdev_sb return bool when CONFIG_BLOCK undefined Currently when CONFIG_BLOCK is defined sb_is_blkdev_sb returns bool, while when CONFIG_BLOCK is not defined it returns int. Let's keep consistent to make sb_is_blkdev_sb return bool as well when CONFIG_BLOCK isn't defined. No functional change. Signed-off-by: Yaowei Bai Signed-off-by: Al Viro --- include/linux/fs.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/include/linux/fs.h b/include/linux/fs.h index 3aa51425416148..11505af0d3589a 100644 --- a/include/linux/fs.h +++ b/include/linux/fs.h @@ -2291,9 +2291,9 @@ static inline void iterate_bdevs(void (*f)(struct block_device *, void *), void { } -static inline int sb_is_blkdev_sb(struct super_block *sb) +static inline bool sb_is_blkdev_sb(struct super_block *sb) { - return 0; + return false; } #endif extern int sync_filesystem(struct super_block *); From 25ab4c9b1ccb64b1433cecd3f19f28fe300c1576 Mon Sep 17 00:00:00 2001 From: Yaowei Bai Date: Tue, 17 Nov 2015 14:40:10 +0800 Subject: [PATCH 05/63] fs/namespace.c: path_is_under can be boolean This patch makes path_is_under return bool to improve readability due to this particular function only using either one or zero as its return value. No functional change. Signed-off-by: Yaowei Bai Signed-off-by: Al Viro --- fs/namespace.c | 4 ++-- include/linux/fs.h | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/fs/namespace.c b/fs/namespace.c index 0570729c87fd22..b27156f2e68b74 100644 --- a/fs/namespace.c +++ b/fs/namespace.c @@ -2939,9 +2939,9 @@ bool is_path_reachable(struct mount *mnt, struct dentry *dentry, return &mnt->mnt == root->mnt && is_subdir(dentry, root->dentry); } -int path_is_under(struct path *path1, struct path *path2) +bool path_is_under(struct path *path1, struct path *path2) { - int res; + bool res; read_seqlock_excl(&mount_lock); res = is_path_reachable(real_mount(path1->mnt), path1->dentry, path2); read_sequnlock_excl(&mount_lock); diff --git a/include/linux/fs.h b/include/linux/fs.h index 11505af0d3589a..aab8094656e4ca 100644 --- a/include/linux/fs.h +++ b/include/linux/fs.h @@ -2533,7 +2533,7 @@ extern struct file * open_exec(const char *); /* fs/dcache.c -- generic fs support functions */ extern int is_subdir(struct dentry *, struct dentry *); -extern int path_is_under(struct path *, struct path *); +extern bool path_is_under(struct path *, struct path *); extern char *file_path(struct file *, char *, int); From a6e5787fc8fc9c88290a7bceed07aa4d14029fa7 Mon Sep 17 00:00:00 2001 From: Yaowei Bai Date: Tue, 17 Nov 2015 14:40:11 +0800 Subject: [PATCH 06/63] fs/dcache.c: is_subdir can be boolean This patch makes is_subdir return bool to improve readability due to this particular function only using either one or zero as its return value. No functional change. Signed-off-by: Yaowei Bai Signed-off-by: Al Viro --- fs/dcache.c | 14 +++++++------- include/linux/fs.h | 2 +- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/fs/dcache.c b/fs/dcache.c index 5c33aeb0f68feb..670f7896945bf9 100644 --- a/fs/dcache.c +++ b/fs/dcache.c @@ -3303,18 +3303,18 @@ SYSCALL_DEFINE2(getcwd, char __user *, buf, unsigned long, size) * @new_dentry: new dentry * @old_dentry: old dentry * - * Returns 1 if new_dentry is a subdirectory of the parent (at any depth). - * Returns 0 otherwise. + * Returns true if new_dentry is a subdirectory of the parent (at any depth). + * Returns false otherwise. * Caller must ensure that "new_dentry" is pinned before calling is_subdir() */ -int is_subdir(struct dentry *new_dentry, struct dentry *old_dentry) +bool is_subdir(struct dentry *new_dentry, struct dentry *old_dentry) { - int result; + bool result; unsigned seq; if (new_dentry == old_dentry) - return 1; + return true; do { /* for restarting inner loop in case of seq retry */ @@ -3325,9 +3325,9 @@ int is_subdir(struct dentry *new_dentry, struct dentry *old_dentry) */ rcu_read_lock(); if (d_ancestor(old_dentry, new_dentry)) - result = 1; + result = true; else - result = 0; + result = false; rcu_read_unlock(); } while (read_seqretry(&rename_lock, seq)); diff --git a/include/linux/fs.h b/include/linux/fs.h index aab8094656e4ca..4b23def18aa940 100644 --- a/include/linux/fs.h +++ b/include/linux/fs.h @@ -2532,7 +2532,7 @@ extern ssize_t __kernel_write(struct file *, const char *, size_t, loff_t *); extern struct file * open_exec(const char *); /* fs/dcache.c -- generic fs support functions */ -extern int is_subdir(struct dentry *, struct dentry *); +extern bool is_subdir(struct dentry *, struct dentry *); extern bool path_is_under(struct path *, struct path *); extern char *file_path(struct file *, char *, int); From 0e3ef1fe453c9f29c30d040cd2559c5cac724e93 Mon Sep 17 00:00:00 2001 From: Yaowei Bai Date: Thu, 19 Nov 2015 21:00:11 +0800 Subject: [PATCH 07/63] fs/bad_inode.c: is_bad_inode can be boolean This patch makes is_bad_inode return bool to improve readability due to this particular function only using either one or zero as its return value. No functional change. Signed-off-by: Yaowei Bai Signed-off-by: Al Viro --- fs/bad_inode.c | 2 +- include/linux/fs.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/fs/bad_inode.c b/fs/bad_inode.c index 861b1e1c477710..103f5d7c30838b 100644 --- a/fs/bad_inode.c +++ b/fs/bad_inode.c @@ -192,7 +192,7 @@ EXPORT_SYMBOL(make_bad_inode); * Returns true if the inode in question has been marked as bad. */ -int is_bad_inode(struct inode *inode) +bool is_bad_inode(struct inode *inode) { return (inode->i_op == &bad_inode_ops); } diff --git a/include/linux/fs.h b/include/linux/fs.h index 4b23def18aa940..6b33ac447612a0 100644 --- a/include/linux/fs.h +++ b/include/linux/fs.h @@ -2371,7 +2371,7 @@ extern void init_special_inode(struct inode *, umode_t, dev_t); /* Invalid inode operations -- fs/bad_inode.c */ extern void make_bad_inode(struct inode *); -extern int is_bad_inode(struct inode *); +extern bool is_bad_inode(struct inode *); #ifdef CONFIG_BLOCK /* From d37177bacdf7cbcdb23a513cbb475fa241f8083c Mon Sep 17 00:00:00 2001 From: Yaowei Bai Date: Thu, 19 Nov 2015 21:00:12 +0800 Subject: [PATCH 08/63] fs/attr.c: is_sxid can be boolean This patch makes is_sxid return bool to improve readability due to this particular function only using either one or zero as its return value. No functional change. Signed-off-by: Yaowei Bai Signed-off-by: Al Viro --- include/linux/fs.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/linux/fs.h b/include/linux/fs.h index 6b33ac447612a0..bd1447661e3cee 100644 --- a/include/linux/fs.h +++ b/include/linux/fs.h @@ -2963,7 +2963,7 @@ int __init get_filesystem_list(char *buf); #define OPEN_FMODE(flag) ((__force fmode_t)(((flag + 1) & O_ACCMODE) | \ (flag & __FMODE_NONOTIFY))) -static inline int is_sxid(umode_t mode) +static inline bool is_sxid(umode_t mode) { return (mode & S_ISUID) || ((mode & S_ISGID) && (mode & S_IXGRP)); } From 5d9f3c7b620f6d1d9555223817bdfddfbd4b93a0 Mon Sep 17 00:00:00 2001 From: "Dmitry V. Levin" Date: Thu, 19 Nov 2015 00:57:52 +0300 Subject: [PATCH 09/63] vfs: show_vfsmnt: remove redundant initialization of error code As err variable is now always checked right after the first assignment, its initialization is redundant and could be safely removed. Signed-off-by: Dmitry V. Levin Signed-off-by: Al Viro --- fs/proc_namespace.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/proc_namespace.c b/fs/proc_namespace.c index 8ebd9a33408528..1d984b5e489e15 100644 --- a/fs/proc_namespace.c +++ b/fs/proc_namespace.c @@ -95,9 +95,9 @@ static int show_vfsmnt(struct seq_file *m, struct vfsmount *mnt) { struct proc_mounts *p = m->private; struct mount *r = real_mount(mnt); - int err = 0; struct path mnt_path = { .dentry = mnt->mnt_root, .mnt = mnt }; struct super_block *sb = mnt_path.dentry->d_sb; + int err; if (sb->s_op->show_devname) { err = sb->s_op->show_devname(m, mnt_path.dentry); From 6ce4bca0adfde9ee404ce659d110f2bdeff9c13b Mon Sep 17 00:00:00 2001 From: "Dmitry V. Levin" Date: Thu, 19 Nov 2015 00:58:20 +0300 Subject: [PATCH 10/63] vfs: show_mountinfo: cleanup error code checks Check err variable right after each assignment. This change makes initialization of err redundant, so remove the initialization. Signed-off-by: Dmitry V. Levin Signed-off-by: Al Viro --- fs/proc_namespace.c | 20 +++++++++++--------- 1 file changed, 11 insertions(+), 9 deletions(-) diff --git a/fs/proc_namespace.c b/fs/proc_namespace.c index 1d984b5e489e15..93637588edf7d3 100644 --- a/fs/proc_namespace.c +++ b/fs/proc_namespace.c @@ -131,16 +131,17 @@ static int show_mountinfo(struct seq_file *m, struct vfsmount *mnt) struct mount *r = real_mount(mnt); struct super_block *sb = mnt->mnt_sb; struct path mnt_path = { .dentry = mnt->mnt_root, .mnt = mnt }; - int err = 0; + int err; seq_printf(m, "%i %i %u:%u ", r->mnt_id, r->mnt_parent->mnt_id, MAJOR(sb->s_dev), MINOR(sb->s_dev)); - if (sb->s_op->show_path) + if (sb->s_op->show_path) { err = sb->s_op->show_path(m, mnt->mnt_root); - else + if (err) + goto out; + } else { seq_dentry(m, mnt->mnt_root, " \t\n\\"); - if (err) - goto out; + } seq_putc(m, ' '); /* mountpoints outside of chroot jail will give SEQ_SKIP on this */ @@ -168,12 +169,13 @@ static int show_mountinfo(struct seq_file *m, struct vfsmount *mnt) seq_puts(m, " - "); show_type(m, sb); seq_putc(m, ' '); - if (sb->s_op->show_devname) + if (sb->s_op->show_devname) { err = sb->s_op->show_devname(m, mnt->mnt_root); - else + if (err) + goto out; + } else { mangle(m, r->mnt_devname ? r->mnt_devname : "none"); - if (err) - goto out; + } seq_puts(m, sb->s_flags & MS_RDONLY ? " ro" : " rw"); err = show_sb_opts(m, sb); if (err) From b896fb35ca904fe5b7765fcd81a45f09a62e8d03 Mon Sep 17 00:00:00 2001 From: "Dmitry V. Levin" Date: Thu, 19 Nov 2015 00:58:32 +0300 Subject: [PATCH 11/63] vfs: show_vfsstat: remove redundant initialization and check of error code As err variable is now always checked right after each assignment, its initialization is redundant and could be safely removed. For the same reason, the last check of err is also redundant and could be removed as well. Signed-off-by: Dmitry V. Levin Signed-off-by: Al Viro --- fs/proc_namespace.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/fs/proc_namespace.c b/fs/proc_namespace.c index 93637588edf7d3..2256e7e23e678a 100644 --- a/fs/proc_namespace.c +++ b/fs/proc_namespace.c @@ -193,7 +193,7 @@ static int show_vfsstat(struct seq_file *m, struct vfsmount *mnt) struct mount *r = real_mount(mnt); struct path mnt_path = { .dentry = mnt->mnt_root, .mnt = mnt }; struct super_block *sb = mnt_path.dentry->d_sb; - int err = 0; + int err; /* device */ if (sb->s_op->show_devname) { @@ -222,8 +222,7 @@ static int show_vfsstat(struct seq_file *m, struct vfsmount *mnt) /* optional statistics */ if (sb->s_op->show_stats) { seq_putc(m, ' '); - if (!err) - err = sb->s_op->show_stats(m, mnt_path.dentry); + err = sb->s_op->show_stats(m, mnt_path.dentry); } seq_putc(m, '\n'); From 0125f504ed320826a78b43d636de957d703465a8 Mon Sep 17 00:00:00 2001 From: Julia Lawall Date: Sat, 21 Nov 2015 16:15:37 +0100 Subject: [PATCH 12/63] adfs: constify adfs_dir_ops structures The adfs_dir_ops structures are never modified, so declare them as const. Done with the help of Coccinelle. Signed-off-by: Julia Lawall Signed-off-by: Al Viro --- fs/adfs/adfs.h | 6 +++--- fs/adfs/dir.c | 6 +++--- fs/adfs/dir_f.c | 2 +- fs/adfs/dir_fplus.c | 2 +- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/fs/adfs/adfs.h b/fs/adfs/adfs.h index 24575d9d882d99..ea4aba56f29d69 100644 --- a/fs/adfs/adfs.h +++ b/fs/adfs/adfs.h @@ -45,7 +45,7 @@ struct adfs_dir_ops; struct adfs_sb_info { union { struct { struct adfs_discmap *s_map; /* bh list containing map */ - struct adfs_dir_ops *s_dir; /* directory operations */ + const struct adfs_dir_ops *s_dir; /* directory operations */ }; struct rcu_head rcu; /* used only at shutdown time */ }; @@ -168,8 +168,8 @@ void __adfs_error(struct super_block *sb, const char *function, extern const struct inode_operations adfs_dir_inode_operations; extern const struct file_operations adfs_dir_operations; extern const struct dentry_operations adfs_dentry_operations; -extern struct adfs_dir_ops adfs_f_dir_ops; -extern struct adfs_dir_ops adfs_fplus_dir_ops; +extern const struct adfs_dir_ops adfs_f_dir_ops; +extern const struct adfs_dir_ops adfs_fplus_dir_ops; extern int adfs_dir_update(struct super_block *sb, struct object_info *obj, int wait); diff --git a/fs/adfs/dir.c b/fs/adfs/dir.c index 51c279a29845e6..fd4cf2c48e48e3 100644 --- a/fs/adfs/dir.c +++ b/fs/adfs/dir.c @@ -21,7 +21,7 @@ adfs_readdir(struct file *file, struct dir_context *ctx) { struct inode *inode = file_inode(file); struct super_block *sb = inode->i_sb; - struct adfs_dir_ops *ops = ADFS_SB(sb)->s_dir; + const struct adfs_dir_ops *ops = ADFS_SB(sb)->s_dir; struct object_info obj; struct adfs_dir dir; int ret = 0; @@ -69,7 +69,7 @@ adfs_dir_update(struct super_block *sb, struct object_info *obj, int wait) { int ret = -EINVAL; #ifdef CONFIG_ADFS_FS_RW - struct adfs_dir_ops *ops = ADFS_SB(sb)->s_dir; + const struct adfs_dir_ops *ops = ADFS_SB(sb)->s_dir; struct adfs_dir dir; printk(KERN_INFO "adfs_dir_update: object %06X in dir %06X\n", @@ -129,7 +129,7 @@ static int adfs_dir_lookup_byname(struct inode *inode, struct qstr *name, struct object_info *obj) { struct super_block *sb = inode->i_sb; - struct adfs_dir_ops *ops = ADFS_SB(sb)->s_dir; + const struct adfs_dir_ops *ops = ADFS_SB(sb)->s_dir; struct adfs_dir dir; int ret; diff --git a/fs/adfs/dir_f.c b/fs/adfs/dir_f.c index 4bbe853ee50a1e..0fbfd0b04ae09a 100644 --- a/fs/adfs/dir_f.c +++ b/fs/adfs/dir_f.c @@ -476,7 +476,7 @@ adfs_f_free(struct adfs_dir *dir) dir->sb = NULL; } -struct adfs_dir_ops adfs_f_dir_ops = { +const struct adfs_dir_ops adfs_f_dir_ops = { .read = adfs_f_read, .setpos = adfs_f_setpos, .getnext = adfs_f_getnext, diff --git a/fs/adfs/dir_fplus.c b/fs/adfs/dir_fplus.c index 82d14cdf70f9d0..c92cfb638c1832 100644 --- a/fs/adfs/dir_fplus.c +++ b/fs/adfs/dir_fplus.c @@ -256,7 +256,7 @@ adfs_fplus_free(struct adfs_dir *dir) dir->sb = NULL; } -struct adfs_dir_ops adfs_fplus_dir_ops = { +const struct adfs_dir_ops adfs_fplus_dir_ops = { .read = adfs_fplus_read, .setpos = adfs_fplus_setpos, .getnext = adfs_fplus_getnext, From 03927c8acb63100046260711c06ba28b6b5936fb Mon Sep 17 00:00:00 2001 From: Arnd Bergmann Date: Wed, 25 Nov 2015 16:22:25 +0100 Subject: [PATCH 13/63] coredump: Use 64bit time for unix time of coredump struct timeval on 32-bit systems will have its tv_sec value overflow in year 2038 and beyond. Use a 64 bit value to print time of the coredump in seconds. ktime_get_real_seconds is chosen here for efficiency reasons. Suggested by: Arnd Bergmann Signed-off-by: Tina Ruchandani Signed-off-by: Arnd Bergmann Signed-off-by: Al Viro --- fs/coredump.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/fs/coredump.c b/fs/coredump.c index 1777331eee767f..b3c153ca435d24 100644 --- a/fs/coredump.c +++ b/fs/coredump.c @@ -32,6 +32,7 @@ #include #include #include +#include #include #include @@ -232,9 +233,10 @@ static int format_corename(struct core_name *cn, struct coredump_params *cprm) break; /* UNIX time of coredump */ case 't': { - struct timeval tv; - do_gettimeofday(&tv); - err = cn_printf(cn, "%lu", tv.tv_sec); + time64_t time; + + time = ktime_get_real_seconds(); + err = cn_printf(cn, "%lld", time); break; } /* hostname */ From dfbf53ed548e838ab933d1a7072ffc38cba3bae8 Mon Sep 17 00:00:00 2001 From: Al Viro Date: Thu, 26 Nov 2015 23:24:14 -0500 Subject: [PATCH 14/63] vgaarb: remove bogus checks neither ->release() nor ->poll() can be called unless ->open() has succeeded on the same struct file, so checking for "has open() failed" is pointless. What's more, ->poll() doesn't return -E... - it always returns a bitmap of POLL... values, so the dead code in that one had been actively bogus. Signed-off-by: Al Viro --- drivers/gpu/vga/vgaarb.c | 7 ------- 1 file changed, 7 deletions(-) diff --git a/drivers/gpu/vga/vgaarb.c b/drivers/gpu/vga/vgaarb.c index 3166e4bc4eb6da..de083aade1057a 100644 --- a/drivers/gpu/vga/vgaarb.c +++ b/drivers/gpu/vga/vgaarb.c @@ -1161,12 +1161,8 @@ static ssize_t vga_arb_write(struct file *file, const char __user *buf, static unsigned int vga_arb_fpoll(struct file *file, poll_table *wait) { - struct vga_arb_private *priv = file->private_data; - pr_debug("%s\n", __func__); - if (priv == NULL) - return -ENODEV; poll_wait(file, &vga_wait_queue, wait); return POLLIN; } @@ -1207,9 +1203,6 @@ static int vga_arb_release(struct inode *inode, struct file *file) pr_debug("%s\n", __func__); - if (priv == NULL) - return -ENODEV; - spin_lock_irqsave(&vga_user_lock, flags); list_del(&priv->list); for (i = 0; i < MAX_USER_CARDS; i++) { From 57e3715cfa3fb01581555934d7191f8eabf740f4 Mon Sep 17 00:00:00 2001 From: Mike Marshall Date: Mon, 30 Nov 2015 11:11:59 -0500 Subject: [PATCH 15/63] typo in fs/namei.c comment Signed-off-by: Al Viro --- fs/namei.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/namei.c b/fs/namei.c index 0c3974cd3ecd55..e818ed135df02f 100644 --- a/fs/namei.c +++ b/fs/namei.c @@ -657,7 +657,7 @@ static bool legitimize_links(struct nameidata *nd) * Path walking has 2 modes, rcu-walk and ref-walk (see * Documentation/filesystems/path-lookup.txt). In situations when we can't * continue in RCU mode, we attempt to drop out of rcu-walk mode and grab - * normal reference counts on dentries and vfsmounts to transition to rcu-walk + * normal reference counts on dentries and vfsmounts to transition to ref-walk * mode. Refcounts are grabbed at the last known good point before rcu-walk * got stuck, so ref-walk may continue from there. If this is not successful * (eg. a seqcount has changed), then failure is returned and it's up to caller From 886f56f970f9c1563503cd71a572ba082b6a035b Mon Sep 17 00:00:00 2001 From: Al Viro Date: Sat, 5 Dec 2015 03:56:06 -0500 Subject: [PATCH 16/63] f2fs: it's umode_t, not mode_t... Signed-off-by: Al Viro --- fs/f2fs/f2fs.h | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/fs/f2fs/f2fs.h b/fs/f2fs/f2fs.h index 9db5500d63d980..ec6067c33a3fa0 100644 --- a/fs/f2fs/f2fs.h +++ b/fs/f2fs/f2fs.h @@ -1602,13 +1602,11 @@ static inline bool is_dot_dotdot(const struct qstr *str) static inline bool f2fs_may_extent_tree(struct inode *inode) { - mode_t mode = inode->i_mode; - if (!test_opt(F2FS_I_SB(inode), EXTENT_CACHE) || is_inode_flag_set(F2FS_I(inode), FI_NO_EXTENT)) return false; - return S_ISREG(mode); + return S_ISREG(inode->i_mode); } static inline void *f2fs_kvmalloc(size_t size, gfp_t flags) @@ -2121,7 +2119,7 @@ static inline int f2fs_sb_has_crypto(struct super_block *sb) static inline bool f2fs_may_encrypt(struct inode *inode) { #ifdef CONFIG_F2FS_FS_ENCRYPTION - mode_t mode = inode->i_mode; + umode_t mode = inode->i_mode; return (S_ISREG(mode) || S_ISDIR(mode) || S_ISLNK(mode)); #else From 0e81ba231239b58c8b17dca18c6345c13e793824 Mon Sep 17 00:00:00 2001 From: Al Viro Date: Sat, 5 Dec 2015 18:23:48 -0500 Subject: [PATCH 17/63] don't opencode iget_failed() Signed-off-by: Al Viro --- drivers/staging/lustre/lustre/llite/namei.c | 4 +--- fs/ecryptfs/inode.c | 4 +--- 2 files changed, 2 insertions(+), 6 deletions(-) diff --git a/drivers/staging/lustre/lustre/llite/namei.c b/drivers/staging/lustre/lustre/llite/namei.c index 2ca22001a534d8..64db5e86672fa3 100644 --- a/drivers/staging/lustre/lustre/llite/namei.c +++ b/drivers/staging/lustre/lustre/llite/namei.c @@ -126,9 +126,7 @@ struct inode *ll_iget(struct super_block *sb, ino_t hash, rc = cl_file_inode_init(inode, md); } if (rc != 0) { - make_bad_inode(inode); - unlock_new_inode(inode); - iput(inode); + iget_failed(inode); inode = ERR_PTR(rc); } else unlock_new_inode(inode); diff --git a/fs/ecryptfs/inode.c b/fs/ecryptfs/inode.c index e2e47ba5d313a5..92c5dae576b1ea 100644 --- a/fs/ecryptfs/inode.c +++ b/fs/ecryptfs/inode.c @@ -282,9 +282,7 @@ ecryptfs_create(struct inode *directory_inode, struct dentry *ecryptfs_dentry, if (rc) { ecryptfs_do_unlink(directory_inode, ecryptfs_dentry, ecryptfs_inode); - make_bad_inode(ecryptfs_inode); - unlock_new_inode(ecryptfs_inode); - iput(ecryptfs_inode); + iget_failed(ecryptfs_inode); goto out; } unlock_new_inode(ecryptfs_inode); From 9e6697e26f9888cdb6088664d31c3772b0dff0a4 Mon Sep 17 00:00:00 2001 From: Al Viro Date: Sat, 5 Dec 2015 20:07:21 -0500 Subject: [PATCH 18/63] namei.c: fold set_root_rcu() into set_root() Signed-off-by: Al Viro --- fs/namei.c | 44 ++++++++++++++++++++------------------------ 1 file changed, 20 insertions(+), 24 deletions(-) diff --git a/fs/namei.c b/fs/namei.c index e818ed135df02f..f89fe5f7eac389 100644 --- a/fs/namei.c +++ b/fs/namei.c @@ -806,20 +806,20 @@ static int complete_walk(struct nameidata *nd) } static void set_root(struct nameidata *nd) -{ - get_fs_root(current->fs, &nd->root); -} - -static void set_root_rcu(struct nameidata *nd) { struct fs_struct *fs = current->fs; - unsigned seq; - do { - seq = read_seqcount_begin(&fs->seq); - nd->root = fs->root; - nd->root_seq = __read_seqcount_begin(&nd->root.dentry->d_seq); - } while (read_seqcount_retry(&fs->seq, seq)); + if (nd->flags & LOOKUP_RCU) { + unsigned seq; + + do { + seq = read_seqcount_begin(&fs->seq); + nd->root = fs->root; + nd->root_seq = __read_seqcount_begin(&nd->root.dentry->d_seq); + } while (read_seqcount_retry(&fs->seq, seq)); + } else { + get_fs_root(fs, &nd->root); + } } static void path_put_conditional(struct path *path, struct nameidata *nd) @@ -1015,10 +1015,10 @@ const char *get_link(struct nameidata *nd) } } if (*res == '/') { + if (!nd->root.mnt) + set_root(nd); if (nd->flags & LOOKUP_RCU) { struct dentry *d; - if (!nd->root.mnt) - set_root_rcu(nd); nd->path = nd->root; d = nd->path.dentry; nd->inode = d->d_inode; @@ -1026,8 +1026,6 @@ const char *get_link(struct nameidata *nd) if (unlikely(read_seqcount_retry(&d->d_seq, nd->seq))) return ERR_PTR(-ECHILD); } else { - if (!nd->root.mnt) - set_root(nd); path_put(&nd->path); nd->path = nd->root; path_get(&nd->root); @@ -1294,8 +1292,6 @@ static bool __follow_mount_rcu(struct nameidata *nd, struct path *path, static int follow_dotdot_rcu(struct nameidata *nd) { struct inode *inode = nd->inode; - if (!nd->root.mnt) - set_root_rcu(nd); while (1) { if (path_equal(&nd->path, &nd->root)) @@ -1415,9 +1411,6 @@ static void follow_mount(struct path *path) static int follow_dotdot(struct nameidata *nd) { - if (!nd->root.mnt) - set_root(nd); - while(1) { struct dentry *old = nd->path.dentry; @@ -1655,6 +1648,8 @@ static inline int may_lookup(struct nameidata *nd) static inline int handle_dots(struct nameidata *nd, int type) { if (type == LAST_DOTDOT) { + if (!nd->root.mnt) + set_root(nd); if (nd->flags & LOOKUP_RCU) { return follow_dotdot_rcu(nd); } else @@ -2023,15 +2018,16 @@ static const char *path_init(struct nameidata *nd, unsigned flags) nd->m_seq = read_seqbegin(&mount_lock); if (*s == '/') { - if (flags & LOOKUP_RCU) { + if (flags & LOOKUP_RCU) rcu_read_lock(); - set_root_rcu(nd); + set_root(nd); + if (flags & LOOKUP_RCU) { nd->seq = nd->root_seq; + nd->path = nd->root; } else { - set_root(nd); path_get(&nd->root); + nd->path = nd->root; } - nd->path = nd->root; } else if (nd->dfd == AT_FDCWD) { if (flags & LOOKUP_RCU) { struct fs_struct *fs = current->fs; From ef55d91700d54f29b9ac301658b5b8f377ef3206 Mon Sep 17 00:00:00 2001 From: Al Viro Date: Sat, 5 Dec 2015 20:25:06 -0500 Subject: [PATCH 19/63] path_init(): set nd->inode earlier in cwd-relative case that allows to kill the recheck of nd->seq on the way out in this case, and this check on the way out is left only for absolute pathnames. Signed-off-by: Al Viro --- fs/namei.c | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) diff --git a/fs/namei.c b/fs/namei.c index f89fe5f7eac389..a08018b1485c32 100644 --- a/fs/namei.c +++ b/fs/namei.c @@ -2028,6 +2028,15 @@ static const char *path_init(struct nameidata *nd, unsigned flags) path_get(&nd->root); nd->path = nd->root; } + nd->inode = nd->path.dentry->d_inode; + if (!(flags & LOOKUP_RCU)) + return s; + if (likely(!read_seqcount_retry(&nd->path.dentry->d_seq, nd->seq))) + return s; + if (!(nd->flags & LOOKUP_ROOT)) + nd->root.mnt = NULL; + rcu_read_unlock(); + return ERR_PTR(-ECHILD); } else if (nd->dfd == AT_FDCWD) { if (flags & LOOKUP_RCU) { struct fs_struct *fs = current->fs; @@ -2038,11 +2047,14 @@ static const char *path_init(struct nameidata *nd, unsigned flags) do { seq = read_seqcount_begin(&fs->seq); nd->path = fs->pwd; + nd->inode = nd->path.dentry->d_inode; nd->seq = __read_seqcount_begin(&nd->path.dentry->d_seq); } while (read_seqcount_retry(&fs->seq, seq)); } else { get_fs_pwd(current->fs, &nd->path); + nd->inode = nd->path.dentry->d_inode; } + return s; } else { /* Caller must check execute permissions on the starting path component */ struct fd f = fdget_raw(nd->dfd); @@ -2072,16 +2084,6 @@ static const char *path_init(struct nameidata *nd, unsigned flags) fdput(f); return s; } - - nd->inode = nd->path.dentry->d_inode; - if (!(flags & LOOKUP_RCU)) - return s; - if (likely(!read_seqcount_retry(&nd->path.dentry->d_seq, nd->seq))) - return s; - if (!(nd->flags & LOOKUP_ROOT)) - nd->root.mnt = NULL; - rcu_read_unlock(); - return ERR_PTR(-ECHILD); } static const char *trailing_symlink(struct nameidata *nd) From 248fb5b9557aa117f0b8c68b8cf2ce436e4d839d Mon Sep 17 00:00:00 2001 From: Al Viro Date: Sat, 5 Dec 2015 20:51:58 -0500 Subject: [PATCH 20/63] namei.c: take "jump to root" into a new helper ... and use it both in path_init() (for absolute pathnames) and get_link() (for absolute symlinks). Signed-off-by: Al Viro --- fs/namei.c | 54 ++++++++++++++++++++++++++---------------------------- 1 file changed, 26 insertions(+), 28 deletions(-) diff --git a/fs/namei.c b/fs/namei.c index a08018b1485c32..0baf64b116bdce 100644 --- a/fs/namei.c +++ b/fs/namei.c @@ -841,6 +841,26 @@ static inline void path_to_nameidata(const struct path *path, nd->path.dentry = path->dentry; } +static int nd_jump_root(struct nameidata *nd) +{ + if (nd->flags & LOOKUP_RCU) { + struct dentry *d; + nd->path = nd->root; + d = nd->path.dentry; + nd->inode = d->d_inode; + nd->seq = nd->root_seq; + if (unlikely(read_seqcount_retry(&d->d_seq, nd->seq))) + return -ECHILD; + } else { + path_put(&nd->path); + nd->path = nd->root; + path_get(&nd->path); + nd->inode = nd->path.dentry->d_inode; + } + nd->flags |= LOOKUP_JUMPED; + return 0; +} + /* * Helper to directly jump to a known parsed path from ->follow_link, * caller must have taken a reference to path beforehand. @@ -1017,21 +1037,8 @@ const char *get_link(struct nameidata *nd) if (*res == '/') { if (!nd->root.mnt) set_root(nd); - if (nd->flags & LOOKUP_RCU) { - struct dentry *d; - nd->path = nd->root; - d = nd->path.dentry; - nd->inode = d->d_inode; - nd->seq = nd->root_seq; - if (unlikely(read_seqcount_retry(&d->d_seq, nd->seq))) - return ERR_PTR(-ECHILD); - } else { - path_put(&nd->path); - nd->path = nd->root; - path_get(&nd->root); - nd->inode = nd->path.dentry->d_inode; - } - nd->flags |= LOOKUP_JUMPED; + if (unlikely(nd_jump_root(nd))) + return ERR_PTR(-ECHILD); while (unlikely(*++res == '/')) ; } @@ -2015,26 +2022,17 @@ static const char *path_init(struct nameidata *nd, unsigned flags) } nd->root.mnt = NULL; + nd->path.mnt = NULL; + nd->path.dentry = NULL; nd->m_seq = read_seqbegin(&mount_lock); if (*s == '/') { if (flags & LOOKUP_RCU) rcu_read_lock(); set_root(nd); - if (flags & LOOKUP_RCU) { - nd->seq = nd->root_seq; - nd->path = nd->root; - } else { - path_get(&nd->root); - nd->path = nd->root; - } - nd->inode = nd->path.dentry->d_inode; - if (!(flags & LOOKUP_RCU)) - return s; - if (likely(!read_seqcount_retry(&nd->path.dentry->d_seq, nd->seq))) + if (likely(!nd_jump_root(nd))) return s; - if (!(nd->flags & LOOKUP_ROOT)) - nd->root.mnt = NULL; + nd->root.mnt = NULL; rcu_read_unlock(); return ERR_PTR(-ECHILD); } else if (nd->dfd == AT_FDCWD) { From e1a63bbc40c00d5198b1c1d133b139e962f5e872 Mon Sep 17 00:00:00 2001 From: Al Viro Date: Sat, 5 Dec 2015 21:06:33 -0500 Subject: [PATCH 21/63] restore_nameidata(): no need to clear now->stack microoptimization: in all callers *now is in the frame we are about to leave. Signed-off-by: Al Viro --- fs/namei.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/fs/namei.c b/fs/namei.c index 0baf64b116bdce..9e102aca348032 100644 --- a/fs/namei.c +++ b/fs/namei.c @@ -534,10 +534,8 @@ static void restore_nameidata(void) current->nameidata = old; if (old) old->total_link_count = now->total_link_count; - if (now->stack != now->internal) { + if (now->stack != now->internal) kfree(now->stack); - now->stack = now->internal; - } } static int __nd_alloc_stack(struct nameidata *nd) From b808b1d632f6915e4d6b1badb927b2c970ad11bb Mon Sep 17 00:00:00 2001 From: Al Viro Date: Sat, 5 Dec 2015 21:39:06 -0500 Subject: [PATCH 22/63] don't open-code generic_file_llseek_size() Signed-off-by: Al Viro --- arch/powerpc/kernel/nvram_64.c | 19 +++---------------- drivers/char/generic_nvram.c | 21 +++------------------ drivers/char/mbcs.c | 28 +++------------------------- drivers/char/nvram.c | 18 +++--------------- 4 files changed, 12 insertions(+), 74 deletions(-) diff --git a/arch/powerpc/kernel/nvram_64.c b/arch/powerpc/kernel/nvram_64.c index 32e26526f7e4e0..0cab9e8c379486 100644 --- a/arch/powerpc/kernel/nvram_64.c +++ b/arch/powerpc/kernel/nvram_64.c @@ -27,6 +27,7 @@ #include #include #include +#include #include #include #include @@ -733,24 +734,10 @@ static void oops_to_nvram(struct kmsg_dumper *dumper, static loff_t dev_nvram_llseek(struct file *file, loff_t offset, int origin) { - int size; - if (ppc_md.nvram_size == NULL) return -ENODEV; - size = ppc_md.nvram_size(); - - switch (origin) { - case 1: - offset += file->f_pos; - break; - case 2: - offset += size; - break; - } - if (offset < 0) - return -EINVAL; - file->f_pos = offset; - return file->f_pos; + return generic_file_llseek_size(file, offset, origin, MAX_LFS_FILESIZE, + ppc_md.nvram_size()); } diff --git a/drivers/char/generic_nvram.c b/drivers/char/generic_nvram.c index 6c4f4b5a9dd3ae..073db955837936 100644 --- a/drivers/char/generic_nvram.c +++ b/drivers/char/generic_nvram.c @@ -20,6 +20,7 @@ #include #include #include +#include #include #include #ifdef CONFIG_PPC_PMAC @@ -33,24 +34,8 @@ static ssize_t nvram_len; static loff_t nvram_llseek(struct file *file, loff_t offset, int origin) { - switch (origin) { - case 0: - break; - case 1: - offset += file->f_pos; - break; - case 2: - offset += nvram_len; - break; - default: - offset = -1; - } - if (offset < 0) - return -EINVAL; - - file->f_pos = offset; - - return file->f_pos; + return generic_file_llseek_size(file, offset, origin, + MAX_LFS_FILESIZE, nvram_len); } static ssize_t read_nvram(struct file *file, char __user *buf, diff --git a/drivers/char/mbcs.c b/drivers/char/mbcs.c index e5d3e3f7a49bcd..67d426470e5341 100644 --- a/drivers/char/mbcs.c +++ b/drivers/char/mbcs.c @@ -26,6 +26,7 @@ #include #include #include +#include #include #include #include @@ -451,31 +452,8 @@ mbcs_sram_write(struct file * fp, const char __user *buf, size_t len, loff_t * o static loff_t mbcs_sram_llseek(struct file * filp, loff_t off, int whence) { - loff_t newpos; - - switch (whence) { - case SEEK_SET: - newpos = off; - break; - - case SEEK_CUR: - newpos = filp->f_pos + off; - break; - - case SEEK_END: - newpos = MBCS_SRAM_SIZE + off; - break; - - default: /* can't happen */ - return -EINVAL; - } - - if (newpos < 0) - return -EINVAL; - - filp->f_pos = newpos; - - return newpos; + return generic_file_llseek_size(filp, off, whence, MAX_LFS_FILESIZE, + MBCS_SRAM_SIZE); } static uint64_t mbcs_pioaddr(struct mbcs_soft *soft, uint64_t offset) diff --git a/drivers/char/nvram.c b/drivers/char/nvram.c index 97c2d8d433d622..01292328a45677 100644 --- a/drivers/char/nvram.c +++ b/drivers/char/nvram.c @@ -110,6 +110,7 @@ #include #include #include +#include static DEFINE_MUTEX(nvram_mutex); @@ -213,21 +214,8 @@ void nvram_set_checksum(void) static loff_t nvram_llseek(struct file *file, loff_t offset, int origin) { - switch (origin) { - case 0: - /* nothing to do */ - break; - case 1: - offset += file->f_pos; - break; - case 2: - offset += NVRAM_BYTES; - break; - default: - return -EINVAL; - } - - return (offset >= 0) ? (file->f_pos = offset) : -EINVAL; + return generic_file_llseek_size(file, offset, origin, MAX_LFS_FILESIZE, + NVRAM_BYTES); } static ssize_t nvram_read(struct file *file, char __user *buf, From b25472f9b96159cc0b9b7ed449448805973cd789 Mon Sep 17 00:00:00 2001 From: Al Viro Date: Sat, 5 Dec 2015 22:04:48 -0500 Subject: [PATCH 23/63] new helpers: no_seek_end_llseek{,_size}() Signed-off-by: Al Viro --- arch/sparc/kernel/mdesc.c | 20 ++---------- arch/x86/kernel/cpuid.c | 24 +-------------- arch/x86/kernel/msr.c | 24 +-------------- drivers/char/nwflash.c | 31 +------------------ drivers/net/wireless/ti/wlcore/debugfs.c | 17 +---------- drivers/s390/char/vmur.c | 15 +-------- drivers/s390/char/zcore.c | 13 +------- drivers/usb/core/devices.c | 26 +--------------- drivers/usb/core/devio.c | 26 +--------------- drivers/usb/host/uhci-debug.c | 23 ++------------ drivers/usb/misc/sisusbvga/sisusb.c | 16 +--------- fs/read_write.c | 39 ++++++++++++++++++++++++ include/linux/fs.h | 2 ++ 13 files changed, 54 insertions(+), 222 deletions(-) diff --git a/arch/sparc/kernel/mdesc.c b/arch/sparc/kernel/mdesc.c index 6f80936e0eea4d..11228861d9b471 100644 --- a/arch/sparc/kernel/mdesc.c +++ b/arch/sparc/kernel/mdesc.c @@ -1033,25 +1033,9 @@ static ssize_t mdesc_read(struct file *file, char __user *buf, static loff_t mdesc_llseek(struct file *file, loff_t offset, int whence) { - struct mdesc_handle *hp; - - switch (whence) { - case SEEK_CUR: - offset += file->f_pos; - break; - case SEEK_SET: - break; - default: - return -EINVAL; - } - - hp = file->private_data; - if (offset > hp->handle_size) - return -EINVAL; - else - file->f_pos = offset; + struct mdesc_handle *hp = file->private_data; - return offset; + return no_seek_end_llseek_size(file, offset, whence, hp->handle_size); } /* mdesc_close() - /dev/mdesc is being closed, release the reference to diff --git a/arch/x86/kernel/cpuid.c b/arch/x86/kernel/cpuid.c index bd3507da39f016..2836de390f95cd 100644 --- a/arch/x86/kernel/cpuid.c +++ b/arch/x86/kernel/cpuid.c @@ -58,28 +58,6 @@ static void cpuid_smp_cpuid(void *cmd_block) &cmd->eax, &cmd->ebx, &cmd->ecx, &cmd->edx); } -static loff_t cpuid_seek(struct file *file, loff_t offset, int orig) -{ - loff_t ret; - struct inode *inode = file->f_mapping->host; - - mutex_lock(&inode->i_mutex); - switch (orig) { - case 0: - file->f_pos = offset; - ret = file->f_pos; - break; - case 1: - file->f_pos += offset; - ret = file->f_pos; - break; - default: - ret = -EINVAL; - } - mutex_unlock(&inode->i_mutex); - return ret; -} - static ssize_t cpuid_read(struct file *file, char __user *buf, size_t count, loff_t *ppos) { @@ -132,7 +110,7 @@ static int cpuid_open(struct inode *inode, struct file *file) */ static const struct file_operations cpuid_fops = { .owner = THIS_MODULE, - .llseek = cpuid_seek, + .llseek = no_seek_end_llseek, .read = cpuid_read, .open = cpuid_open, }; diff --git a/arch/x86/kernel/msr.c b/arch/x86/kernel/msr.c index 113e70784854fb..64f9616f93f1ec 100644 --- a/arch/x86/kernel/msr.c +++ b/arch/x86/kernel/msr.c @@ -45,28 +45,6 @@ static struct class *msr_class; -static loff_t msr_seek(struct file *file, loff_t offset, int orig) -{ - loff_t ret; - struct inode *inode = file_inode(file); - - mutex_lock(&inode->i_mutex); - switch (orig) { - case SEEK_SET: - file->f_pos = offset; - ret = file->f_pos; - break; - case SEEK_CUR: - file->f_pos += offset; - ret = file->f_pos; - break; - default: - ret = -EINVAL; - } - mutex_unlock(&inode->i_mutex); - return ret; -} - static ssize_t msr_read(struct file *file, char __user *buf, size_t count, loff_t *ppos) { @@ -194,7 +172,7 @@ static int msr_open(struct inode *inode, struct file *file) */ static const struct file_operations msr_fops = { .owner = THIS_MODULE, - .llseek = msr_seek, + .llseek = no_seek_end_llseek, .read = msr_read, .write = msr_write, .open = msr_open, diff --git a/drivers/char/nwflash.c b/drivers/char/nwflash.c index e371480d363949..dbe598de9b74ff 100644 --- a/drivers/char/nwflash.c +++ b/drivers/char/nwflash.c @@ -277,36 +277,7 @@ static loff_t flash_llseek(struct file *file, loff_t offset, int orig) printk(KERN_DEBUG "flash_llseek: offset=0x%X, orig=0x%X.\n", (unsigned int) offset, orig); - switch (orig) { - case 0: - if (offset < 0) { - ret = -EINVAL; - break; - } - - if ((unsigned int) offset > gbFlashSize) { - ret = -EINVAL; - break; - } - - file->f_pos = (unsigned int) offset; - ret = file->f_pos; - break; - case 1: - if ((file->f_pos + offset) > gbFlashSize) { - ret = -EINVAL; - break; - } - if ((file->f_pos + offset) < 0) { - ret = -EINVAL; - break; - } - file->f_pos += offset; - ret = file->f_pos; - break; - default: - ret = -EINVAL; - } + ret = no_seek_end_llseek_size(file, offset, orig, gbFlashSize); mutex_unlock(&flash_mutex); return ret; } diff --git a/drivers/net/wireless/ti/wlcore/debugfs.c b/drivers/net/wireless/ti/wlcore/debugfs.c index eb43f94a15973f..be72306f8c695b 100644 --- a/drivers/net/wireless/ti/wlcore/debugfs.c +++ b/drivers/net/wireless/ti/wlcore/debugfs.c @@ -1205,26 +1205,11 @@ static ssize_t dev_mem_write(struct file *file, const char __user *user_buf, static loff_t dev_mem_seek(struct file *file, loff_t offset, int orig) { - loff_t ret; - /* only requests of dword-aligned size and offset are supported */ if (offset % 4) return -EINVAL; - switch (orig) { - case SEEK_SET: - file->f_pos = offset; - ret = file->f_pos; - break; - case SEEK_CUR: - file->f_pos += offset; - ret = file->f_pos; - break; - default: - ret = -EINVAL; - } - - return ret; + return no_seek_end_llseek(file, offset, orig); } static const struct file_operations dev_mem_ops = { diff --git a/drivers/s390/char/vmur.c b/drivers/s390/char/vmur.c index 0efb27f6f1999f..6c30e93ab8fa25 100644 --- a/drivers/s390/char/vmur.c +++ b/drivers/s390/char/vmur.c @@ -782,24 +782,11 @@ static int ur_release(struct inode *inode, struct file *file) static loff_t ur_llseek(struct file *file, loff_t offset, int whence) { - loff_t newpos; - if ((file->f_flags & O_ACCMODE) != O_RDONLY) return -ESPIPE; /* seek allowed only for reader */ if (offset % PAGE_SIZE) return -ESPIPE; /* only multiples of 4K allowed */ - switch (whence) { - case 0: /* SEEK_SET */ - newpos = offset; - break; - case 1: /* SEEK_CUR */ - newpos = file->f_pos + offset; - break; - default: - return -EINVAL; - } - file->f_pos = newpos; - return newpos; + return no_seek_end_llseek(file, offset, whence); } static const struct file_operations ur_fops = { diff --git a/drivers/s390/char/zcore.c b/drivers/s390/char/zcore.c index 823f41fc4bbd67..3339b862ec1701 100644 --- a/drivers/s390/char/zcore.c +++ b/drivers/s390/char/zcore.c @@ -385,18 +385,7 @@ static loff_t zcore_lseek(struct file *file, loff_t offset, int orig) loff_t rc; mutex_lock(&zcore_mutex); - switch (orig) { - case 0: - file->f_pos = offset; - rc = file->f_pos; - break; - case 1: - file->f_pos += offset; - rc = file->f_pos; - break; - default: - rc = -EINVAL; - } + rc = no_seek_end_llseek(file, offset, orig); mutex_unlock(&zcore_mutex); return rc; } diff --git a/drivers/usb/core/devices.c b/drivers/usb/core/devices.c index 2a3bbdf7eb9407..cffa0a0d7de282 100644 --- a/drivers/usb/core/devices.c +++ b/drivers/usb/core/devices.c @@ -661,32 +661,8 @@ static unsigned int usb_device_poll(struct file *file, return 0; } -static loff_t usb_device_lseek(struct file *file, loff_t offset, int orig) -{ - loff_t ret; - - mutex_lock(&file_inode(file)->i_mutex); - - switch (orig) { - case 0: - file->f_pos = offset; - ret = file->f_pos; - break; - case 1: - file->f_pos += offset; - ret = file->f_pos; - break; - case 2: - default: - ret = -EINVAL; - } - - mutex_unlock(&file_inode(file)->i_mutex); - return ret; -} - const struct file_operations usbfs_devices_fops = { - .llseek = usb_device_lseek, + .llseek = no_seek_end_llseek, .read = usb_device_read, .poll = usb_device_poll, }; diff --git a/drivers/usb/core/devio.c b/drivers/usb/core/devio.c index 38ae877c46e312..dbc3e143453a01 100644 --- a/drivers/usb/core/devio.c +++ b/drivers/usb/core/devio.c @@ -157,30 +157,6 @@ static int connected(struct usb_dev_state *ps) ps->dev->state != USB_STATE_NOTATTACHED); } -static loff_t usbdev_lseek(struct file *file, loff_t offset, int orig) -{ - loff_t ret; - - mutex_lock(&file_inode(file)->i_mutex); - - switch (orig) { - case 0: - file->f_pos = offset; - ret = file->f_pos; - break; - case 1: - file->f_pos += offset; - ret = file->f_pos; - break; - case 2: - default: - ret = -EINVAL; - } - - mutex_unlock(&file_inode(file)->i_mutex); - return ret; -} - static ssize_t usbdev_read(struct file *file, char __user *buf, size_t nbytes, loff_t *ppos) { @@ -2366,7 +2342,7 @@ static unsigned int usbdev_poll(struct file *file, const struct file_operations usbdev_file_operations = { .owner = THIS_MODULE, - .llseek = usbdev_lseek, + .llseek = no_seek_end_llseek, .read = usbdev_read, .poll = usbdev_poll, .unlocked_ioctl = usbdev_ioctl, diff --git a/drivers/usb/host/uhci-debug.c b/drivers/usb/host/uhci-debug.c index 1b28a000d5c62c..9c6635d43db0d8 100644 --- a/drivers/usb/host/uhci-debug.c +++ b/drivers/usb/host/uhci-debug.c @@ -584,27 +584,8 @@ static int uhci_debug_open(struct inode *inode, struct file *file) static loff_t uhci_debug_lseek(struct file *file, loff_t off, int whence) { - struct uhci_debug *up; - loff_t new = -1; - - up = file->private_data; - - /* - * XXX: atomic 64bit seek access, but that needs to be fixed in the VFS - */ - switch (whence) { - case 0: - new = off; - break; - case 1: - new = file->f_pos + off; - break; - } - - if (new < 0 || new > up->size) - return -EINVAL; - - return (file->f_pos = new); + struct uhci_debug *up = file->private_data; + return no_seek_end_llseek_size(file, off, whence, up->size); } static ssize_t uhci_debug_read(struct file *file, char __user *buf, diff --git a/drivers/usb/misc/sisusbvga/sisusb.c b/drivers/usb/misc/sisusbvga/sisusb.c index 306d6852ebc726..8efbabacc84e6b 100644 --- a/drivers/usb/misc/sisusbvga/sisusb.c +++ b/drivers/usb/misc/sisusbvga/sisusb.c @@ -2825,21 +2825,7 @@ sisusb_lseek(struct file *file, loff_t offset, int orig) return -ENODEV; } - switch (orig) { - case 0: - file->f_pos = offset; - ret = file->f_pos; - /* never negative, no force_successful_syscall needed */ - break; - case 1: - file->f_pos += offset; - ret = file->f_pos; - /* never negative, no force_successful_syscall needed */ - break; - default: - /* seeking relative to "end of file" is not supported */ - ret = -EINVAL; - } + ret = no_seek_end_llseek(file, offset, orig); mutex_unlock(&sisusb->lock); return ret; diff --git a/fs/read_write.c b/fs/read_write.c index 819ef3faf1bb71..acb1713312783a 100644 --- a/fs/read_write.c +++ b/fs/read_write.c @@ -170,6 +170,45 @@ loff_t fixed_size_llseek(struct file *file, loff_t offset, int whence, loff_t si } EXPORT_SYMBOL(fixed_size_llseek); +/** + * no_seek_end_llseek - llseek implementation for fixed-sized devices + * @file: file structure to seek on + * @offset: file offset to seek to + * @whence: type of seek + * + */ +loff_t no_seek_end_llseek(struct file *file, loff_t offset, int whence) +{ + switch (whence) { + case SEEK_SET: case SEEK_CUR: + return generic_file_llseek_size(file, offset, whence, + ~0ULL, 0); + default: + return -EINVAL; + } +} +EXPORT_SYMBOL(no_seek_end_llseek); + +/** + * no_seek_end_llseek_size - llseek implementation for fixed-sized devices + * @file: file structure to seek on + * @offset: file offset to seek to + * @whence: type of seek + * @size: maximal offset allowed + * + */ +loff_t no_seek_end_llseek_size(struct file *file, loff_t offset, int whence, loff_t size) +{ + switch (whence) { + case SEEK_SET: case SEEK_CUR: + return generic_file_llseek_size(file, offset, whence, + size, 0); + default: + return -EINVAL; + } +} +EXPORT_SYMBOL(no_seek_end_llseek_size); + /** * noop_llseek - No Operation Performed llseek implementation * @file: file structure to seek on diff --git a/include/linux/fs.h b/include/linux/fs.h index bd1447661e3cee..fb0fa224d8e849 100644 --- a/include/linux/fs.h +++ b/include/linux/fs.h @@ -2660,6 +2660,8 @@ extern loff_t generic_file_llseek_size(struct file *file, loff_t offset, int whence, loff_t maxsize, loff_t eof); extern loff_t fixed_size_llseek(struct file *file, loff_t offset, int whence, loff_t size); +extern loff_t no_seek_end_llseek_size(struct file *, loff_t, int, loff_t); +extern loff_t no_seek_end_llseek(struct file *, loff_t, int); extern int generic_file_open(struct inode * inode, struct file * filp); extern int nonseekable_open(struct inode * inode, struct file * filp); From c62432b40b5e03c25faf2c8f8547bba4908b8945 Mon Sep 17 00:00:00 2001 From: Al Viro Date: Sun, 6 Dec 2015 12:18:55 -0500 Subject: [PATCH 24/63] [mips] switch pvc_proc_cleanup() to remove_proc_subtree() Signed-off-by: Al Viro --- arch/mips/lasat/picvue_proc.c | 18 ++++++------------ 1 file changed, 6 insertions(+), 12 deletions(-) diff --git a/arch/mips/lasat/picvue_proc.c b/arch/mips/lasat/picvue_proc.c index 2bcd8391bc93a0..b420958806678a 100644 --- a/arch/mips/lasat/picvue_proc.c +++ b/arch/mips/lasat/picvue_proc.c @@ -22,7 +22,6 @@ static DEFINE_MUTEX(pvc_mutex); static char pvc_lines[PVC_NLINES][PVC_LINELEN+1]; static int pvc_linedata[PVC_NLINES]; -static struct proc_dir_entry *pvc_display_dir; static char *pvc_linename[PVC_NLINES] = {"line1", "line2"}; #define DISPLAY_DIR_NAME "display" static int scroll_dir, scroll_interval; @@ -169,22 +168,17 @@ void pvc_proc_timerfunc(unsigned long data) static void pvc_proc_cleanup(void) { - int i; - for (i = 0; i < PVC_NLINES; i++) - remove_proc_entry(pvc_linename[i], pvc_display_dir); - remove_proc_entry("scroll", pvc_display_dir); - remove_proc_entry(DISPLAY_DIR_NAME, NULL); - + remove_proc_subtree(DISPLAY_DIR_NAME, NULL); del_timer_sync(&timer); } static int __init pvc_proc_init(void) { - struct proc_dir_entry *proc_entry; + struct proc_dir_entry *dir, *proc_entry; int i; - pvc_display_dir = proc_mkdir(DISPLAY_DIR_NAME, NULL); - if (pvc_display_dir == NULL) + dir = proc_mkdir(DISPLAY_DIR_NAME, NULL); + if (dir == NULL) goto error; for (i = 0; i < PVC_NLINES; i++) { @@ -192,12 +186,12 @@ static int __init pvc_proc_init(void) pvc_linedata[i] = i; } for (i = 0; i < PVC_NLINES; i++) { - proc_entry = proc_create_data(pvc_linename[i], 0644, pvc_display_dir, + proc_entry = proc_create_data(pvc_linename[i], 0644, dir, &pvc_line_proc_fops, &pvc_linedata[i]); if (proc_entry == NULL) goto error; } - proc_entry = proc_create("scroll", 0644, pvc_display_dir, + proc_entry = proc_create("scroll", 0644, dir, &pvc_scroll_proc_fops); if (proc_entry == NULL) goto error; From e9d408e107db9a554b36c3a79f67b37dd3e16da0 Mon Sep 17 00:00:00 2001 From: Al Viro Date: Thu, 24 Dec 2015 00:06:05 -0500 Subject: [PATCH 25/63] new helper: memdup_user_nul() Similar to memdup_user(), except that allocated buffer is one byte longer and '\0' is stored after the copied data. Signed-off-by: Al Viro --- include/linux/string.h | 1 + mm/util.c | 31 +++++++++++++++++++++++++++++++ 2 files changed, 32 insertions(+) diff --git a/include/linux/string.h b/include/linux/string.h index 9ef7795e65e40c..9eebc66d957a7f 100644 --- a/include/linux/string.h +++ b/include/linux/string.h @@ -10,6 +10,7 @@ extern char *strndup_user(const char __user *, long); extern void *memdup_user(const void __user *, size_t); +extern void *memdup_user_nul(const void __user *, size_t); /* * Include machine specific inline routines diff --git a/mm/util.c b/mm/util.c index 9af1c12b310c7f..2d28f793004314 100644 --- a/mm/util.c +++ b/mm/util.c @@ -176,6 +176,37 @@ char *strndup_user(const char __user *s, long n) } EXPORT_SYMBOL(strndup_user); +/** + * memdup_user_nul - duplicate memory region from user space and NUL-terminate + * + * @src: source address in user space + * @len: number of bytes to copy + * + * Returns an ERR_PTR() on failure. + */ +void *memdup_user_nul(const void __user *src, size_t len) +{ + char *p; + + /* + * Always use GFP_KERNEL, since copy_from_user() can sleep and + * cause pagefault, which makes it pointless to use GFP_NOFS + * or GFP_ATOMIC. + */ + p = kmalloc_track_caller(len + 1, GFP_KERNEL); + if (!p) + return ERR_PTR(-ENOMEM); + + if (copy_from_user(p, src, len)) { + kfree(p); + return ERR_PTR(-EFAULT); + } + p[len] = '\0'; + + return p; +} +EXPORT_SYMBOL(memdup_user_nul); + void __vma_link_list(struct mm_struct *mm, struct vm_area_struct *vma, struct vm_area_struct *prev, struct rb_node *rb_parent) { From 16e5c1fc36040e592128a164499bc25eb138a80f Mon Sep 17 00:00:00 2001 From: Al Viro Date: Thu, 24 Dec 2015 00:06:05 -0500 Subject: [PATCH 26/63] convert a bunch of open-coded instances of memdup_user_nul() A _lot_ of ->write() instances were open-coding it; some are converted to memdup_user_nul(), a lot more remain... Signed-off-by: Al Viro --- arch/xtensa/platforms/iss/simdisk.c | 12 +-- drivers/net/wireless/ath/wil6210/debugfs.c | 12 +-- drivers/s390/char/vmcp.c | 11 +- drivers/sbus/char/openprom.c | 13 +-- fs/afs/proc.c | 25 ++--- fs/cachefiles/daemon.c | 12 +-- fs/dlm/user.c | 11 +- kernel/trace/blktrace.c | 12 +-- lib/dynamic_debug.c | 11 +- net/rxrpc/ar-key.c | 24 ++--- security/smack/smackfs.c | 114 ++++++--------------- security/tomoyo/securityfs_if.c | 11 +- 12 files changed, 71 insertions(+), 197 deletions(-) diff --git a/arch/xtensa/platforms/iss/simdisk.c b/arch/xtensa/platforms/iss/simdisk.c index 3c3ace2c46b613..f58a4e6472cbc5 100644 --- a/arch/xtensa/platforms/iss/simdisk.c +++ b/arch/xtensa/platforms/iss/simdisk.c @@ -227,16 +227,12 @@ static ssize_t proc_read_simdisk(struct file *file, char __user *buf, static ssize_t proc_write_simdisk(struct file *file, const char __user *buf, size_t count, loff_t *ppos) { - char *tmp = kmalloc(count + 1, GFP_KERNEL); + char *tmp = memdup_user_nul(buf, count); struct simdisk *dev = PDE_DATA(file_inode(file)); int err; - if (tmp == NULL) - return -ENOMEM; - if (copy_from_user(tmp, buf, count)) { - err = -EFAULT; - goto out_free; - } + if (IS_ERR(tmp)) + return PTR_ERR(tmp); err = simdisk_detach(dev); if (err != 0) @@ -244,8 +240,6 @@ static ssize_t proc_write_simdisk(struct file *file, const char __user *buf, if (count > 0 && tmp[count - 1] == '\n') tmp[count - 1] = 0; - else - tmp[count] = 0; if (tmp[0]) err = simdisk_attach(dev, tmp); diff --git a/drivers/net/wireless/ath/wil6210/debugfs.c b/drivers/net/wireless/ath/wil6210/debugfs.c index 97bc186f972824..a1d10b85989f7b 100644 --- a/drivers/net/wireless/ath/wil6210/debugfs.c +++ b/drivers/net/wireless/ath/wil6210/debugfs.c @@ -580,16 +580,10 @@ static ssize_t wil_write_file_rxon(struct file *file, const char __user *buf, long channel; bool on; - char *kbuf = kmalloc(len + 1, GFP_KERNEL); - - if (!kbuf) - return -ENOMEM; - if (copy_from_user(kbuf, buf, len)) { - kfree(kbuf); - return -EIO; - } + char *kbuf = memdup_user_nul(buf, len); - kbuf[len] = '\0'; + if (IS_ERR(kbuf)) + return PTR_ERR(kbuf); rc = kstrtol(kbuf, 0, &channel); kfree(kbuf); if (rc) diff --git a/drivers/s390/char/vmcp.c b/drivers/s390/char/vmcp.c index 0fdedadff7bc84..2a67b496a9e288 100644 --- a/drivers/s390/char/vmcp.c +++ b/drivers/s390/char/vmcp.c @@ -88,14 +88,9 @@ vmcp_write(struct file *file, const char __user *buff, size_t count, if (count > 240) return -EINVAL; - cmd = kmalloc(count + 1, GFP_KERNEL); - if (!cmd) - return -ENOMEM; - if (copy_from_user(cmd, buff, count)) { - kfree(cmd); - return -EFAULT; - } - cmd[count] = '\0'; + cmd = memdup_user_nul(buff, count); + if (IS_ERR(cmd)) + return PTR_ERR(cmd); session = file->private_data; if (mutex_lock_interruptible(&session->mutex)) { kfree(cmd); diff --git a/drivers/sbus/char/openprom.c b/drivers/sbus/char/openprom.c index 5843288f64bc00..e077ebd8931985 100644 --- a/drivers/sbus/char/openprom.c +++ b/drivers/sbus/char/openprom.c @@ -390,16 +390,9 @@ static int copyin_string(char __user *user, size_t len, char **ptr) if ((ssize_t)len < 0 || (ssize_t)(len + 1) < 0) return -EINVAL; - tmp = kmalloc(len + 1, GFP_KERNEL); - if (!tmp) - return -ENOMEM; - - if (copy_from_user(tmp, user, len)) { - kfree(tmp); - return -EFAULT; - } - - tmp[len] = '\0'; + tmp = memdup_user_nul(user, len); + if (IS_ERR(tmp)) + return PTR_ERR(tmp); *ptr = tmp; diff --git a/fs/afs/proc.c b/fs/afs/proc.c index 24a905b076fd77..2853b40953442c 100644 --- a/fs/afs/proc.c +++ b/fs/afs/proc.c @@ -230,14 +230,9 @@ static ssize_t afs_proc_cells_write(struct file *file, const char __user *buf, if (size <= 1 || size >= PAGE_SIZE) return -EINVAL; - kbuf = kmalloc(size + 1, GFP_KERNEL); - if (!kbuf) - return -ENOMEM; - - ret = -EFAULT; - if (copy_from_user(kbuf, buf, size) != 0) - goto done; - kbuf[size] = 0; + kbuf = memdup_user_nul(buf, size); + if (IS_ERR(kbuf)) + return PTR_ERR(kbuf); /* trim to first NL */ name = memchr(kbuf, '\n', size); @@ -315,15 +310,9 @@ static ssize_t afs_proc_rootcell_write(struct file *file, if (size <= 1 || size >= PAGE_SIZE) return -EINVAL; - ret = -ENOMEM; - kbuf = kmalloc(size + 1, GFP_KERNEL); - if (!kbuf) - goto nomem; - - ret = -EFAULT; - if (copy_from_user(kbuf, buf, size) != 0) - goto infault; - kbuf[size] = 0; + kbuf = memdup_user_nul(buf, size); + if (IS_ERR(kbuf)) + return PTR_ERR(kbuf); /* trim to first NL */ s = memchr(kbuf, '\n', size); @@ -337,9 +326,7 @@ static ssize_t afs_proc_rootcell_write(struct file *file, if (ret >= 0) ret = size; /* consume everything, always */ -infault: kfree(kbuf); -nomem: _leave(" = %d", ret); return ret; } diff --git a/fs/cachefiles/daemon.c b/fs/cachefiles/daemon.c index f601def05bdf00..452e98dd756053 100644 --- a/fs/cachefiles/daemon.c +++ b/fs/cachefiles/daemon.c @@ -226,15 +226,9 @@ static ssize_t cachefiles_daemon_write(struct file *file, return -EOPNOTSUPP; /* drag the command string into the kernel so we can parse it */ - data = kmalloc(datalen + 1, GFP_KERNEL); - if (!data) - return -ENOMEM; - - ret = -EFAULT; - if (copy_from_user(data, _data, datalen) != 0) - goto error; - - data[datalen] = '\0'; + data = memdup_user_nul(_data, datalen); + if (IS_ERR(data)) + return PTR_ERR(data); ret = -EINVAL; if (memchr(data, '\0', datalen)) diff --git a/fs/dlm/user.c b/fs/dlm/user.c index 173b3873a4f4ee..1925d6d222b87f 100644 --- a/fs/dlm/user.c +++ b/fs/dlm/user.c @@ -515,14 +515,9 @@ static ssize_t device_write(struct file *file, const char __user *buf, if (count > sizeof(struct dlm_write_request) + DLM_RESNAME_MAXLEN) return -EINVAL; - kbuf = kzalloc(count + 1, GFP_NOFS); - if (!kbuf) - return -ENOMEM; - - if (copy_from_user(kbuf, buf, count)) { - error = -EFAULT; - goto out_free; - } + kbuf = memdup_user_nul(buf, count); + if (!IS_ERR(kbuf)) + return PTR_ERR(kbuf); if (check_version(kbuf)) { error = -EBADE; diff --git a/kernel/trace/blktrace.c b/kernel/trace/blktrace.c index a990824c860447..2aeb6ffc0a1e87 100644 --- a/kernel/trace/blktrace.c +++ b/kernel/trace/blktrace.c @@ -349,16 +349,10 @@ static ssize_t blk_msg_write(struct file *filp, const char __user *buffer, if (count >= BLK_TN_MAX_MSG) return -EINVAL; - msg = kmalloc(count + 1, GFP_KERNEL); - if (msg == NULL) - return -ENOMEM; - - if (copy_from_user(msg, buffer, count)) { - kfree(msg); - return -EFAULT; - } + msg = memdup_user_nul(buffer, count); + if (IS_ERR(msg)) + return PTR_ERR(msg); - msg[count] = '\0'; bt = filp->private_data; __trace_note_message(bt, "%s", msg); kfree(msg); diff --git a/lib/dynamic_debug.c b/lib/dynamic_debug.c index e3952e9c8ec042..fe42b6ec3f0ce4 100644 --- a/lib/dynamic_debug.c +++ b/lib/dynamic_debug.c @@ -657,14 +657,9 @@ static ssize_t ddebug_proc_write(struct file *file, const char __user *ubuf, pr_warn("expected <%d bytes into control\n", USER_BUF_PAGE); return -E2BIG; } - tmpbuf = kmalloc(len + 1, GFP_KERNEL); - if (!tmpbuf) - return -ENOMEM; - if (copy_from_user(tmpbuf, ubuf, len)) { - kfree(tmpbuf); - return -EFAULT; - } - tmpbuf[len] = '\0'; + tmpbuf = memdup_user_nul(ubuf, len); + if (IS_ERR(tmpbuf)) + return PTR_ERR(tmpbuf); vpr_info("read %d bytes from userspace\n", (int)len); ret = ddebug_exec_queries(tmpbuf, NULL); diff --git a/net/rxrpc/ar-key.c b/net/rxrpc/ar-key.c index da3cc09f683e98..3f6571651d32eb 100644 --- a/net/rxrpc/ar-key.c +++ b/net/rxrpc/ar-key.c @@ -896,15 +896,9 @@ int rxrpc_request_key(struct rxrpc_sock *rx, char __user *optval, int optlen) if (optlen <= 0 || optlen > PAGE_SIZE - 1) return -EINVAL; - description = kmalloc(optlen + 1, GFP_KERNEL); - if (!description) - return -ENOMEM; - - if (copy_from_user(description, optval, optlen)) { - kfree(description); - return -EFAULT; - } - description[optlen] = 0; + description = memdup_user_nul(optval, optlen); + if (IS_ERR(description)) + return PTR_ERR(description); key = request_key(&key_type_rxrpc, description, NULL); if (IS_ERR(key)) { @@ -933,15 +927,9 @@ int rxrpc_server_keyring(struct rxrpc_sock *rx, char __user *optval, if (optlen <= 0 || optlen > PAGE_SIZE - 1) return -EINVAL; - description = kmalloc(optlen + 1, GFP_KERNEL); - if (!description) - return -ENOMEM; - - if (copy_from_user(description, optval, optlen)) { - kfree(description); - return -EFAULT; - } - description[optlen] = 0; + description = memdup_user_nul(optval, optlen); + if (IS_ERR(description)) + return PTR_ERR(description); key = request_key(&key_type_keyring, description, NULL); if (IS_ERR(key)) { diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c index 94bd9e41c9ecb3..e249a66db53393 100644 --- a/security/smack/smackfs.c +++ b/security/smack/smackfs.c @@ -497,14 +497,9 @@ static ssize_t smk_write_rules_list(struct file *file, const char __user *buf, } } - data = kmalloc(count + 1, GFP_KERNEL); - if (data == NULL) - return -ENOMEM; - - if (copy_from_user(data, buf, count) != 0) { - rc = -EFAULT; - goto out; - } + data = memdup_user_nul(buf, count); + if (IS_ERR(data)) + return PTR_ERR(data); /* * In case of parsing only part of user buf, @@ -884,16 +879,10 @@ static ssize_t smk_set_cipso(struct file *file, const char __user *buf, (count < SMK_CIPSOMIN || count > SMK_CIPSOMAX)) return -EINVAL; - data = kzalloc(count + 1, GFP_KERNEL); - if (data == NULL) - return -ENOMEM; - - if (copy_from_user(data, buf, count) != 0) { - rc = -EFAULT; - goto unlockedout; - } + data = memdup_user_nul(buf, count); + if (IS_ERR(data)) + return PTR_ERR(data); - data[count] = '\0'; rule = data; /* * Only allow one writer at a time. Writes should be @@ -946,7 +935,6 @@ static ssize_t smk_set_cipso(struct file *file, const char __user *buf, out: mutex_unlock(&smack_cipso_lock); -unlockedout: kfree(data); return rc; } @@ -1187,14 +1175,9 @@ static ssize_t smk_write_net4addr(struct file *file, const char __user *buf, if (count < SMK_NETLBLADDRMIN) return -EINVAL; - data = kzalloc(count + 1, GFP_KERNEL); - if (data == NULL) - return -ENOMEM; - - if (copy_from_user(data, buf, count) != 0) { - rc = -EFAULT; - goto free_data_out; - } + data = memdup_user_nul(buf, count); + if (IS_ERR(data)) + return PTR_ERR(data); smack = kzalloc(count + 1, GFP_KERNEL); if (smack == NULL) { @@ -1202,8 +1185,6 @@ static ssize_t smk_write_net4addr(struct file *file, const char __user *buf, goto free_data_out; } - data[count] = '\0'; - rc = sscanf(data, "%hhd.%hhd.%hhd.%hhd/%u %s", &host[0], &host[1], &host[2], &host[3], &masks, smack); if (rc != 6) { @@ -1454,14 +1435,9 @@ static ssize_t smk_write_net6addr(struct file *file, const char __user *buf, if (count < SMK_NETLBLADDRMIN) return -EINVAL; - data = kzalloc(count + 1, GFP_KERNEL); - if (data == NULL) - return -ENOMEM; - - if (copy_from_user(data, buf, count) != 0) { - rc = -EFAULT; - goto free_data_out; - } + data = memdup_user_nul(buf, count); + if (IS_ERR(data)) + return PTR_ERR(data); smack = kzalloc(count + 1, GFP_KERNEL); if (smack == NULL) { @@ -1469,8 +1445,6 @@ static ssize_t smk_write_net6addr(struct file *file, const char __user *buf, goto free_data_out; } - data[count] = '\0'; - i = sscanf(data, "%x:%x:%x:%x:%x:%x:%x:%x/%u %s", &scanned[0], &scanned[1], &scanned[2], &scanned[3], &scanned[4], &scanned[5], &scanned[6], &scanned[7], @@ -1865,14 +1839,9 @@ static ssize_t smk_write_ambient(struct file *file, const char __user *buf, if (!smack_privileged(CAP_MAC_ADMIN)) return -EPERM; - data = kzalloc(count + 1, GFP_KERNEL); - if (data == NULL) - return -ENOMEM; - - if (copy_from_user(data, buf, count) != 0) { - rc = -EFAULT; - goto out; - } + data = memdup_user_nul(buf, count); + if (IS_ERR(data)) + return PTR_ERR(data); skp = smk_import_entry(data, count); if (IS_ERR(skp)) { @@ -2041,14 +2010,9 @@ static ssize_t smk_write_onlycap(struct file *file, const char __user *buf, if (!smack_privileged(CAP_MAC_ADMIN)) return -EPERM; - data = kzalloc(count + 1, GFP_KERNEL); - if (data == NULL) - return -ENOMEM; - - if (copy_from_user(data, buf, count) != 0) { - kfree(data); - return -EFAULT; - } + data = memdup_user_nul(buf, count); + if (IS_ERR(data)) + return PTR_ERR(data); rc = smk_parse_label_list(data, &list_tmp); kfree(data); @@ -2133,14 +2097,9 @@ static ssize_t smk_write_unconfined(struct file *file, const char __user *buf, if (!smack_privileged(CAP_MAC_ADMIN)) return -EPERM; - data = kzalloc(count + 1, GFP_KERNEL); - if (data == NULL) - return -ENOMEM; - - if (copy_from_user(data, buf, count) != 0) { - rc = -EFAULT; - goto freeout; - } + data = memdup_user_nul(buf, count); + if (IS_ERR(data)) + return PTR_ERR(data); /* * Clear the smack_unconfined on invalid label errors. This means @@ -2696,19 +2655,15 @@ static ssize_t smk_write_syslog(struct file *file, const char __user *buf, if (!smack_privileged(CAP_MAC_ADMIN)) return -EPERM; - data = kzalloc(count + 1, GFP_KERNEL); - if (data == NULL) - return -ENOMEM; + data = memdup_user_nul(buf, count); + if (IS_ERR(data)) + return PTR_ERR(data); - if (copy_from_user(data, buf, count) != 0) - rc = -EFAULT; - else { - skp = smk_import_entry(data, count); - if (IS_ERR(skp)) - rc = PTR_ERR(skp); - else - smack_syslog_label = skp; - } + skp = smk_import_entry(data, count); + if (IS_ERR(skp)) + rc = PTR_ERR(skp); + else + smack_syslog_label = skp; kfree(data); return rc; @@ -2798,14 +2753,9 @@ static ssize_t smk_write_relabel_self(struct file *file, const char __user *buf, if (*ppos != 0) return -EINVAL; - data = kzalloc(count + 1, GFP_KERNEL); - if (data == NULL) - return -ENOMEM; - - if (copy_from_user(data, buf, count) != 0) { - kfree(data); - return -EFAULT; - } + data = memdup_user_nul(buf, count); + if (IS_ERR(data)) + return PTR_ERR(data); rc = smk_parse_label_list(data, &list_tmp); kfree(data); diff --git a/security/tomoyo/securityfs_if.c b/security/tomoyo/securityfs_if.c index 179a955b319df9..06ab41b1ff286a 100644 --- a/security/tomoyo/securityfs_if.c +++ b/security/tomoyo/securityfs_if.c @@ -43,13 +43,9 @@ static ssize_t tomoyo_write_self(struct file *file, const char __user *buf, int error; if (!count || count >= TOMOYO_EXEC_TMPSIZE - 10) return -ENOMEM; - data = kzalloc(count + 1, GFP_NOFS); - if (!data) - return -ENOMEM; - if (copy_from_user(data, buf, count)) { - error = -EFAULT; - goto out; - } + data = memdup_user_nul(buf, count); + if (IS_ERR(data)) + return PTR_ERR(data); tomoyo_normalize_line(data); if (tomoyo_correct_domain(data)) { const int idx = tomoyo_read_lock(); @@ -87,7 +83,6 @@ static ssize_t tomoyo_write_self(struct file *file, const char __user *buf, tomoyo_read_unlock(idx); } else error = -EINVAL; -out: kfree(data); return error ? error : count; } From 8365a71946bb1075f5e0e6357fe0f0b92404d966 Mon Sep 17 00:00:00 2001 From: Al Viro Date: Thu, 24 Dec 2015 00:08:06 -0500 Subject: [PATCH 27/63] selinuxfs: switch to memdup_user_nul() Nothing in there gives a damn about the buffer alignment - it just parses its contents. So the use of get_zeroed_page() doesn't buy us anything - might as well had been kmalloc(), which makes that code equivalent to open-coded memdup_user_nul() Signed-off-by: Al Viro --- security/selinux/selinuxfs.c | 114 +++++++++++++---------------------- 1 file changed, 41 insertions(+), 73 deletions(-) diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c index c02da25d7b6319..73c60baa90a473 100644 --- a/security/selinux/selinuxfs.c +++ b/security/selinux/selinuxfs.c @@ -147,23 +147,16 @@ static ssize_t sel_write_enforce(struct file *file, const char __user *buf, ssize_t length; int new_value; - length = -ENOMEM; if (count >= PAGE_SIZE) - goto out; + return -ENOMEM; /* No partial writes. */ - length = -EINVAL; if (*ppos != 0) - goto out; - - length = -ENOMEM; - page = (char *)get_zeroed_page(GFP_KERNEL); - if (!page) - goto out; + return -EINVAL; - length = -EFAULT; - if (copy_from_user(page, buf, count)) - goto out; + page = memdup_user_nul(buf, count); + if (IS_ERR(page)) + return PTR_ERR(page); length = -EINVAL; if (sscanf(page, "%d", &new_value) != 1) @@ -186,7 +179,7 @@ static ssize_t sel_write_enforce(struct file *file, const char __user *buf, } length = count; out: - free_page((unsigned long) page); + kfree(page); return length; } #else @@ -275,27 +268,20 @@ static ssize_t sel_write_disable(struct file *file, const char __user *buf, size_t count, loff_t *ppos) { - char *page = NULL; + char *page; ssize_t length; int new_value; - length = -ENOMEM; if (count >= PAGE_SIZE) - goto out; + return -ENOMEM; /* No partial writes. */ - length = -EINVAL; if (*ppos != 0) - goto out; - - length = -ENOMEM; - page = (char *)get_zeroed_page(GFP_KERNEL); - if (!page) - goto out; + return -EINVAL; - length = -EFAULT; - if (copy_from_user(page, buf, count)) - goto out; + page = memdup_user_nul(buf, count); + if (IS_ERR(page)) + return PTR_ERR(page); length = -EINVAL; if (sscanf(page, "%d", &new_value) != 1) @@ -313,7 +299,7 @@ static ssize_t sel_write_disable(struct file *file, const char __user *buf, length = count; out: - free_page((unsigned long) page); + kfree(page); return length; } #else @@ -611,31 +597,24 @@ static ssize_t sel_read_checkreqprot(struct file *filp, char __user *buf, static ssize_t sel_write_checkreqprot(struct file *file, const char __user *buf, size_t count, loff_t *ppos) { - char *page = NULL; + char *page; ssize_t length; unsigned int new_value; length = task_has_security(current, SECURITY__SETCHECKREQPROT); if (length) - goto out; + return length; - length = -ENOMEM; if (count >= PAGE_SIZE) - goto out; + return -ENOMEM; /* No partial writes. */ - length = -EINVAL; if (*ppos != 0) - goto out; - - length = -ENOMEM; - page = (char *)get_zeroed_page(GFP_KERNEL); - if (!page) - goto out; + return -EINVAL; - length = -EFAULT; - if (copy_from_user(page, buf, count)) - goto out; + page = memdup_user_nul(buf, count); + if (IS_ERR(page)) + return PTR_ERR(page); length = -EINVAL; if (sscanf(page, "%u", &new_value) != 1) @@ -644,7 +623,7 @@ static ssize_t sel_write_checkreqprot(struct file *file, const char __user *buf, selinux_checkreqprot = new_value ? 1 : 0; length = count; out: - free_page((unsigned long) page); + kfree(page); return length; } static const struct file_operations sel_checkreqprot_ops = { @@ -1100,14 +1079,12 @@ static ssize_t sel_write_bool(struct file *filep, const char __user *buf, if (*ppos != 0) goto out; - length = -ENOMEM; - page = (char *)get_zeroed_page(GFP_KERNEL); - if (!page) - goto out; - - length = -EFAULT; - if (copy_from_user(page, buf, count)) + page = memdup_user_nul(buf, count); + if (IS_ERR(page)) { + length = PTR_ERR(page); + page = NULL; goto out; + } length = -EINVAL; if (sscanf(page, "%d", &new_value) != 1) @@ -1121,7 +1098,7 @@ static ssize_t sel_write_bool(struct file *filep, const char __user *buf, out: mutex_unlock(&sel_mutex); - free_page((unsigned long) page); + kfree(page); return length; } @@ -1154,14 +1131,12 @@ static ssize_t sel_commit_bools_write(struct file *filep, if (*ppos != 0) goto out; - length = -ENOMEM; - page = (char *)get_zeroed_page(GFP_KERNEL); - if (!page) - goto out; - - length = -EFAULT; - if (copy_from_user(page, buf, count)) + page = memdup_user_nul(buf, count); + if (IS_ERR(page)) { + length = PTR_ERR(page); + page = NULL; goto out; + } length = -EINVAL; if (sscanf(page, "%d", &new_value) != 1) @@ -1176,7 +1151,7 @@ static ssize_t sel_commit_bools_write(struct file *filep, out: mutex_unlock(&sel_mutex); - free_page((unsigned long) page); + kfree(page); return length; } @@ -1292,31 +1267,24 @@ static ssize_t sel_write_avc_cache_threshold(struct file *file, size_t count, loff_t *ppos) { - char *page = NULL; + char *page; ssize_t ret; int new_value; ret = task_has_security(current, SECURITY__SETSECPARAM); if (ret) - goto out; + return ret; - ret = -ENOMEM; if (count >= PAGE_SIZE) - goto out; + return -ENOMEM; /* No partial writes. */ - ret = -EINVAL; if (*ppos != 0) - goto out; - - ret = -ENOMEM; - page = (char *)get_zeroed_page(GFP_KERNEL); - if (!page) - goto out; + return -EINVAL; - ret = -EFAULT; - if (copy_from_user(page, buf, count)) - goto out; + page = memdup_user_nul(buf, count); + if (IS_ERR(page)) + return PTR_ERR(page); ret = -EINVAL; if (sscanf(page, "%u", &new_value) != 1) @@ -1326,7 +1294,7 @@ static ssize_t sel_write_avc_cache_threshold(struct file *file, ret = count; out: - free_page((unsigned long)page); + kfree(page); return ret; } From f0fc86966253ad244f53841e3d8db2cf9f862019 Mon Sep 17 00:00:00 2001 From: Al Viro Date: Thu, 24 Dec 2015 00:10:20 -0500 Subject: [PATCH 28/63] switch wireless debugfs ->write() instances to memdup_user_nul() again, it only parses the contents of the copied buffer, so get_zeroed_page() might as well had been kmalloc(), which makes it open-coded memdup_user_nul() Signed-off-by: Al Viro --- drivers/net/wireless/libertas/debugfs.c | 181 +++++++++--------------- drivers/net/wireless/mwifiex/debugfs.c | 82 ++++------- 2 files changed, 89 insertions(+), 174 deletions(-) diff --git a/drivers/net/wireless/libertas/debugfs.c b/drivers/net/wireless/libertas/debugfs.c index 26cbf1dcc6620f..faed1823c58ec2 100644 --- a/drivers/net/wireless/libertas/debugfs.c +++ b/drivers/net/wireless/libertas/debugfs.c @@ -56,19 +56,15 @@ static ssize_t lbs_sleepparams_write(struct file *file, loff_t *ppos) { struct lbs_private *priv = file->private_data; - ssize_t buf_size, ret; + ssize_t ret; struct sleep_params sp; int p1, p2, p3, p4, p5, p6; - unsigned long addr = get_zeroed_page(GFP_KERNEL); - char *buf = (char *)addr; - if (!buf) - return -ENOMEM; + char *buf; + + buf = memdup_user_nul(user_buf, min(count, len - 1)); + if (IS_ERR(buf)) + return PTR_ERR(buf); - buf_size = min(count, len - 1); - if (copy_from_user(buf, user_buf, buf_size)) { - ret = -EFAULT; - goto out_unlock; - } ret = sscanf(buf, "%d %d %d %d %d %d", &p1, &p2, &p3, &p4, &p5, &p6); if (ret != 6) { ret = -EINVAL; @@ -88,7 +84,7 @@ static ssize_t lbs_sleepparams_write(struct file *file, ret = -EINVAL; out_unlock: - free_page(addr); + kfree(buf); return ret; } @@ -125,18 +121,14 @@ static ssize_t lbs_host_sleep_write(struct file *file, loff_t *ppos) { struct lbs_private *priv = file->private_data; - ssize_t buf_size, ret; + ssize_t ret; int host_sleep; - unsigned long addr = get_zeroed_page(GFP_KERNEL); - char *buf = (char *)addr; - if (!buf) - return -ENOMEM; + char *buf; + + buf = memdup_user_nul(user_buf, min(count, len - 1)); + if (IS_ERR(buf)) + return PTR_ERR(buf); - buf_size = min(count, len - 1); - if (copy_from_user(buf, user_buf, buf_size)) { - ret = -EFAULT; - goto out_unlock; - } ret = sscanf(buf, "%d", &host_sleep); if (ret != 1) { ret = -EINVAL; @@ -162,7 +154,7 @@ static ssize_t lbs_host_sleep_write(struct file *file, ret = count; out_unlock: - free_page(addr); + kfree(buf); return ret; } @@ -281,21 +273,15 @@ static ssize_t lbs_threshold_write(uint16_t tlv_type, uint16_t event_mask, struct cmd_ds_802_11_subscribe_event *events; struct mrvl_ie_thresholds *tlv; struct lbs_private *priv = file->private_data; - ssize_t buf_size; int value, freq, new_mask; uint16_t curr_mask; char *buf; int ret; - buf = (char *)get_zeroed_page(GFP_KERNEL); - if (!buf) - return -ENOMEM; + buf = memdup_user_nul(userbuf, min(count, len - 1)); + if (IS_ERR(buf)) + return PTR_ERR(buf); - buf_size = min(count, len - 1); - if (copy_from_user(buf, userbuf, buf_size)) { - ret = -EFAULT; - goto out_page; - } ret = sscanf(buf, "%d %d %d", &value, &freq, &new_mask); if (ret != 3) { ret = -EINVAL; @@ -343,7 +329,7 @@ static ssize_t lbs_threshold_write(uint16_t tlv_type, uint16_t event_mask, out_events: kfree(events); out_page: - free_page((unsigned long)buf); + kfree(buf); return ret; } @@ -472,22 +458,15 @@ static ssize_t lbs_rdmac_write(struct file *file, size_t count, loff_t *ppos) { struct lbs_private *priv = file->private_data; - ssize_t res, buf_size; - unsigned long addr = get_zeroed_page(GFP_KERNEL); - char *buf = (char *)addr; - if (!buf) - return -ENOMEM; + char *buf; + + buf = memdup_user_nul(userbuf, min(count, len - 1)); + if (IS_ERR(buf)) + return PTR_ERR(buf); - buf_size = min(count, len - 1); - if (copy_from_user(buf, userbuf, buf_size)) { - res = -EFAULT; - goto out_unlock; - } priv->mac_offset = simple_strtoul(buf, NULL, 16); - res = count; -out_unlock: - free_page(addr); - return res; + kfree(buf); + return count; } static ssize_t lbs_wrmac_write(struct file *file, @@ -496,18 +475,14 @@ static ssize_t lbs_wrmac_write(struct file *file, { struct lbs_private *priv = file->private_data; - ssize_t res, buf_size; + ssize_t res; u32 offset, value; - unsigned long addr = get_zeroed_page(GFP_KERNEL); - char *buf = (char *)addr; - if (!buf) - return -ENOMEM; + char *buf; + + buf = memdup_user_nul(userbuf, min(count, len - 1)); + if (IS_ERR(buf)) + return PTR_ERR(buf); - buf_size = min(count, len - 1); - if (copy_from_user(buf, userbuf, buf_size)) { - res = -EFAULT; - goto out_unlock; - } res = sscanf(buf, "%x %x", &offset, &value); if (res != 2) { res = -EFAULT; @@ -520,7 +495,7 @@ static ssize_t lbs_wrmac_write(struct file *file, if (!res) res = count; out_unlock: - free_page(addr); + kfree(buf); return res; } @@ -554,22 +529,16 @@ static ssize_t lbs_rdbbp_write(struct file *file, size_t count, loff_t *ppos) { struct lbs_private *priv = file->private_data; - ssize_t res, buf_size; - unsigned long addr = get_zeroed_page(GFP_KERNEL); - char *buf = (char *)addr; - if (!buf) - return -ENOMEM; + char *buf; + + buf = memdup_user_nul(userbuf, min(count, len - 1)); + if (IS_ERR(buf)) + return PTR_ERR(buf); - buf_size = min(count, len - 1); - if (copy_from_user(buf, userbuf, buf_size)) { - res = -EFAULT; - goto out_unlock; - } priv->bbp_offset = simple_strtoul(buf, NULL, 16); - res = count; -out_unlock: - free_page(addr); - return res; + kfree(buf); + + return count; } static ssize_t lbs_wrbbp_write(struct file *file, @@ -578,18 +547,14 @@ static ssize_t lbs_wrbbp_write(struct file *file, { struct lbs_private *priv = file->private_data; - ssize_t res, buf_size; + ssize_t res; u32 offset, value; - unsigned long addr = get_zeroed_page(GFP_KERNEL); - char *buf = (char *)addr; - if (!buf) - return -ENOMEM; + char *buf; + + buf = memdup_user_nul(userbuf, min(count, len - 1)); + if (IS_ERR(buf)) + return PTR_ERR(buf); - buf_size = min(count, len - 1); - if (copy_from_user(buf, userbuf, buf_size)) { - res = -EFAULT; - goto out_unlock; - } res = sscanf(buf, "%x %x", &offset, &value); if (res != 2) { res = -EFAULT; @@ -602,7 +567,7 @@ static ssize_t lbs_wrbbp_write(struct file *file, if (!res) res = count; out_unlock: - free_page(addr); + kfree(buf); return res; } @@ -636,22 +601,15 @@ static ssize_t lbs_rdrf_write(struct file *file, size_t count, loff_t *ppos) { struct lbs_private *priv = file->private_data; - ssize_t res, buf_size; - unsigned long addr = get_zeroed_page(GFP_KERNEL); - char *buf = (char *)addr; - if (!buf) - return -ENOMEM; + char *buf; + + buf = memdup_user_nul(userbuf, min(count, len - 1)); + if (IS_ERR(buf)) + return PTR_ERR(buf); - buf_size = min(count, len - 1); - if (copy_from_user(buf, userbuf, buf_size)) { - res = -EFAULT; - goto out_unlock; - } priv->rf_offset = simple_strtoul(buf, NULL, 16); - res = count; -out_unlock: - free_page(addr); - return res; + kfree(buf); + return count; } static ssize_t lbs_wrrf_write(struct file *file, @@ -660,18 +618,14 @@ static ssize_t lbs_wrrf_write(struct file *file, { struct lbs_private *priv = file->private_data; - ssize_t res, buf_size; + ssize_t res; u32 offset, value; - unsigned long addr = get_zeroed_page(GFP_KERNEL); - char *buf = (char *)addr; - if (!buf) - return -ENOMEM; + char *buf; + + buf = memdup_user_nul(userbuf, min(count, len - 1)); + if (IS_ERR(buf)) + return PTR_ERR(buf); - buf_size = min(count, len - 1); - if (copy_from_user(buf, userbuf, buf_size)) { - res = -EFAULT; - goto out_unlock; - } res = sscanf(buf, "%x %x", &offset, &value); if (res != 2) { res = -EFAULT; @@ -684,7 +638,7 @@ static ssize_t lbs_wrrf_write(struct file *file, if (!res) res = count; out_unlock: - free_page(addr); + kfree(buf); return res; } @@ -915,16 +869,9 @@ static ssize_t lbs_debugfs_write(struct file *f, const char __user *buf, if (cnt == 0) return 0; - pdata = kmalloc(cnt + 1, GFP_KERNEL); - if (pdata == NULL) - return 0; - - if (copy_from_user(pdata, buf, cnt)) { - lbs_deb_debugfs("Copy from user failed\n"); - kfree(pdata); - return 0; - } - pdata[cnt] = '\0'; + pdata = memdup_user_nul(buf, cnt); + if (IS_ERR(pdata)) + return PTR_ERR(pdata); p0 = pdata; for (i = 0; i < num_of_items; i++) { diff --git a/drivers/net/wireless/mwifiex/debugfs.c b/drivers/net/wireless/mwifiex/debugfs.c index 9824d8dd2b4447..241e1c3fbf0859 100644 --- a/drivers/net/wireless/mwifiex/debugfs.c +++ b/drivers/net/wireless/mwifiex/debugfs.c @@ -447,20 +447,13 @@ static ssize_t mwifiex_regrdwr_write(struct file *file, const char __user *ubuf, size_t count, loff_t *ppos) { - unsigned long addr = get_zeroed_page(GFP_KERNEL); - char *buf = (char *) addr; - size_t buf_size = min_t(size_t, count, PAGE_SIZE - 1); + char *buf; int ret; u32 reg_type = 0, reg_offset = 0, reg_value = UINT_MAX; - if (!buf) - return -ENOMEM; - - - if (copy_from_user(buf, ubuf, buf_size)) { - ret = -EFAULT; - goto done; - } + buf = memdup_user_nul(ubuf, min(count, (size_t)(PAGE_SIZE - 1))); + if (IS_ERR(buf)) + return PTR_ERR(buf); sscanf(buf, "%u %x %x", ®_type, ®_offset, ®_value); @@ -474,7 +467,7 @@ mwifiex_regrdwr_write(struct file *file, ret = count; } done: - free_page(addr); + kfree(buf); return ret; } @@ -572,17 +565,11 @@ mwifiex_debug_mask_write(struct file *file, const char __user *ubuf, int ret; unsigned long debug_mask; struct mwifiex_private *priv = (void *)file->private_data; - unsigned long addr = get_zeroed_page(GFP_KERNEL); - char *buf = (void *)addr; - size_t buf_size = min(count, (size_t)(PAGE_SIZE - 1)); + char *buf; - if (!buf) - return -ENOMEM; - - if (copy_from_user(buf, ubuf, buf_size)) { - ret = -EFAULT; - goto done; - } + buf = memdup_user_nul(ubuf, min(count, (size_t)(PAGE_SIZE - 1))); + if (IS_ERR(buf)) + return PTR_ERR(buf); if (kstrtoul(buf, 0, &debug_mask)) { ret = -EINVAL; @@ -592,7 +579,7 @@ mwifiex_debug_mask_write(struct file *file, const char __user *ubuf, priv->adapter->debug_mask = debug_mask; ret = count; done: - free_page(addr); + kfree(buf); return ret; } @@ -609,17 +596,11 @@ mwifiex_memrw_write(struct file *file, const char __user *ubuf, size_t count, struct mwifiex_ds_mem_rw mem_rw; u16 cmd_action; struct mwifiex_private *priv = (void *)file->private_data; - unsigned long addr = get_zeroed_page(GFP_KERNEL); - char *buf = (void *)addr; - size_t buf_size = min(count, (size_t)(PAGE_SIZE - 1)); - - if (!buf) - return -ENOMEM; + char *buf; - if (copy_from_user(buf, ubuf, buf_size)) { - ret = -EFAULT; - goto done; - } + buf = memdup_user_nul(ubuf, min(count, (size_t)(PAGE_SIZE - 1))); + if (IS_ERR(buf)) + return PTR_ERR(buf); ret = sscanf(buf, "%c %x %x", &cmd, &mem_rw.addr, &mem_rw.value); if (ret != 3) { @@ -645,7 +626,7 @@ mwifiex_memrw_write(struct file *file, const char __user *ubuf, size_t count, ret = count; done: - free_page(addr); + kfree(buf); return ret; } @@ -686,20 +667,13 @@ static ssize_t mwifiex_rdeeprom_write(struct file *file, const char __user *ubuf, size_t count, loff_t *ppos) { - unsigned long addr = get_zeroed_page(GFP_KERNEL); - char *buf = (char *) addr; - size_t buf_size = min_t(size_t, count, PAGE_SIZE - 1); + char *buf; int ret = 0; int offset = -1, bytes = -1; - if (!buf) - return -ENOMEM; - - - if (copy_from_user(buf, ubuf, buf_size)) { - ret = -EFAULT; - goto done; - } + buf = memdup_user_nul(ubuf, min(count, (size_t)(PAGE_SIZE - 1))); + if (IS_ERR(buf)) + return PTR_ERR(buf); sscanf(buf, "%d %d", &offset, &bytes); @@ -712,7 +686,7 @@ mwifiex_rdeeprom_write(struct file *file, ret = count; } done: - free_page(addr); + kfree(buf); return ret; } @@ -771,21 +745,15 @@ mwifiex_hscfg_write(struct file *file, const char __user *ubuf, size_t count, loff_t *ppos) { struct mwifiex_private *priv = (void *)file->private_data; - unsigned long addr = get_zeroed_page(GFP_KERNEL); - char *buf = (char *)addr; - size_t buf_size = min_t(size_t, count, PAGE_SIZE - 1); + char *buf; int ret, arg_num; struct mwifiex_ds_hs_cfg hscfg; int conditions = HS_CFG_COND_DEF; u32 gpio = HS_CFG_GPIO_DEF, gap = HS_CFG_GAP_DEF; - if (!buf) - return -ENOMEM; - - if (copy_from_user(buf, ubuf, buf_size)) { - ret = -EFAULT; - goto done; - } + buf = memdup_user_nul(ubuf, min(count, (size_t)(PAGE_SIZE - 1))); + if (IS_ERR(buf)) + return PTR_ERR(buf); arg_num = sscanf(buf, "%d %x %x", &conditions, &gpio, &gap); @@ -823,7 +791,7 @@ mwifiex_hscfg_write(struct file *file, const char __user *ubuf, priv->adapter->hs_enabling = false; ret = count; done: - free_page(addr); + kfree(buf); return ret; } From e4e85bb091d13afef7b1a10b4bd209b442be8863 Mon Sep 17 00:00:00 2001 From: Al Viro Date: Thu, 24 Dec 2015 00:12:09 -0500 Subject: [PATCH 29/63] cciss: switch to memdup_user_nul() all we do to buffer is strncmp()... Signed-off-by: Al Viro --- drivers/block/cciss.c | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) diff --git a/drivers/block/cciss.c b/drivers/block/cciss.c index 0422c47261c3a0..b38bd06d564c8d 100644 --- a/drivers/block/cciss.c +++ b/drivers/block/cciss.c @@ -514,14 +514,9 @@ cciss_proc_write(struct file *file, const char __user *buf, if (!buf || length > PAGE_SIZE - 1) return -EINVAL; - buffer = (char *)__get_free_page(GFP_KERNEL); - if (!buffer) - return -ENOMEM; - - err = -EFAULT; - if (copy_from_user(buffer, buf, length)) - goto out; - buffer[length] = '\0'; + buffer = memdup_user_nul(buf, length); + if (IS_ERR(buffer)) + return PTR_ERR(buffer); #ifdef CONFIG_CISS_SCSI_TAPE if (strncmp(ENGAGE_SCSI, buffer, sizeof ENGAGE_SCSI - 1) == 0) { @@ -537,8 +532,7 @@ cciss_proc_write(struct file *file, const char __user *buf, /* might be nice to have "disengage" too, but it's not safely possible. (only 1 module use count, lock issues.) */ -out: - free_page((unsigned long)buffer); + kfree(buffer); return err; } From 70f6cbb6f9c95535acd327d1ac1ce5fd078cff1e Mon Sep 17 00:00:00 2001 From: Al Viro Date: Thu, 24 Dec 2015 00:13:10 -0500 Subject: [PATCH 30/63] kernel/*: switch to memdup_user_nul() Signed-off-by: Al Viro --- kernel/sysctl.c | 79 ++++++++++------------------- kernel/trace/trace_events.c | 28 +++------- kernel/trace/trace_events_trigger.c | 15 ++---- kernel/user_namespace.c | 21 +++----- 4 files changed, 48 insertions(+), 95 deletions(-) diff --git a/kernel/sysctl.c b/kernel/sysctl.c index dc6858d6639ed0..5faf89ac9ec089 100644 --- a/kernel/sysctl.c +++ b/kernel/sysctl.c @@ -2047,9 +2047,8 @@ static int __do_proc_dointvec(void *tbl_data, struct ctl_table *table, void *data) { int *i, vleft, first = 1, err = 0; - unsigned long page = 0; size_t left; - char *kbuf; + char *kbuf = NULL, *p; if (!tbl_data || !table->maxlen || !*lenp || (*ppos && !write)) { *lenp = 0; @@ -2078,15 +2077,9 @@ static int __do_proc_dointvec(void *tbl_data, struct ctl_table *table, if (left > PAGE_SIZE - 1) left = PAGE_SIZE - 1; - page = __get_free_page(GFP_TEMPORARY); - kbuf = (char *) page; - if (!kbuf) - return -ENOMEM; - if (copy_from_user(kbuf, buffer, left)) { - err = -EFAULT; - goto free; - } - kbuf[left] = 0; + p = kbuf = memdup_user_nul(buffer, left); + if (IS_ERR(kbuf)) + return PTR_ERR(kbuf); } for (; left && vleft--; i++, first=0) { @@ -2094,11 +2087,11 @@ static int __do_proc_dointvec(void *tbl_data, struct ctl_table *table, bool neg; if (write) { - left -= proc_skip_spaces(&kbuf); + left -= proc_skip_spaces(&p); if (!left) break; - err = proc_get_long(&kbuf, &left, &lval, &neg, + err = proc_get_long(&p, &left, &lval, &neg, proc_wspace_sep, sizeof(proc_wspace_sep), NULL); if (err) @@ -2125,10 +2118,9 @@ static int __do_proc_dointvec(void *tbl_data, struct ctl_table *table, if (!write && !first && left && !err) err = proc_put_char(&buffer, &left, '\n'); if (write && !err && left) - left -= proc_skip_spaces(&kbuf); -free: + left -= proc_skip_spaces(&p); if (write) { - free_page(page); + kfree(kbuf); if (first) return err ? : -EINVAL; } @@ -2310,9 +2302,8 @@ static int __do_proc_doulongvec_minmax(void *data, struct ctl_table *table, int { unsigned long *i, *min, *max; int vleft, first = 1, err = 0; - unsigned long page = 0; size_t left; - char *kbuf; + char *kbuf = NULL, *p; if (!data || !table->maxlen || !*lenp || (*ppos && !write)) { *lenp = 0; @@ -2340,15 +2331,9 @@ static int __do_proc_doulongvec_minmax(void *data, struct ctl_table *table, int if (left > PAGE_SIZE - 1) left = PAGE_SIZE - 1; - page = __get_free_page(GFP_TEMPORARY); - kbuf = (char *) page; - if (!kbuf) - return -ENOMEM; - if (copy_from_user(kbuf, buffer, left)) { - err = -EFAULT; - goto free; - } - kbuf[left] = 0; + p = kbuf = memdup_user_nul(buffer, left); + if (IS_ERR(kbuf)) + return PTR_ERR(kbuf); } for (; left && vleft--; i++, first = 0) { @@ -2357,9 +2342,9 @@ static int __do_proc_doulongvec_minmax(void *data, struct ctl_table *table, int if (write) { bool neg; - left -= proc_skip_spaces(&kbuf); + left -= proc_skip_spaces(&p); - err = proc_get_long(&kbuf, &left, &val, &neg, + err = proc_get_long(&p, &left, &val, &neg, proc_wspace_sep, sizeof(proc_wspace_sep), NULL); if (err) @@ -2385,10 +2370,9 @@ static int __do_proc_doulongvec_minmax(void *data, struct ctl_table *table, int if (!write && !first && left && !err) err = proc_put_char(&buffer, &left, '\n'); if (write && !err) - left -= proc_skip_spaces(&kbuf); -free: + left -= proc_skip_spaces(&p); if (write) { - free_page(page); + kfree(kbuf); if (first) return err ? : -EINVAL; } @@ -2650,34 +2634,27 @@ int proc_do_large_bitmap(struct ctl_table *table, int write, } if (write) { - unsigned long page = 0; - char *kbuf; + char *kbuf, *p; if (left > PAGE_SIZE - 1) left = PAGE_SIZE - 1; - page = __get_free_page(GFP_TEMPORARY); - kbuf = (char *) page; - if (!kbuf) - return -ENOMEM; - if (copy_from_user(kbuf, buffer, left)) { - free_page(page); - return -EFAULT; - } - kbuf[left] = 0; + p = kbuf = memdup_user_nul(buffer, left); + if (IS_ERR(kbuf)) + return PTR_ERR(kbuf); tmp_bitmap = kzalloc(BITS_TO_LONGS(bitmap_len) * sizeof(unsigned long), GFP_KERNEL); if (!tmp_bitmap) { - free_page(page); + kfree(kbuf); return -ENOMEM; } - proc_skip_char(&kbuf, &left, '\n'); + proc_skip_char(&p, &left, '\n'); while (!err && left) { unsigned long val_a, val_b; bool neg; - err = proc_get_long(&kbuf, &left, &val_a, &neg, tr_a, + err = proc_get_long(&p, &left, &val_a, &neg, tr_a, sizeof(tr_a), &c); if (err) break; @@ -2688,12 +2665,12 @@ int proc_do_large_bitmap(struct ctl_table *table, int write, val_b = val_a; if (left) { - kbuf++; + p++; left--; } if (c == '-') { - err = proc_get_long(&kbuf, &left, &val_b, + err = proc_get_long(&p, &left, &val_b, &neg, tr_b, sizeof(tr_b), &c); if (err) @@ -2704,16 +2681,16 @@ int proc_do_large_bitmap(struct ctl_table *table, int write, break; } if (left) { - kbuf++; + p++; left--; } } bitmap_set(tmp_bitmap, val_a, val_b - val_a + 1); first = 0; - proc_skip_char(&kbuf, &left, '\n'); + proc_skip_char(&p, &left, '\n'); } - free_page(page); + kfree(kbuf); } else { unsigned long bit_a, bit_b = 0; diff --git a/kernel/trace/trace_events.c b/kernel/trace/trace_events.c index 4f6ef6912e0017..f333e57c4614a2 100644 --- a/kernel/trace/trace_events.c +++ b/kernel/trace/trace_events.c @@ -1340,15 +1340,9 @@ event_filter_write(struct file *filp, const char __user *ubuf, size_t cnt, if (cnt >= PAGE_SIZE) return -EINVAL; - buf = (char *)__get_free_page(GFP_TEMPORARY); - if (!buf) - return -ENOMEM; - - if (copy_from_user(buf, ubuf, cnt)) { - free_page((unsigned long) buf); - return -EFAULT; - } - buf[cnt] = '\0'; + buf = memdup_user_nul(ubuf, cnt); + if (IS_ERR(buf)) + return PTR_ERR(buf); mutex_lock(&event_mutex); file = event_file_data(filp); @@ -1356,7 +1350,7 @@ event_filter_write(struct file *filp, const char __user *ubuf, size_t cnt, err = apply_event_filter(file, buf); mutex_unlock(&event_mutex); - free_page((unsigned long) buf); + kfree(buf); if (err < 0) return err; @@ -1507,18 +1501,12 @@ subsystem_filter_write(struct file *filp, const char __user *ubuf, size_t cnt, if (cnt >= PAGE_SIZE) return -EINVAL; - buf = (char *)__get_free_page(GFP_TEMPORARY); - if (!buf) - return -ENOMEM; - - if (copy_from_user(buf, ubuf, cnt)) { - free_page((unsigned long) buf); - return -EFAULT; - } - buf[cnt] = '\0'; + buf = memdup_user_nul(ubuf, cnt); + if (IS_ERR(buf)) + return PTR_ERR(buf); err = apply_subsystem_event_filter(dir, buf); - free_page((unsigned long) buf); + kfree(buf); if (err < 0) return err; diff --git a/kernel/trace/trace_events_trigger.c b/kernel/trace/trace_events_trigger.c index 42a4009fd75ada..4b5e8ed68d77a9 100644 --- a/kernel/trace/trace_events_trigger.c +++ b/kernel/trace/trace_events_trigger.c @@ -237,28 +237,23 @@ static ssize_t event_trigger_regex_write(struct file *file, if (cnt >= PAGE_SIZE) return -EINVAL; - buf = (char *)__get_free_page(GFP_TEMPORARY); - if (!buf) - return -ENOMEM; + buf = memdup_user_nul(ubuf, cnt); + if (IS_ERR(buf)) + return PTR_ERR(buf); - if (copy_from_user(buf, ubuf, cnt)) { - free_page((unsigned long)buf); - return -EFAULT; - } - buf[cnt] = '\0'; strim(buf); mutex_lock(&event_mutex); event_file = event_file_data(file); if (unlikely(!event_file)) { mutex_unlock(&event_mutex); - free_page((unsigned long)buf); + kfree(buf); return -ENODEV; } ret = trigger_process_regex(event_file, buf); mutex_unlock(&event_mutex); - free_page((unsigned long)buf); + kfree(buf); if (ret < 0) goto out; diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c index 88fefa68c5164c..9bafc211930c79 100644 --- a/kernel/user_namespace.c +++ b/kernel/user_namespace.c @@ -602,8 +602,7 @@ static ssize_t map_write(struct file *file, const char __user *buf, struct uid_gid_map new_map; unsigned idx; struct uid_gid_extent *extent = NULL; - unsigned long page = 0; - char *kbuf, *pos, *next_line; + char *kbuf = NULL, *pos, *next_line; ssize_t ret = -EINVAL; /* @@ -638,23 +637,18 @@ static ssize_t map_write(struct file *file, const char __user *buf, if (cap_valid(cap_setid) && !file_ns_capable(file, ns, CAP_SYS_ADMIN)) goto out; - /* Get a buffer */ - ret = -ENOMEM; - page = __get_free_page(GFP_TEMPORARY); - kbuf = (char *) page; - if (!page) - goto out; - /* Only allow < page size writes at the beginning of the file */ ret = -EINVAL; if ((*ppos != 0) || (count >= PAGE_SIZE)) goto out; /* Slurp in the user data */ - ret = -EFAULT; - if (copy_from_user(kbuf, buf, count)) + kbuf = memdup_user_nul(buf, count); + if (IS_ERR(kbuf)) { + ret = PTR_ERR(kbuf); + kbuf = NULL; goto out; - kbuf[count] = '\0'; + } /* Parse the user data */ ret = -EINVAL; @@ -756,8 +750,7 @@ static ssize_t map_write(struct file *file, const char __user *buf, ret = count; out: mutex_unlock(&userns_state_mutex); - if (page) - free_page(page); + kfree(kbuf); return ret; } From bb646cdb12e75d82258c2f2e7746d5952d3e321a Mon Sep 17 00:00:00 2001 From: Al Viro Date: Thu, 24 Dec 2015 00:16:30 -0500 Subject: [PATCH 31/63] proc_pid_attr_write(): switch to memdup_user() Signed-off-by: Al Viro --- fs/proc/base.c | 17 +++++++---------- 1 file changed, 7 insertions(+), 10 deletions(-) diff --git a/fs/proc/base.c b/fs/proc/base.c index 4bd5d3118acd4b..1b0f470a3e35cf 100644 --- a/fs/proc/base.c +++ b/fs/proc/base.c @@ -2359,7 +2359,7 @@ static ssize_t proc_pid_attr_write(struct file * file, const char __user * buf, size_t count, loff_t *ppos) { struct inode * inode = file_inode(file); - char *page; + void *page; ssize_t length; struct task_struct *task = get_proc_task(inode); @@ -2374,14 +2374,11 @@ static ssize_t proc_pid_attr_write(struct file * file, const char __user * buf, if (*ppos != 0) goto out; - length = -ENOMEM; - page = (char*)__get_free_page(GFP_TEMPORARY); - if (!page) + page = memdup_user(buf, count); + if (IS_ERR(page)) { + length = PTR_ERR(page); goto out; - - length = -EFAULT; - if (copy_from_user(page, buf, count)) - goto out_free; + } /* Guard against adverse ptrace interaction */ length = mutex_lock_interruptible(&task->signal->cred_guard_mutex); @@ -2390,10 +2387,10 @@ static ssize_t proc_pid_attr_write(struct file * file, const char __user * buf, length = security_setprocattr(task, (char*)file->f_path.dentry->d_name.name, - (void*)page, count); + page, count); mutex_unlock(&task->signal->cred_guard_mutex); out_free: - free_page((unsigned long) page); + kfree(page); out: put_task_struct(task); out_no_task: From f5e6634ec04b6ed55be4e124277acde240323f2d Mon Sep 17 00:00:00 2001 From: Al Viro Date: Fri, 25 Dec 2015 10:04:47 -0500 Subject: [PATCH 32/63] put the remnants of ..._user_ret() to rest they hadn't been used in last 15 years... Signed-off-by: Al Viro --- arch/blackfin/include/asm/uaccess.h | 6 --- arch/m68k/include/asm/uaccess_no.h | 4 -- arch/mn10300/include/asm/uaccess.h | 15 ------- arch/sparc/include/asm/uaccess_32.h | 65 ----------------------------- arch/sparc/include/asm/uaccess_64.h | 40 ------------------ 5 files changed, 130 deletions(-) diff --git a/arch/blackfin/include/asm/uaccess.h b/arch/blackfin/include/asm/uaccess.h index 90612a7f2cf32f..12f5d6851bbcb3 100644 --- a/arch/blackfin/include/asm/uaccess.h +++ b/arch/blackfin/include/asm/uaccess.h @@ -168,12 +168,6 @@ static inline int bad_user_access_length(void) #define __copy_to_user_inatomic __copy_to_user #define __copy_from_user_inatomic __copy_from_user -#define copy_to_user_ret(to, from, n, retval) ({ if (copy_to_user(to, from, n))\ - return retval; }) - -#define copy_from_user_ret(to, from, n, retval) ({ if (copy_from_user(to, from, n))\ - return retval; }) - static inline unsigned long __must_check copy_from_user(void *to, const void __user *from, unsigned long n) { diff --git a/arch/m68k/include/asm/uaccess_no.h b/arch/m68k/include/asm/uaccess_no.h index 68bbe9b312f149..1bdf1526375471 100644 --- a/arch/m68k/include/asm/uaccess_no.h +++ b/arch/m68k/include/asm/uaccess_no.h @@ -135,10 +135,6 @@ extern int __get_user_bad(void); #define __copy_to_user_inatomic __copy_to_user #define __copy_from_user_inatomic __copy_from_user -#define copy_to_user_ret(to,from,n,retval) ({ if (copy_to_user(to,from,n)) return retval; }) - -#define copy_from_user_ret(to,from,n,retval) ({ if (copy_from_user(to,from,n)) return retval; }) - /* * Copy a null terminated string from userspace. */ diff --git a/arch/mn10300/include/asm/uaccess.h b/arch/mn10300/include/asm/uaccess.h index 537278746a1534..20f7bf6de384d0 100644 --- a/arch/mn10300/include/asm/uaccess.h +++ b/arch/mn10300/include/asm/uaccess.h @@ -110,21 +110,6 @@ extern int fixup_exception(struct pt_regs *regs); #define __put_user(x, ptr) __put_user_nocheck((x), (ptr), sizeof(*(ptr))) #define __get_user(x, ptr) __get_user_nocheck((x), (ptr), sizeof(*(ptr))) -/* - * The "xxx_ret" versions return constant specified in third argument, if - * something bad happens. These macros can be optimized for the - * case of just returning from the function xxx_ret is used. - */ - -#define put_user_ret(x, ptr, ret) \ - ({ if (put_user((x), (ptr))) return (ret); }) -#define get_user_ret(x, ptr, ret) \ - ({ if (get_user((x), (ptr))) return (ret); }) -#define __put_user_ret(x, ptr, ret) \ - ({ if (__put_user((x), (ptr))) return (ret); }) -#define __get_user_ret(x, ptr, ret) \ - ({ if (__get_user((x), (ptr))) return (ret); }) - struct __large_struct { unsigned long buf[100]; }; #define __m(x) (*(struct __large_struct *)(x)) diff --git a/arch/sparc/include/asm/uaccess_32.h b/arch/sparc/include/asm/uaccess_32.h index 64ee103dc29da1..57aca2792d29f8 100644 --- a/arch/sparc/include/asm/uaccess_32.h +++ b/arch/sparc/include/asm/uaccess_32.h @@ -205,31 +205,6 @@ int __put_user_bad(void); __gu_ret; \ }) -#define __get_user_check_ret(x, addr, size, type, retval) ({ \ - register unsigned long __gu_val __asm__ ("l1"); \ - if (__access_ok(addr, size)) { \ - switch (size) { \ - case 1: \ - __get_user_asm_ret(__gu_val, ub, addr, retval); \ - break; \ - case 2: \ - __get_user_asm_ret(__gu_val, uh, addr, retval); \ - break; \ - case 4: \ - __get_user_asm_ret(__gu_val, , addr, retval); \ - break; \ - case 8: \ - __get_user_asm_ret(__gu_val, d, addr, retval); \ - break; \ - default: \ - if (__get_user_bad()) \ - return retval; \ - } \ - x = (__force type) __gu_val; \ - } else \ - return retval; \ -}) - #define __get_user_nocheck(x, addr, size, type) ({ \ register int __gu_ret; \ register unsigned long __gu_val; \ @@ -247,20 +222,6 @@ int __put_user_bad(void); __gu_ret; \ }) -#define __get_user_nocheck_ret(x, addr, size, type, retval) ({ \ - register unsigned long __gu_val __asm__ ("l1"); \ - switch (size) { \ - case 1: __get_user_asm_ret(__gu_val, ub, addr, retval); break; \ - case 2: __get_user_asm_ret(__gu_val, uh, addr, retval); break; \ - case 4: __get_user_asm_ret(__gu_val, , addr, retval); break; \ - case 8: __get_user_asm_ret(__gu_val, d, addr, retval); break; \ - default: \ - if (__get_user_bad()) \ - return retval; \ - } \ - x = (__force type) __gu_val; \ -}) - #define __get_user_asm(x, size, addr, ret) \ __asm__ __volatile__( \ "/* Get user asm, inline. */\n" \ @@ -281,32 +242,6 @@ __asm__ __volatile__( \ : "=&r" (ret), "=&r" (x) : "m" (*__m(addr)), \ "i" (-EFAULT)) -#define __get_user_asm_ret(x, size, addr, retval) \ -if (__builtin_constant_p(retval) && retval == -EFAULT) \ - __asm__ __volatile__( \ - "/* Get user asm ret, inline. */\n" \ - "1:\t" "ld"#size " %1, %0\n\n\t" \ - ".section __ex_table,#alloc\n\t" \ - ".align 4\n\t" \ - ".word 1b,__ret_efault\n\n\t" \ - ".previous\n\t" \ - : "=&r" (x) : "m" (*__m(addr))); \ -else \ - __asm__ __volatile__( \ - "/* Get user asm ret, inline. */\n" \ - "1:\t" "ld"#size " %1, %0\n\n\t" \ - ".section .fixup,#alloc,#execinstr\n\t" \ - ".align 4\n" \ - "3:\n\t" \ - "ret\n\t" \ - " restore %%g0, %2, %%o0\n\n\t" \ - ".previous\n\t" \ - ".section __ex_table,#alloc\n\t" \ - ".align 4\n\t" \ - ".word 1b, 3b\n\n\t" \ - ".previous\n\t" \ - : "=&r" (x) : "m" (*__m(addr)), "i" (retval)) - int __get_user_bad(void); unsigned long __copy_user(void __user *to, const void __user *from, unsigned long size); diff --git a/arch/sparc/include/asm/uaccess_64.h b/arch/sparc/include/asm/uaccess_64.h index ea6e9a20f3ffb5..e9a51d64974ddf 100644 --- a/arch/sparc/include/asm/uaccess_64.h +++ b/arch/sparc/include/asm/uaccess_64.h @@ -179,20 +179,6 @@ int __put_user_bad(void); __gu_ret; \ }) -#define __get_user_nocheck_ret(data, addr, size, type, retval) ({ \ - register unsigned long __gu_val __asm__ ("l1"); \ - switch (size) { \ - case 1: __get_user_asm_ret(__gu_val, ub, addr, retval); break; \ - case 2: __get_user_asm_ret(__gu_val, uh, addr, retval); break; \ - case 4: __get_user_asm_ret(__gu_val, uw, addr, retval); break; \ - case 8: __get_user_asm_ret(__gu_val, x, addr, retval); break; \ - default: \ - if (__get_user_bad()) \ - return retval; \ - } \ - data = (__force type) __gu_val; \ -}) - #define __get_user_asm(x, size, addr, ret) \ __asm__ __volatile__( \ "/* Get user asm, inline. */\n" \ @@ -214,32 +200,6 @@ __asm__ __volatile__( \ : "=r" (ret), "=r" (x) : "r" (__m(addr)), \ "i" (-EFAULT)) -#define __get_user_asm_ret(x, size, addr, retval) \ -if (__builtin_constant_p(retval) && retval == -EFAULT) \ - __asm__ __volatile__( \ - "/* Get user asm ret, inline. */\n" \ - "1:\t" "ld"#size "a [%1] %%asi, %0\n\n\t" \ - ".section __ex_table,\"a\"\n\t" \ - ".align 4\n\t" \ - ".word 1b,__ret_efault\n\n\t" \ - ".previous\n\t" \ - : "=r" (x) : "r" (__m(addr))); \ -else \ - __asm__ __volatile__( \ - "/* Get user asm ret, inline. */\n" \ - "1:\t" "ld"#size "a [%1] %%asi, %0\n\n\t" \ - ".section .fixup,#alloc,#execinstr\n\t" \ - ".align 4\n" \ - "3:\n\t" \ - "ret\n\t" \ - " restore %%g0, %2, %%o0\n\n\t" \ - ".previous\n\t" \ - ".section __ex_table,\"a\"\n\t" \ - ".align 4\n\t" \ - ".word 1b, 3b\n\n\t" \ - ".previous\n\t" \ - : "=r" (x) : "r" (__m(addr)), "i" (retval)) - int __get_user_bad(void); unsigned long __must_check ___copy_from_user(void *to, From 7812bf173a0a65a1227fe207ba8683c0afecb5e8 Mon Sep 17 00:00:00 2001 From: Al Viro Date: Fri, 25 Dec 2015 12:33:26 -0500 Subject: [PATCH 33/63] ppc: get rid of the remnants of __get_user64() When __get_user64() had been removed, its helper (__get_user64_nocheck) got missed. Signed-off-by: Al Viro --- arch/powerpc/include/asm/uaccess.h | 15 --------------- 1 file changed, 15 deletions(-) diff --git a/arch/powerpc/include/asm/uaccess.h b/arch/powerpc/include/asm/uaccess.h index 2a8ebae0936beb..b7c20f0b8fbeeb 100644 --- a/arch/powerpc/include/asm/uaccess.h +++ b/arch/powerpc/include/asm/uaccess.h @@ -274,21 +274,6 @@ do { \ __gu_err; \ }) -#ifndef __powerpc64__ -#define __get_user64_nocheck(x, ptr, size) \ -({ \ - long __gu_err; \ - long long __gu_val; \ - __typeof__(*(ptr)) __user *__gu_addr = (ptr); \ - __chk_user_ptr(ptr); \ - if (!is_kernel_addr((unsigned long)__gu_addr)) \ - might_fault(); \ - __get_user_size(__gu_val, __gu_addr, (size), __gu_err); \ - (x) = (__force __typeof__(*(ptr)))__gu_val; \ - __gu_err; \ -}) -#endif /* __powerpc64__ */ - #define __get_user_check(x, ptr, size) \ ({ \ long __gu_err = -EFAULT; \ From cc4e719e83cd4149bc96b7e1d1a73fe61797df6e Mon Sep 17 00:00:00 2001 From: Al Viro Date: Fri, 25 Dec 2015 17:59:12 -0500 Subject: [PATCH 34/63] fix the leak in integrity_read_file() Signed-off-by: Al Viro --- security/integrity/iint.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/security/integrity/iint.c b/security/integrity/iint.c index 3d2f5b45c8cbeb..c2e3ccd4b51044 100644 --- a/security/integrity/iint.c +++ b/security/integrity/iint.c @@ -234,12 +234,13 @@ int __init integrity_read_file(const char *path, char **data) } rc = integrity_kernel_read(file, 0, buf, size); - if (rc < 0) - kfree(buf); - else if (rc != size) - rc = -EIO; - else + if (rc == size) { *data = buf; + } else { + kfree(buf); + if (rc >= 0) + rc = -EIO; + } out: fput(file); return rc; From b40ef8696fbbb1107fbe5f4afc21c357f16e5ffc Mon Sep 17 00:00:00 2001 From: Al Viro Date: Mon, 14 Dec 2015 18:44:44 -0500 Subject: [PATCH 35/63] saner calling conventions for copy_mount_options() let it just return NULL, pointer to kernel copy or ERR_PTR(). Signed-off-by: Al Viro --- fs/compat.c | 21 ++++++++++----------- fs/internal.h | 2 +- fs/namespace.c | 35 +++++++++++++++++------------------ 3 files changed, 28 insertions(+), 30 deletions(-) diff --git a/fs/compat.c b/fs/compat.c index 6fd272d455e4de..a71936a3f4cb39 100644 --- a/fs/compat.c +++ b/fs/compat.c @@ -792,7 +792,7 @@ COMPAT_SYSCALL_DEFINE5(mount, const char __user *, dev_name, const void __user *, data) { char *kernel_type; - unsigned long data_page; + void *options; char *kernel_dev; int retval; @@ -806,26 +806,25 @@ COMPAT_SYSCALL_DEFINE5(mount, const char __user *, dev_name, if (IS_ERR(kernel_dev)) goto out1; - retval = copy_mount_options(data, &data_page); - if (retval < 0) + options = copy_mount_options(data); + retval = PTR_ERR(options); + if (IS_ERR(options)) goto out2; - retval = -EINVAL; - - if (kernel_type && data_page) { + if (kernel_type && options) { if (!strcmp(kernel_type, NCPFS_NAME)) { - do_ncp_super_data_conv((void *)data_page); + do_ncp_super_data_conv(options); } else if (!strcmp(kernel_type, NFS4_NAME)) { - if (do_nfs4_super_data_conv((void *) data_page)) + retval = -EINVAL; + if (do_nfs4_super_data_conv(options)) goto out3; } } - retval = do_mount(kernel_dev, dir_name, kernel_type, - flags, (void*)data_page); + retval = do_mount(kernel_dev, dir_name, kernel_type, flags, options); out3: - free_page(data_page); + kfree(options); out2: kfree(kernel_dev); out1: diff --git a/fs/internal.h b/fs/internal.h index 71859c4d0b41b8..aa81316aaf47e0 100644 --- a/fs/internal.h +++ b/fs/internal.h @@ -55,7 +55,7 @@ extern int vfs_path_lookup(struct dentry *, struct vfsmount *, /* * namespace.c */ -extern int copy_mount_options(const void __user *, unsigned long *); +extern void *copy_mount_options(const void __user *); extern char *copy_mount_string(const void __user *); extern struct vfsmount *lookup_mnt(struct path *); diff --git a/fs/namespace.c b/fs/namespace.c index b27156f2e68b74..33a75c8e9fcbca 100644 --- a/fs/namespace.c +++ b/fs/namespace.c @@ -2601,18 +2601,18 @@ static long exact_copy_from_user(void *to, const void __user * from, return n; } -int copy_mount_options(const void __user * data, unsigned long *where) +void *copy_mount_options(const void __user * data) { int i; - unsigned long page; unsigned long size; + char *copy; - *where = 0; if (!data) - return 0; + return NULL; - if (!(page = __get_free_page(GFP_KERNEL))) - return -ENOMEM; + copy = kmalloc(PAGE_SIZE, GFP_KERNEL); + if (!copy) + return ERR_PTR(-ENOMEM); /* We only care that *some* data at the address the user * gave us is valid. Just in case, we'll zero @@ -2623,15 +2623,14 @@ int copy_mount_options(const void __user * data, unsigned long *where) if (size > PAGE_SIZE) size = PAGE_SIZE; - i = size - exact_copy_from_user((void *)page, data, size); + i = size - exact_copy_from_user(copy, data, size); if (!i) { - free_page(page); - return -EFAULT; + kfree(copy); + return ERR_PTR(-EFAULT); } if (i != PAGE_SIZE) - memset((char *)page + i, 0, PAGE_SIZE - i); - *where = page; - return 0; + memset(copy + i, 0, PAGE_SIZE - i); + return copy; } char *copy_mount_string(const void __user *data) @@ -2896,7 +2895,7 @@ SYSCALL_DEFINE5(mount, char __user *, dev_name, char __user *, dir_name, int ret; char *kernel_type; char *kernel_dev; - unsigned long data_page; + void *options; kernel_type = copy_mount_string(type); ret = PTR_ERR(kernel_type); @@ -2908,14 +2907,14 @@ SYSCALL_DEFINE5(mount, char __user *, dev_name, char __user *, dir_name, if (IS_ERR(kernel_dev)) goto out_dev; - ret = copy_mount_options(data, &data_page); - if (ret < 0) + options = copy_mount_options(data); + ret = PTR_ERR(options); + if (IS_ERR(options)) goto out_data; - ret = do_mount(kernel_dev, dir_name, kernel_type, flags, - (void *) data_page); + ret = do_mount(kernel_dev, dir_name, kernel_type, flags, options); - free_page(data_page); + kfree(options); out_data: kfree(kernel_dev); out_dev: From 62fb4a155f745285d9b1640c3ef53bf90c12f17c Mon Sep 17 00:00:00 2001 From: Al Viro Date: Sat, 26 Dec 2015 22:33:24 -0500 Subject: [PATCH 36/63] don't carry MAY_OPEN in op->acc_mode Signed-off-by: Al Viro --- fs/exec.c | 4 ++-- fs/namei.c | 21 +++++++++------------ fs/open.c | 5 +---- 3 files changed, 12 insertions(+), 18 deletions(-) diff --git a/fs/exec.c b/fs/exec.c index b06623a9347f4f..828ec5f07de00b 100644 --- a/fs/exec.c +++ b/fs/exec.c @@ -119,7 +119,7 @@ SYSCALL_DEFINE1(uselib, const char __user *, library) int error = PTR_ERR(tmp); static const struct open_flags uselib_flags = { .open_flag = O_LARGEFILE | O_RDONLY | __FMODE_EXEC, - .acc_mode = MAY_READ | MAY_EXEC | MAY_OPEN, + .acc_mode = MAY_READ | MAY_EXEC, .intent = LOOKUP_OPEN, .lookup_flags = LOOKUP_FOLLOW, }; @@ -763,7 +763,7 @@ static struct file *do_open_execat(int fd, struct filename *name, int flags) int err; struct open_flags open_exec_flags = { .open_flag = O_LARGEFILE | O_RDONLY | __FMODE_EXEC, - .acc_mode = MAY_EXEC | MAY_OPEN, + .acc_mode = MAY_EXEC, .intent = LOOKUP_OPEN, .lookup_flags = LOOKUP_FOLLOW, }; diff --git a/fs/namei.c b/fs/namei.c index 9e102aca348032..45c702edce3c06 100644 --- a/fs/namei.c +++ b/fs/namei.c @@ -2663,10 +2663,6 @@ static int may_open(struct path *path, int acc_mode, int flag) struct inode *inode = dentry->d_inode; int error; - /* O_PATH? */ - if (!acc_mode) - return 0; - if (!inode) return -ENOENT; @@ -2688,7 +2684,7 @@ static int may_open(struct path *path, int acc_mode, int flag) break; } - error = inode_permission(inode, acc_mode); + error = inode_permission(inode, MAY_OPEN | acc_mode); if (error) return error; @@ -2880,7 +2876,7 @@ static int atomic_open(struct nameidata *nd, struct dentry *dentry, if (*opened & FILE_CREATED) { WARN_ON(!(open_flag & O_CREAT)); fsnotify_create(dir, dentry); - acc_mode = MAY_OPEN; + acc_mode = 0; } error = may_open(&file->f_path, acc_mode, open_flag); if (error) @@ -3093,7 +3089,7 @@ static int do_last(struct nameidata *nd, /* Don't check for write permission, don't truncate */ open_flag &= ~O_TRUNC; will_truncate = false; - acc_mode = MAY_OPEN; + acc_mode = 0; path_to_nameidata(&path, nd); goto finish_open_created; } @@ -3177,10 +3173,11 @@ static int do_last(struct nameidata *nd, got_write = true; } finish_open_created: - error = may_open(&nd->path, acc_mode, open_flag); - if (error) - goto out; - + if (likely(!(open_flag & O_PATH))) { + error = may_open(&nd->path, acc_mode, open_flag); + if (error) + goto out; + } BUG_ON(*opened & FILE_OPENED); /* once it's opened, it's opened */ error = vfs_open(&nd->path, file, current_cred()); if (!error) { @@ -3267,7 +3264,7 @@ static int do_tmpfile(struct nameidata *nd, unsigned flags, goto out2; audit_inode(nd->name, child, 0); /* Don't check for other permissions, the inode was just created */ - error = may_open(&path, MAY_OPEN, op->open_flag); + error = may_open(&path, 0, op->open_flag); if (error) goto out2; file->f_path.mnt = path.mnt; diff --git a/fs/open.c b/fs/open.c index b6f1e96a7c0b33..b25b1542c5304a 100644 --- a/fs/open.c +++ b/fs/open.c @@ -887,7 +887,7 @@ EXPORT_SYMBOL(dentry_open); static inline int build_open_flags(int flags, umode_t mode, struct open_flags *op) { int lookup_flags = 0; - int acc_mode; + int acc_mode = ACC_MODE(flags); if (flags & (O_CREAT | __O_TMPFILE)) op->mode = (mode & S_IALLUGO) | S_IFREG; @@ -909,7 +909,6 @@ static inline int build_open_flags(int flags, umode_t mode, struct open_flags *o if (flags & __O_TMPFILE) { if ((flags & O_TMPFILE_MASK) != O_TMPFILE) return -EINVAL; - acc_mode = MAY_OPEN | ACC_MODE(flags); if (!(acc_mode & MAY_WRITE)) return -EINVAL; } else if (flags & O_PATH) { @@ -919,8 +918,6 @@ static inline int build_open_flags(int flags, umode_t mode, struct open_flags *o */ flags &= O_DIRECTORY | O_NOFOLLOW | O_PATH; acc_mode = 0; - } else { - acc_mode = MAY_OPEN | ACC_MODE(flags); } op->open_flag = flags; From 4802c5919a70661d5022710d88e311c3880cd0fd Mon Sep 17 00:00:00 2001 From: Al Viro Date: Tue, 29 Dec 2015 14:55:33 -0500 Subject: [PATCH 37/63] drivers/mtd/maps/pcmciamtd.c: __iomem annotations Signed-off-by: Al Viro --- drivers/mtd/maps/pcmciamtd.c | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/drivers/mtd/maps/pcmciamtd.c b/drivers/mtd/maps/pcmciamtd.c index 3dad2111b7e331..70bb403f69f72c 100644 --- a/drivers/mtd/maps/pcmciamtd.c +++ b/drivers/mtd/maps/pcmciamtd.c @@ -30,7 +30,7 @@ struct pcmciamtd_dev { struct pcmcia_device *p_dev; - caddr_t win_base; /* ioremapped address of PCMCIA window */ + void __iomem *win_base; /* ioremapped address of PCMCIA window */ unsigned int win_size; /* size of window */ unsigned int offset; /* offset into card the window currently points at */ struct map_info pcmcia_map; @@ -80,7 +80,7 @@ MODULE_PARM_DESC(mem_type, "Set Memory type (0=Flash, 1=RAM, 2=ROM, default=0)") /* read/write{8,16} copy_{from,to} routines with window remapping * to access whole card */ -static caddr_t remap_window(struct map_info *map, unsigned long to) +static void __iomem *remap_window(struct map_info *map, unsigned long to) { struct pcmciamtd_dev *dev = (struct pcmciamtd_dev *)map->map_priv_1; struct resource *win = (struct resource *) map->map_priv_2; @@ -107,7 +107,7 @@ static caddr_t remap_window(struct map_info *map, unsigned long to) static map_word pcmcia_read8_remap(struct map_info *map, unsigned long ofs) { - caddr_t addr; + void __iomem *addr; map_word d = {{0}}; addr = remap_window(map, ofs); @@ -122,7 +122,7 @@ static map_word pcmcia_read8_remap(struct map_info *map, unsigned long ofs) static map_word pcmcia_read16_remap(struct map_info *map, unsigned long ofs) { - caddr_t addr; + void __iomem *addr; map_word d = {{0}}; addr = remap_window(map, ofs); @@ -143,7 +143,7 @@ static void pcmcia_copy_from_remap(struct map_info *map, void *to, unsigned long pr_debug("to = %p from = %lu len = %zd\n", to, from, len); while(len) { int toread = win_size - (from & (win_size-1)); - caddr_t addr; + void __iomem *addr; if(toread > len) toread = len; @@ -163,7 +163,7 @@ static void pcmcia_copy_from_remap(struct map_info *map, void *to, unsigned long static void pcmcia_write8_remap(struct map_info *map, map_word d, unsigned long adr) { - caddr_t addr = remap_window(map, adr); + void __iomem *addr = remap_window(map, adr); if(!addr) return; @@ -175,7 +175,7 @@ static void pcmcia_write8_remap(struct map_info *map, map_word d, unsigned long static void pcmcia_write16_remap(struct map_info *map, map_word d, unsigned long adr) { - caddr_t addr = remap_window(map, adr); + void __iomem *addr = remap_window(map, adr); if(!addr) return; @@ -192,7 +192,7 @@ static void pcmcia_copy_to_remap(struct map_info *map, unsigned long to, const v pr_debug("to = %lu from = %p len = %zd\n", to, from, len); while(len) { int towrite = win_size - (to & (win_size-1)); - caddr_t addr; + void __iomem *addr; if(towrite > len) towrite = len; @@ -216,7 +216,7 @@ static void pcmcia_copy_to_remap(struct map_info *map, unsigned long to, const v static map_word pcmcia_read8(struct map_info *map, unsigned long ofs) { - caddr_t win_base = (caddr_t)map->map_priv_2; + void __iomem *win_base = (void __iomem *)map->map_priv_2; map_word d = {{0}}; if(DEV_REMOVED(map)) @@ -231,7 +231,7 @@ static map_word pcmcia_read8(struct map_info *map, unsigned long ofs) static map_word pcmcia_read16(struct map_info *map, unsigned long ofs) { - caddr_t win_base = (caddr_t)map->map_priv_2; + void __iomem *win_base = (void __iomem *)map->map_priv_2; map_word d = {{0}}; if(DEV_REMOVED(map)) @@ -246,7 +246,7 @@ static map_word pcmcia_read16(struct map_info *map, unsigned long ofs) static void pcmcia_copy_from(struct map_info *map, void *to, unsigned long from, ssize_t len) { - caddr_t win_base = (caddr_t)map->map_priv_2; + void __iomem *win_base = (void __iomem *)map->map_priv_2; if(DEV_REMOVED(map)) return; @@ -258,7 +258,7 @@ static void pcmcia_copy_from(struct map_info *map, void *to, unsigned long from, static void pcmcia_write8(struct map_info *map, map_word d, unsigned long adr) { - caddr_t win_base = (caddr_t)map->map_priv_2; + void __iomem *win_base = (void __iomem *)map->map_priv_2; if(DEV_REMOVED(map)) return; @@ -271,7 +271,7 @@ static void pcmcia_write8(struct map_info *map, map_word d, unsigned long adr) static void pcmcia_write16(struct map_info *map, map_word d, unsigned long adr) { - caddr_t win_base = (caddr_t)map->map_priv_2; + void __iomem *win_base = (void __iomem *)map->map_priv_2; if(DEV_REMOVED(map)) return; @@ -284,7 +284,7 @@ static void pcmcia_write16(struct map_info *map, map_word d, unsigned long adr) static void pcmcia_copy_to(struct map_info *map, unsigned long to, const void *from, ssize_t len) { - caddr_t win_base = (caddr_t)map->map_priv_2; + void __iomem *win_base = (void __iomem *)map->map_priv_2; if(DEV_REMOVED(map)) return; From 4e728cf8ffa2891913dd48e179c132fb9fa07e0e Mon Sep 17 00:00:00 2001 From: Al Viro Date: Tue, 29 Dec 2015 15:38:25 -0500 Subject: [PATCH 38/63] hpfs: missing endianness annotation Signed-off-by: Al Viro --- fs/hpfs/map.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/fs/hpfs/map.c b/fs/hpfs/map.c index a69bbc1e87f868..a136929189f014 100644 --- a/fs/hpfs/map.c +++ b/fs/hpfs/map.c @@ -133,7 +133,7 @@ __le32 *hpfs_load_bitmap_directory(struct super_block *s, secno bmp) void hpfs_load_hotfix_map(struct super_block *s, struct hpfs_spare_block *spareblock) { struct quad_buffer_head qbh; - u32 *directory; + __le32 *directory; u32 n_hotfixes, n_used_hotfixes; unsigned i; From 756d097b959aefe69a081496f84cfc14b1397a15 Mon Sep 17 00:00:00 2001 From: Al Viro Date: Sat, 2 Jan 2016 12:45:27 -0500 Subject: [PATCH 39/63] dm-bufio: virt_to_phys() doesn't change remainder modulo PAGE_SIZE ... so virt_to_phys(p) & (PAGE_SIZE - 1) is a very odd way to spell offset_in_page(p). Signed-off-by: Al Viro --- drivers/md/dm-bufio.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/md/dm-bufio.c b/drivers/md/dm-bufio.c index 2dd33085b331da..adeb8d0f8aad38 100644 --- a/drivers/md/dm-bufio.c +++ b/drivers/md/dm-bufio.c @@ -630,7 +630,7 @@ static void use_inline_bio(struct dm_buffer *b, int rw, sector_t block, do { if (!bio_add_page(&b->bio, virt_to_page(ptr), len < PAGE_SIZE ? len : PAGE_SIZE, - virt_to_phys(ptr) & (PAGE_SIZE - 1))) { + offset_in_page(ptr))) { BUG_ON(b->c->block_size <= PAGE_SIZE); use_dmio(b, rw, block, end_io); return; From 93bbf5831dd1742a98c57b6415ee84ce35425067 Mon Sep 17 00:00:00 2001 From: Al Viro Date: Sat, 2 Jan 2016 13:30:54 -0500 Subject: [PATCH 40/63] md: more open-coded offset_in_page() Signed-off-by: Al Viro --- drivers/md/bcache/util.c | 2 +- drivers/md/dm-io.c | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/drivers/md/bcache/util.c b/drivers/md/bcache/util.c index db3ae4c2b2233a..dde6172f3f105d 100644 --- a/drivers/md/bcache/util.c +++ b/drivers/md/bcache/util.c @@ -230,7 +230,7 @@ void bch_bio_map(struct bio *bio, void *base) BUG_ON(!bio->bi_iter.bi_size); BUG_ON(bio->bi_vcnt); - bv->bv_offset = base ? ((unsigned long) base) % PAGE_SIZE : 0; + bv->bv_offset = base ? offset_in_page(base) : 0; goto start; for (; size; bio->bi_vcnt++, bv++) { diff --git a/drivers/md/dm-io.c b/drivers/md/dm-io.c index 81c5e1a1f36389..06d426eb5a306b 100644 --- a/drivers/md/dm-io.c +++ b/drivers/md/dm-io.c @@ -246,7 +246,7 @@ static void vm_dp_init(struct dpages *dp, void *data) { dp->get_page = vm_get_page; dp->next_page = vm_next_page; - dp->context_u = ((unsigned long) data) & (PAGE_SIZE - 1); + dp->context_u = offset_in_page(data); dp->context_ptr = data; } @@ -271,7 +271,7 @@ static void km_dp_init(struct dpages *dp, void *data) { dp->get_page = km_get_page; dp->next_page = km_next_page; - dp->context_u = ((unsigned long) data) & (PAGE_SIZE - 1); + dp->context_u = offset_in_page(data); dp->context_ptr = data; } From 222e4adec52418dc1c80a30eff80b33ec954745e Mon Sep 17 00:00:00 2001 From: Al Viro Date: Sat, 2 Jan 2016 13:31:21 -0500 Subject: [PATCH 41/63] ... and a couple in net/9p Signed-off-by: Al Viro --- net/9p/trans_virtio.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/9p/trans_virtio.c b/net/9p/trans_virtio.c index 9fc6a56c506aaa..199bc76202d255 100644 --- a/net/9p/trans_virtio.c +++ b/net/9p/trans_virtio.c @@ -105,7 +105,7 @@ static struct list_head virtio_chan_list; /* How many bytes left in this page. */ static unsigned int rest_of_page(void *data) { - return PAGE_SIZE - ((unsigned long)data % PAGE_SIZE); + return PAGE_SIZE - offset_in_page(data); } /** @@ -365,7 +365,7 @@ static int p9_get_mapped_pages(struct virtio_chan *chan, return -ENOMEM; *need_drop = 0; - p -= (*offs = (unsigned long)p % PAGE_SIZE); + p -= (*offs = offset_in_page(p)); for (index = 0; index < nr_pages; index++) { if (is_vmalloc_addr(p)) (*pages)[index] = vmalloc_to_page(p); From 76e8d7cb71d415581402dbc5c5bbbbcc28ca0e47 Mon Sep 17 00:00:00 2001 From: Al Viro Date: Sat, 2 Jan 2016 14:22:04 -0500 Subject: [PATCH 42/63] jfs: microoptimize get_zeroed_page / virt_to_page get_zeroed_page does alloc_page and returns page_address of the result; subsequent virt_to_page will recover the page, but since the caller needs both page and its page_address() anyway, why bother going through that wrapper at all? Signed-off-by: Al Viro --- fs/jfs/jfs_logmgr.c | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/fs/jfs/jfs_logmgr.c b/fs/jfs/jfs_logmgr.c index a69bdf2a108500..a270cb7ff4e030 100644 --- a/fs/jfs/jfs_logmgr.c +++ b/fs/jfs/jfs_logmgr.c @@ -1835,17 +1835,16 @@ static int lbmLogInit(struct jfs_log * log) for (i = 0; i < LOGPAGES;) { char *buffer; uint offset; - struct page *page; + struct page *page = alloc_page(GFP_KERNEL | __GFP_ZERO); - buffer = (char *) get_zeroed_page(GFP_KERNEL); - if (buffer == NULL) + if (!page) goto error; - page = virt_to_page(buffer); + buffer = page_address(page); for (offset = 0; offset < PAGE_SIZE; offset += LOGPSIZE) { lbuf = kmalloc(sizeof(struct lbuf), GFP_KERNEL); if (lbuf == NULL) { if (offset == 0) - free_page((unsigned long) buffer); + __free_page(page); goto error; } if (offset) /* we already have one reference */ From 80f8dccf95147f9668eee021425ecf3ff6432c51 Mon Sep 17 00:00:00 2001 From: Al Viro Date: Sat, 2 Jan 2016 14:29:23 -0500 Subject: [PATCH 43/63] HFS wants 8Kb per-superblock allocation; just use kmalloc() ... rather than play with __get_free_pages() (and figuring out the allocation order, etc.) Signed-off-by: Al Viro --- fs/hfs/mdb.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/fs/hfs/mdb.c b/fs/hfs/mdb.c index aa3f0d6d043c32..a3ec3ae7d34796 100644 --- a/fs/hfs/mdb.c +++ b/fs/hfs/mdb.c @@ -166,7 +166,7 @@ int hfs_mdb_get(struct super_block *sb) pr_warn("continuing without an alternate MDB\n"); } - HFS_SB(sb)->bitmap = (__be32 *)__get_free_pages(GFP_KERNEL, PAGE_SIZE < 8192 ? 1 : 0); + HFS_SB(sb)->bitmap = kmalloc(8192, GFP_KERNEL); if (!HFS_SB(sb)->bitmap) goto out; @@ -360,7 +360,7 @@ void hfs_mdb_put(struct super_block *sb) unload_nls(HFS_SB(sb)->nls_io); unload_nls(HFS_SB(sb)->nls_disk); - free_pages((unsigned long)HFS_SB(sb)->bitmap, PAGE_SIZE < 8192 ? 1 : 0); + kfree(HFS_SB(sb)->bitmap); kfree(HFS_SB(sb)); sb->s_fs_info = NULL; } From 1ceb36285c256347ffa062b7b1b593f801b6697b Mon Sep 17 00:00:00 2001 From: Al Viro Date: Sat, 2 Jan 2016 14:50:51 -0500 Subject: [PATCH 44/63] [um] hostaudio: don't open-code memdup_user() Signed-off-by: Al Viro --- arch/um/drivers/hostaudio_kern.c | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/arch/um/drivers/hostaudio_kern.c b/arch/um/drivers/hostaudio_kern.c index f6b911cc3923a1..3a4b58730f5fbc 100644 --- a/arch/um/drivers/hostaudio_kern.c +++ b/arch/um/drivers/hostaudio_kern.c @@ -105,13 +105,9 @@ static ssize_t hostaudio_write(struct file *file, const char __user *buffer, printk(KERN_DEBUG "hostaudio: write called, count = %d\n", count); #endif - kbuf = kmalloc(count, GFP_KERNEL); - if (kbuf == NULL) - return -ENOMEM; - - err = -EFAULT; - if (copy_from_user(kbuf, buffer, count)) - goto out; + kbuf = memdup_user(buffer, count); + if (IS_ERR(kbuf)) + return PTR_ERR(kbuf); err = os_write_file(state->fd, kbuf, count); if (err < 0) From 793b796ebfcb3157fe80056a719096a550f0c7d0 Mon Sep 17 00:00:00 2001 From: Al Viro Date: Sat, 2 Jan 2016 14:53:28 -0500 Subject: [PATCH 45/63] [um] mconsole: don't open-code memdup_user_nul() Signed-off-by: Al Viro --- arch/um/drivers/mconsole_kern.c | 14 +++----------- 1 file changed, 3 insertions(+), 11 deletions(-) diff --git a/arch/um/drivers/mconsole_kern.c b/arch/um/drivers/mconsole_kern.c index 29880c9b324ed3..b821b13d343a7b 100644 --- a/arch/um/drivers/mconsole_kern.c +++ b/arch/um/drivers/mconsole_kern.c @@ -748,19 +748,11 @@ static ssize_t mconsole_proc_write(struct file *file, { char *buf; - buf = kmalloc(count + 1, GFP_KERNEL); - if (buf == NULL) - return -ENOMEM; - - if (copy_from_user(buf, buffer, count)) { - count = -EFAULT; - goto out; - } - - buf[count] = '\0'; + buf = memdup_user_nul(buffer, count); + if (IS_ERR(buf)) + return PTR_ERR(buf); mconsole_notify(notify_socket, MCONSOLE_USER_NOTIFY, buf, count); - out: kfree(buf); return count; } From 8ed6010d50ee010961ccecb4507470b244928603 Mon Sep 17 00:00:00 2001 From: Al Viro Date: Sat, 2 Jan 2016 14:56:33 -0500 Subject: [PATCH 46/63] mtip32xx: don't open-code memdup_user() [folded a fix by Dan Carpenter] Signed-off-by: Al Viro --- drivers/block/mtip32xx/mtip32xx.c | 23 ++++++++--------------- 1 file changed, 8 insertions(+), 15 deletions(-) diff --git a/drivers/block/mtip32xx/mtip32xx.c b/drivers/block/mtip32xx/mtip32xx.c index 3457ac8c03e2f3..34997d8ecd64b4 100644 --- a/drivers/block/mtip32xx/mtip32xx.c +++ b/drivers/block/mtip32xx/mtip32xx.c @@ -2029,13 +2029,10 @@ static int exec_drive_taskfile(struct driver_data *dd, } if (taskout) { - outbuf = kzalloc(taskout, GFP_KERNEL); - if (outbuf == NULL) { - err = -ENOMEM; - goto abort; - } - if (copy_from_user(outbuf, buf + outtotal, taskout)) { - err = -EFAULT; + outbuf = memdup_user(buf + outtotal, taskout); + if (IS_ERR(outbuf)) { + err = PTR_ERR(outbuf); + outbuf = NULL; goto abort; } outbuf_dma = pci_map_single(dd->pdev, @@ -2050,14 +2047,10 @@ static int exec_drive_taskfile(struct driver_data *dd, } if (taskin) { - inbuf = kzalloc(taskin, GFP_KERNEL); - if (inbuf == NULL) { - err = -ENOMEM; - goto abort; - } - - if (copy_from_user(inbuf, buf + intotal, taskin)) { - err = -EFAULT; + inbuf = memdup_user(buf + intotal, taskin); + if (IS_ERR(inbuf)) { + err = PTR_ERR(inbuf); + inbuf = NULL; goto abort; } inbuf_dma = pci_map_single(dd->pdev, From 820351f05be93623c6e71b5d618f90f0deebc134 Mon Sep 17 00:00:00 2001 From: Al Viro Date: Sat, 2 Jan 2016 14:58:07 -0500 Subject: [PATCH 47/63] rsxx: don't open-code memdup_user() Signed-off-by: Al Viro --- drivers/block/rsxx/core.c | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) diff --git a/drivers/block/rsxx/core.c b/drivers/block/rsxx/core.c index d8b2488aaade10..34997df132e240 100644 --- a/drivers/block/rsxx/core.c +++ b/drivers/block/rsxx/core.c @@ -203,14 +203,11 @@ static ssize_t rsxx_cram_write(struct file *fp, const char __user *ubuf, char *buf; ssize_t st; - buf = kzalloc(cnt, GFP_KERNEL); - if (!buf) - return -ENOMEM; + buf = memdup_user(ubuf, cnt); + if (IS_ERR(buf)) + return PTR_ERR(buf); - st = copy_from_user(buf, ubuf, cnt); - if (!st) - st = rsxx_creg_write(card, CREG_ADD_CRAM + (u32)*ppos, cnt, - buf, 1); + st = rsxx_creg_write(card, CREG_ADD_CRAM + (u32)*ppos, cnt, buf, 1); kfree(buf); if (st) return st; From abb0f6a79fe8eba7982b73313b8623259d78c3f6 Mon Sep 17 00:00:00 2001 From: Al Viro Date: Sat, 2 Jan 2016 14:59:38 -0500 Subject: [PATCH 48/63] cdrom: don't open-code memdup_user() Signed-off-by: Al Viro --- drivers/cdrom/cdrom.c | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/drivers/cdrom/cdrom.c b/drivers/cdrom/cdrom.c index c206ccda899b38..1b257ea9776ae5 100644 --- a/drivers/cdrom/cdrom.c +++ b/drivers/cdrom/cdrom.c @@ -3186,15 +3186,11 @@ static noinline int mmc_ioctl_dvd_read_struct(struct cdrom_device_info *cdi, if (!CDROM_CAN(CDC_DVD)) return -ENOSYS; - s = kmalloc(size, GFP_KERNEL); - if (!s) - return -ENOMEM; + s = memdup_user(arg, size); + if (IS_ERR(s)) + return PTR_ERR(s); cd_dbg(CD_DO_IOCTL, "entering DVD_READ_STRUCT\n"); - if (copy_from_user(s, arg, size)) { - kfree(s); - return -EFAULT; - } ret = dvd_read_struct(cdi, s, cgc); if (ret) From 8f1d57c172482c9a1568ec647fc5c2e64c6c6a57 Mon Sep 17 00:00:00 2001 From: Al Viro Date: Sat, 2 Jan 2016 15:06:19 -0500 Subject: [PATCH 49/63] amdkfd: don't open-code memdup_user() Signed-off-by: Al Viro --- drivers/gpu/drm/amd/amdkfd/kfd_chardev.c | 33 +++++------------------- 1 file changed, 7 insertions(+), 26 deletions(-) diff --git a/drivers/gpu/drm/amd/amdkfd/kfd_chardev.c b/drivers/gpu/drm/amd/amdkfd/kfd_chardev.c index c6a1b4cc645817..d321222fd92ef0 100644 --- a/drivers/gpu/drm/amd/amdkfd/kfd_chardev.c +++ b/drivers/gpu/drm/amd/amdkfd/kfd_chardev.c @@ -559,19 +559,10 @@ static int kfd_ioctl_dbg_address_watch(struct file *filep, /* this is the actual buffer to work with */ - args_buff = kmalloc(args->buf_size_in_bytes - - sizeof(*args), GFP_KERNEL); - if (args_buff == NULL) - return -ENOMEM; - - status = copy_from_user(args_buff, cmd_from_user, + args_buff = memdup_user(args_buff, args->buf_size_in_bytes - sizeof(*args)); - - if (status != 0) { - pr_debug("Failed to copy address watch user data\n"); - kfree(args_buff); - return -EINVAL; - } + if (IS_ERR(args_buff)) + return PTR_ERR(args_buff); aw_info.process = p; @@ -677,22 +668,12 @@ static int kfd_ioctl_dbg_wave_control(struct file *filep, if (cmd_from_user == NULL) return -EINVAL; - /* this is the actual buffer to work with */ + /* copy the entire buffer from user */ - args_buff = kmalloc(args->buf_size_in_bytes - sizeof(*args), - GFP_KERNEL); - - if (args_buff == NULL) - return -ENOMEM; - - /* Now copy the entire buffer from user */ - status = copy_from_user(args_buff, cmd_from_user, + args_buff = memdup_user(cmd_from_user, args->buf_size_in_bytes - sizeof(*args)); - if (status != 0) { - pr_debug("Failed to copy wave control user data\n"); - kfree(args_buff); - return -EINVAL; - } + if (IS_ERR(args_buff)) + return PTR_ERR(args_buff); /* move ptr to the start of the "pay-load" area */ wac_info.process = p; From ccec5ee302d5cbd0273eb1c79bc935a8e3f873c6 Mon Sep 17 00:00:00 2001 From: Mateusz Guzik Date: Wed, 6 Jan 2016 06:41:53 +0100 Subject: [PATCH 50/63] poll: plug an unused argument to do_poll Number of fds is already known based on passed list. No functional changes. Signed-off-by: Mateusz Guzik Signed-off-by: Al Viro --- fs/select.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/fs/select.c b/fs/select.c index 015547330e8869..79d0d4953cada6 100644 --- a/fs/select.c +++ b/fs/select.c @@ -778,8 +778,8 @@ static inline unsigned int do_pollfd(struct pollfd *pollfd, poll_table *pwait, return mask; } -static int do_poll(unsigned int nfds, struct poll_list *list, - struct poll_wqueues *wait, struct timespec *end_time) +static int do_poll(struct poll_list *list, struct poll_wqueues *wait, + struct timespec *end_time) { poll_table* pt = &wait->pt; ktime_t expire, *to = NULL; @@ -908,7 +908,7 @@ int do_sys_poll(struct pollfd __user *ufds, unsigned int nfds, } poll_initwait(&table); - fdcount = do_poll(nfds, head, &table, end_time); + fdcount = do_poll(head, &table, end_time); poll_freewait(&table); for (walk = head; walk; walk = walk->next) { From 424081f3c881ca3aef50cfa571e91863c10d952a Mon Sep 17 00:00:00 2001 From: Dmitry Monakhov Date: Mon, 13 Apr 2015 16:31:34 +0400 Subject: [PATCH 51/63] fs: use gendisk->disk_name where possible gendisk with part==0 is obviously gendisk->disk_name. Signed-off-by: Dmitry Monakhov Signed-off-by: Al Viro --- fs/block_dev.c | 12 +++--------- 1 file changed, 3 insertions(+), 9 deletions(-) diff --git a/fs/block_dev.c b/fs/block_dev.c index 44d4a1e9244e74..01b8e0d4b4ff0a 100644 --- a/fs/block_dev.c +++ b/fs/block_dev.c @@ -1042,12 +1042,9 @@ EXPORT_SYMBOL_GPL(bd_unlink_disk_holder); static void flush_disk(struct block_device *bdev, bool kill_dirty) { if (__invalidate_device(bdev, kill_dirty)) { - char name[BDEVNAME_SIZE] = ""; - - if (bdev->bd_disk) - disk_name(bdev->bd_disk, 0, name); printk(KERN_WARNING "VFS: busy inodes on changed media or " - "resized disk %s\n", name); + "resized disk %s\n", + bdev->bd_disk ? bdev->bd_disk->disk_name : ""); } if (!bdev->bd_disk) @@ -1071,12 +1068,9 @@ void check_disk_size_change(struct gendisk *disk, struct block_device *bdev) disk_size = (loff_t)get_capacity(disk) << 9; bdev_size = i_size_read(bdev->bd_inode); if (disk_size != bdev_size) { - char name[BDEVNAME_SIZE]; - - disk_name(disk, 0, name); printk(KERN_INFO "%s: detected capacity change from %lld to %lld\n", - name, bdev_size, disk_size); + disk->disk_name, bdev_size, disk_size); i_size_write(bdev->bd_inode, disk_size); flush_disk(bdev, false); } From 1031bc589228ca35b3b6fb3dfe4656c0da5fbeb4 Mon Sep 17 00:00:00 2001 From: Dmitry Monakhov Date: Mon, 13 Apr 2015 16:31:35 +0400 Subject: [PATCH 52/63] lib/vsprintf: add %*pg format specifier This allow to directly print block_device name. Currently one should use bdevname() with temporal char buffer. This is very ineffective because bloat stack usage for deep IO call-traces Example: %pg -> sda, sda1 or loop0p1 [AV: fixed a minor braino - position updates should not be dependent upon having reached the of buffer] Signed-off-by: Dmitry Monakhov Signed-off-by: Al Viro --- Documentation/printk-formats.txt | 6 ++++++ lib/vsprintf.c | 29 +++++++++++++++++++++++++++++ 2 files changed, 35 insertions(+) diff --git a/Documentation/printk-formats.txt b/Documentation/printk-formats.txt index b784c270105f40..6389551bbad6a7 100644 --- a/Documentation/printk-formats.txt +++ b/Documentation/printk-formats.txt @@ -250,6 +250,12 @@ dentry names: Passed by reference. +block_device names: + + %pg sda, sda1 or loop0p1 + + For printing name of block_device pointers. + struct va_format: %pV diff --git a/lib/vsprintf.c b/lib/vsprintf.c index f9cee8e1233c0f..ac3f9476b7765b 100644 --- a/lib/vsprintf.c +++ b/lib/vsprintf.c @@ -31,6 +31,9 @@ #include #include #include +#ifdef CONFIG_BLOCK +#include +#endif #include /* for PAGE_SIZE */ #include /* for dereference_function_descriptor() */ @@ -613,6 +616,26 @@ char *dentry_name(char *buf, char *end, const struct dentry *d, struct printf_sp return buf; } +#ifdef CONFIG_BLOCK +static noinline_for_stack +char *bdev_name(char *buf, char *end, struct block_device *bdev, + struct printf_spec spec, const char *fmt) +{ + struct gendisk *hd = bdev->bd_disk; + + buf = string(buf, end, hd->disk_name, spec); + if (bdev->bd_part->partno) { + if (isdigit(hd->disk_name[strlen(hd->disk_name)-1])) { + if (buf < end) + *buf = 'p'; + buf++; + } + buf = number(buf, end, bdev->bd_part->partno, spec); + } + return buf; +} +#endif + static noinline_for_stack char *symbol_string(char *buf, char *end, void *ptr, struct printf_spec spec, const char *fmt) @@ -1443,6 +1466,7 @@ int kptr_restrict __read_mostly; * (default assumed to be phys_addr_t, passed by reference) * - 'd[234]' For a dentry name (optionally 2-4 last components) * - 'D[234]' Same as 'd' but for a struct file + * - 'g' For block_device name (gendisk + partition number) * - 'C' For a clock, it prints the name (Common Clock Framework) or address * (legacy clock framework) of the clock * - 'Cn' For a clock, it prints the name (Common Clock Framework) or address @@ -1600,6 +1624,11 @@ char *pointer(const char *fmt, char *buf, char *end, void *ptr, return dentry_name(buf, end, ((const struct file *)ptr)->f_path.dentry, spec, fmt); +#ifdef CONFIG_BLOCK + case 'g': + return bdev_name(buf, end, ptr, spec, fmt); +#endif + } spec.flags |= SMALL; if (spec.field_width == -1) { From a1c6f05733c27ba7067c06c095f49e8732a5ae17 Mon Sep 17 00:00:00 2001 From: Dmitry Monakhov Date: Mon, 13 Apr 2015 16:31:37 +0400 Subject: [PATCH 53/63] fs: use block_device name vsprintf helper Signed-off-by: Dmitry Monakhov Signed-off-by: Al Viro --- fs/btrfs/super.c | 4 +--- fs/buffer.c | 21 ++++++--------------- fs/ext2/xattr.c | 6 ++---- fs/ext4/page-io.c | 5 ++--- fs/ext4/xattr.c | 6 ++---- fs/f2fs/debug.c | 6 ++---- fs/gfs2/ops_fstype.c | 4 +--- fs/jbd2/transaction.c | 6 ++---- fs/minix/itree_v1.c | 9 ++++----- fs/minix/itree_v2.c | 9 ++++----- fs/nilfs2/super.c | 6 ++---- fs/reiserfs/journal.c | 24 ++++++++++-------------- fs/reiserfs/prints.c | 9 +++------ fs/reiserfs/procfs.c | 5 ++--- fs/squashfs/super.c | 7 +++---- fs/super.c | 4 +--- fs/xfs/xfs_buf.c | 8 ++------ 17 files changed, 49 insertions(+), 90 deletions(-) diff --git a/fs/btrfs/super.c b/fs/btrfs/super.c index 24154e42294516..a0434c179ea96b 100644 --- a/fs/btrfs/super.c +++ b/fs/btrfs/super.c @@ -1514,9 +1514,7 @@ static struct dentry *btrfs_mount(struct file_system_type *fs_type, int flags, if ((flags ^ s->s_flags) & MS_RDONLY) error = -EBUSY; } else { - char b[BDEVNAME_SIZE]; - - strlcpy(s->s_id, bdevname(bdev, b), sizeof(s->s_id)); + snprintf(s->s_id, sizeof(s->s_id), "%pg", bdev); btrfs_sb(s)->bdev_holder = fs_type; error = btrfs_fill_super(s, fs_devices, data, flags & MS_SILENT ? 1 : 0); diff --git a/fs/buffer.c b/fs/buffer.c index 4f4cd959da7c8f..e1632abb4ca9fa 100644 --- a/fs/buffer.c +++ b/fs/buffer.c @@ -134,13 +134,10 @@ __clear_page_buffers(struct page *page) static void buffer_io_error(struct buffer_head *bh, char *msg) { - char b[BDEVNAME_SIZE]; - if (!test_bit(BH_Quiet, &bh->b_state)) printk_ratelimited(KERN_ERR - "Buffer I/O error on dev %s, logical block %llu%s\n", - bdevname(bh->b_bdev, b), - (unsigned long long)bh->b_blocknr, msg); + "Buffer I/O error on dev %pg, logical block %llu%s\n", + bh->b_bdev, (unsigned long long)bh->b_blocknr, msg); } /* @@ -237,15 +234,13 @@ __find_get_block_slow(struct block_device *bdev, sector_t block) * elsewhere, don't buffer_error if we had some unmapped buffers */ if (all_mapped) { - char b[BDEVNAME_SIZE]; - printk("__find_get_block_slow() failed. " "block=%llu, b_blocknr=%llu\n", (unsigned long long)block, (unsigned long long)bh->b_blocknr); printk("b_state=0x%08lx, b_size=%zu\n", bh->b_state, bh->b_size); - printk("device %s blocksize: %d\n", bdevname(bdev, b), + printk("device %pg blocksize: %d\n", bdev, 1 << bd_inode->i_blkbits); } out_unlock: @@ -531,10 +526,8 @@ static int osync_buffers_list(spinlock_t *lock, struct list_head *list) static void do_thaw_one(struct super_block *sb, void *unused) { - char b[BDEVNAME_SIZE]; while (sb->s_bdev && !thaw_bdev(sb->s_bdev, sb)) - printk(KERN_WARNING "Emergency Thaw on %s\n", - bdevname(sb->s_bdev, b)); + printk(KERN_WARNING "Emergency Thaw on %pg\n", sb->s_bdev); } static void do_thaw_all(struct work_struct *work) @@ -1074,12 +1067,10 @@ grow_buffers(struct block_device *bdev, sector_t block, int size, gfp_t gfp) * pagecache index. (this comparison is done using sector_t types). */ if (unlikely(index != block >> sizebits)) { - char b[BDEVNAME_SIZE]; - printk(KERN_ERR "%s: requested out-of-range block %llu for " - "device %s\n", + "device %pg\n", __func__, (unsigned long long)block, - bdevname(bdev, b)); + bdev); return -EIO; } diff --git a/fs/ext2/xattr.c b/fs/ext2/xattr.c index fa70848afa8f4c..a21c259b5fdebc 100644 --- a/fs/ext2/xattr.c +++ b/fs/ext2/xattr.c @@ -77,10 +77,8 @@ printk("\n"); \ } while (0) # define ea_bdebug(bh, f...) do { \ - char b[BDEVNAME_SIZE]; \ - printk(KERN_DEBUG "block %s:%lu: ", \ - bdevname(bh->b_bdev, b), \ - (unsigned long) bh->b_blocknr); \ + printk(KERN_DEBUG "block %pg:%lu: ", \ + bh->b_bdev, (unsigned long) bh->b_blocknr); \ printk(f); \ printk("\n"); \ } while (0) diff --git a/fs/ext4/page-io.c b/fs/ext4/page-io.c index 17fbe3882b8eb7..090b3498638e7a 100644 --- a/fs/ext4/page-io.c +++ b/fs/ext4/page-io.c @@ -52,9 +52,8 @@ void ext4_exit_pageio(void) */ static void buffer_io_error(struct buffer_head *bh) { - char b[BDEVNAME_SIZE]; - printk_ratelimited(KERN_ERR "Buffer I/O error on device %s, logical block %llu\n", - bdevname(bh->b_bdev, b), + printk_ratelimited(KERN_ERR "Buffer I/O error on device %pg, logical block %llu\n", + bh->b_bdev, (unsigned long long)bh->b_blocknr); } diff --git a/fs/ext4/xattr.c b/fs/ext4/xattr.c index 6b6b3e751f8c77..ec4e50ce0733d2 100644 --- a/fs/ext4/xattr.c +++ b/fs/ext4/xattr.c @@ -68,10 +68,8 @@ printk("\n"); \ } while (0) # define ea_bdebug(bh, f...) do { \ - char b[BDEVNAME_SIZE]; \ - printk(KERN_DEBUG "block %s:%lu: ", \ - bdevname(bh->b_bdev, b), \ - (unsigned long) bh->b_blocknr); \ + printk(KERN_DEBUG "block %pg:%lu: ", \ + bh->b_bdev, (unsigned long) bh->b_blocknr); \ printk(f); \ printk("\n"); \ } while (0) diff --git a/fs/f2fs/debug.c b/fs/f2fs/debug.c index 478e5d54154f5b..ad1b18a7705bcd 100644 --- a/fs/f2fs/debug.c +++ b/fs/f2fs/debug.c @@ -211,12 +211,10 @@ static int stat_show(struct seq_file *s, void *v) mutex_lock(&f2fs_stat_mutex); list_for_each_entry(si, &f2fs_stat_list, stat_list) { - char devname[BDEVNAME_SIZE]; - update_general_status(si->sbi); - seq_printf(s, "\n=====[ partition info(%s). #%d ]=====\n", - bdevname(si->sbi->sb->s_bdev, devname), i++); + seq_printf(s, "\n=====[ partition info(%pg). #%d ]=====\n", + si->sbi->sb->s_bdev, i++); seq_printf(s, "[SB: 1] [CP: 2] [SIT: %d] [NAT: %d] ", si->sit_area_segs, si->nat_area_segs); seq_printf(s, "[SSA: %d] [MAIN: %d", diff --git a/fs/gfs2/ops_fstype.c b/fs/gfs2/ops_fstype.c index baab99b69d8ae3..001c6664124302 100644 --- a/fs/gfs2/ops_fstype.c +++ b/fs/gfs2/ops_fstype.c @@ -1315,9 +1315,7 @@ static struct dentry *gfs2_mount(struct file_system_type *fs_type, int flags, if ((flags ^ s->s_flags) & MS_RDONLY) goto error_super; } else { - char b[BDEVNAME_SIZE]; - - strlcpy(s->s_id, bdevname(bdev, b), sizeof(s->s_id)); + snprintf(s->s_id, sizeof(s->s_id), "%pg", bdev); sb_set_blocksize(s, block_size(bdev)); error = fill_super(s, &args, flags & MS_SILENT ? 1 : 0); if (error) diff --git a/fs/jbd2/transaction.c b/fs/jbd2/transaction.c index ca181e81c76551..081dff087fc07c 100644 --- a/fs/jbd2/transaction.c +++ b/fs/jbd2/transaction.c @@ -764,13 +764,11 @@ void jbd2_journal_unlock_updates (journal_t *journal) static void warn_dirty_buffer(struct buffer_head *bh) { - char b[BDEVNAME_SIZE]; - printk(KERN_WARNING - "JBD2: Spotted dirty metadata buffer (dev = %s, blocknr = %llu). " + "JBD2: Spotted dirty metadata buffer (dev = %pg, blocknr = %llu). " "There's a risk of filesystem corruption in case of system " "crash.\n", - bdevname(bh->b_bdev, b), (unsigned long long)bh->b_blocknr); + bh->b_bdev, (unsigned long long)bh->b_blocknr); } /* Call t_frozen trigger and copy buffer data into jh->b_frozen_data. */ diff --git a/fs/minix/itree_v1.c b/fs/minix/itree_v1.c index 282e15ad8cd8c8..46ca39d6c73586 100644 --- a/fs/minix/itree_v1.c +++ b/fs/minix/itree_v1.c @@ -24,16 +24,15 @@ static inline block_t *i_data(struct inode *inode) static int block_to_path(struct inode * inode, long block, int offsets[DEPTH]) { int n = 0; - char b[BDEVNAME_SIZE]; if (block < 0) { - printk("MINIX-fs: block_to_path: block %ld < 0 on dev %s\n", - block, bdevname(inode->i_sb->s_bdev, b)); + printk("MINIX-fs: block_to_path: block %ld < 0 on dev %pg\n", + block, inode->i_sb->s_bdev); } else if (block >= (minix_sb(inode->i_sb)->s_max_size/BLOCK_SIZE)) { if (printk_ratelimit()) printk("MINIX-fs: block_to_path: " - "block %ld too big on dev %s\n", - block, bdevname(inode->i_sb->s_bdev, b)); + "block %ld too big on dev %pg\n", + block, inode->i_sb->s_bdev); } else if (block < 7) { offsets[n++] = block; } else if ((block -= 7) < 512) { diff --git a/fs/minix/itree_v2.c b/fs/minix/itree_v2.c index 78e2d93e5c830f..1ee10135258646 100644 --- a/fs/minix/itree_v2.c +++ b/fs/minix/itree_v2.c @@ -26,18 +26,17 @@ static inline block_t *i_data(struct inode *inode) static int block_to_path(struct inode * inode, long block, int offsets[DEPTH]) { int n = 0; - char b[BDEVNAME_SIZE]; struct super_block *sb = inode->i_sb; if (block < 0) { - printk("MINIX-fs: block_to_path: block %ld < 0 on dev %s\n", - block, bdevname(sb->s_bdev, b)); + printk("MINIX-fs: block_to_path: block %ld < 0 on dev %pg\n", + block, sb->s_bdev); } else if ((u64)block * (u64)sb->s_blocksize >= minix_sb(sb)->s_max_size) { if (printk_ratelimit()) printk("MINIX-fs: block_to_path: " - "block %ld too big on dev %s\n", - block, bdevname(sb->s_bdev, b)); + "block %ld too big on dev %pg\n", + block, sb->s_bdev); } else if (block < DIRCOUNT) { offsets[n++] = block; } else if ((block -= DIRCOUNT) < INDIRCOUNT(sb)) { diff --git a/fs/nilfs2/super.c b/fs/nilfs2/super.c index 354013ea22ec21..c7343844e6b62a 100644 --- a/fs/nilfs2/super.c +++ b/fs/nilfs2/super.c @@ -1316,13 +1316,11 @@ nilfs_mount(struct file_system_type *fs_type, int flags, } if (!s->s_root) { - char b[BDEVNAME_SIZE]; - - s_new = true; + s_new = true; /* New superblock instance created */ s->s_mode = mode; - strlcpy(s->s_id, bdevname(sd.bdev, b), sizeof(s->s_id)); + snprintf(s->s_id, sizeof(s->s_id), "%pg", sd.bdev); sb_set_blocksize(s, block_size(sd.bdev)); err = nilfs_fill_super(s, data, flags & MS_SILENT ? 1 : 0); diff --git a/fs/reiserfs/journal.c b/fs/reiserfs/journal.c index 9d6486d416a333..44c2bdced1c87f 100644 --- a/fs/reiserfs/journal.c +++ b/fs/reiserfs/journal.c @@ -618,12 +618,10 @@ static void release_buffer_page(struct buffer_head *bh) static void reiserfs_end_buffer_io_sync(struct buffer_head *bh, int uptodate) { - char b[BDEVNAME_SIZE]; - if (buffer_journaled(bh)) { reiserfs_warning(NULL, "clm-2084", - "pinned buffer %lu:%s sent to disk", - bh->b_blocknr, bdevname(bh->b_bdev, b)); + "pinned buffer %lu:%pg sent to disk", + bh->b_blocknr, bh->b_bdev); } if (uptodate) set_buffer_uptodate(bh); @@ -2387,11 +2385,10 @@ static int journal_read(struct super_block *sb) int replay_count = 0; int continue_replay = 1; int ret; - char b[BDEVNAME_SIZE]; cur_dblock = SB_ONDISK_JOURNAL_1st_BLOCK(sb); - reiserfs_info(sb, "checking transaction log (%s)\n", - bdevname(journal->j_dev_bd, b)); + reiserfs_info(sb, "checking transaction log (%pg)\n", + journal->j_dev_bd); start = get_seconds(); /* @@ -2651,8 +2648,8 @@ static int journal_init_dev(struct super_block *super, set_blocksize(journal->j_dev_bd, super->s_blocksize); reiserfs_info(super, - "journal_init_dev: journal device: %s\n", - bdevname(journal->j_dev_bd, b)); + "journal_init_dev: journal device: %pg\n", + journal->j_dev_bd); return 0; } @@ -2724,7 +2721,6 @@ int journal_init(struct super_block *sb, const char *j_dev_name, struct reiserfs_journal_header *jh; struct reiserfs_journal *journal; struct reiserfs_journal_list *jl; - char b[BDEVNAME_SIZE]; int ret; journal = SB_JOURNAL(sb) = vzalloc(sizeof(struct reiserfs_journal)); @@ -2794,10 +2790,10 @@ int journal_init(struct super_block *sb, const char *j_dev_name, && (le32_to_cpu(jh->jh_journal.jp_journal_magic) != sb_jp_journal_magic(rs))) { reiserfs_warning(sb, "sh-460", - "journal header magic %x (device %s) does " + "journal header magic %x (device %pg) does " "not match to magic found in super block %x", jh->jh_journal.jp_journal_magic, - bdevname(journal->j_dev_bd, b), + journal->j_dev_bd, sb_jp_journal_magic(rs)); brelse(bhjh); goto free_and_return; @@ -2818,10 +2814,10 @@ int journal_init(struct super_block *sb, const char *j_dev_name, journal->j_max_trans_age = commit_max_age; } - reiserfs_info(sb, "journal params: device %s, size %u, " + reiserfs_info(sb, "journal params: device %pg, size %u, " "journal first block %u, max trans len %u, max batch %u, " "max commit age %u, max trans age %u\n", - bdevname(journal->j_dev_bd, b), + journal->j_dev_bd, SB_ONDISK_JOURNAL_SIZE(sb), SB_ONDISK_JOURNAL_1st_BLOCK(sb), journal->j_trans_max, diff --git a/fs/reiserfs/prints.c b/fs/reiserfs/prints.c index ae1dc841db3af8..4f3f928076f3c2 100644 --- a/fs/reiserfs/prints.c +++ b/fs/reiserfs/prints.c @@ -139,11 +139,9 @@ static void sprintf_block_head(char *buf, struct buffer_head *bh) static void sprintf_buffer_head(char *buf, struct buffer_head *bh) { - char b[BDEVNAME_SIZE]; - sprintf(buf, - "dev %s, size %zd, blocknr %llu, count %d, state 0x%lx, page %p, (%s, %s, %s)", - bdevname(bh->b_bdev, b), bh->b_size, + "dev %pg, size %zd, blocknr %llu, count %d, state 0x%lx, page %p, (%s, %s, %s)", + bh->b_bdev, bh->b_size, (unsigned long long)bh->b_blocknr, atomic_read(&(bh->b_count)), bh->b_state, bh->b_page, buffer_uptodate(bh) ? "UPTODATE" : "!UPTODATE", @@ -530,7 +528,6 @@ static int print_super_block(struct buffer_head *bh) (struct reiserfs_super_block *)(bh->b_data); int skipped, data_blocks; char *version; - char b[BDEVNAME_SIZE]; if (is_reiserfs_3_5(rs)) { version = "3.5"; @@ -543,7 +540,7 @@ static int print_super_block(struct buffer_head *bh) return 1; } - printk("%s\'s super block is in block %llu\n", bdevname(bh->b_bdev, b), + printk("%pg\'s super block is in block %llu\n", bh->b_bdev, (unsigned long long)bh->b_blocknr); printk("Reiserfs version %s\n", version); printk("Block count %u\n", sb_block_count(rs)); diff --git a/fs/reiserfs/procfs.c b/fs/reiserfs/procfs.c index 621b9f381fe1fa..fe999157dd97e6 100644 --- a/fs/reiserfs/procfs.c +++ b/fs/reiserfs/procfs.c @@ -303,11 +303,10 @@ static int show_journal(struct seq_file *m, void *unused) struct reiserfs_sb_info *r = REISERFS_SB(sb); struct reiserfs_super_block *rs = r->s_rs; struct journal_params *jp = &rs->s_v1.s_journal; - char b[BDEVNAME_SIZE]; seq_printf(m, /* on-disk fields */ "jp_journal_1st_block: \t%i\n" - "jp_journal_dev: \t%s[%x]\n" + "jp_journal_dev: \t%pg[%x]\n" "jp_journal_size: \t%i\n" "jp_journal_trans_max: \t%i\n" "jp_journal_magic: \t%i\n" @@ -348,7 +347,7 @@ static int show_journal(struct seq_file *m, void *unused) "prepare: \t%12lu\n" "prepare_retry: \t%12lu\n", DJP(jp_journal_1st_block), - bdevname(SB_JOURNAL(sb)->j_dev_bd, b), + SB_JOURNAL(sb)->j_dev_bd, DJP(jp_journal_dev), DJP(jp_journal_size), DJP(jp_journal_trans_max), diff --git a/fs/squashfs/super.c b/fs/squashfs/super.c index 5056babe00df93..dded920cbc8f14 100644 --- a/fs/squashfs/super.c +++ b/fs/squashfs/super.c @@ -80,7 +80,6 @@ static int squashfs_fill_super(struct super_block *sb, void *data, int silent) { struct squashfs_sb_info *msblk; struct squashfs_super_block *sblk = NULL; - char b[BDEVNAME_SIZE]; struct inode *root; long long root_inode; unsigned short flags; @@ -124,8 +123,8 @@ static int squashfs_fill_super(struct super_block *sb, void *data, int silent) sb->s_magic = le32_to_cpu(sblk->s_magic); if (sb->s_magic != SQUASHFS_MAGIC) { if (!silent) - ERROR("Can't find a SQUASHFS superblock on %s\n", - bdevname(sb->s_bdev, b)); + ERROR("Can't find a SQUASHFS superblock on %pg\n", + sb->s_bdev); goto failed_mount; } @@ -178,7 +177,7 @@ static int squashfs_fill_super(struct super_block *sb, void *data, int silent) msblk->inodes = le32_to_cpu(sblk->inodes); flags = le16_to_cpu(sblk->flags); - TRACE("Found valid superblock on %s\n", bdevname(sb->s_bdev, b)); + TRACE("Found valid superblock on %pg\n", sb->s_bdev); TRACE("Inodes are %scompressed\n", SQUASHFS_UNCOMPRESSED_INODES(flags) ? "un" : ""); TRACE("Data is %scompressed\n", SQUASHFS_UNCOMPRESSED_DATA(flags) diff --git a/fs/super.c b/fs/super.c index 954aeb80e202be..cc658a20a29e10 100644 --- a/fs/super.c +++ b/fs/super.c @@ -1012,10 +1012,8 @@ struct dentry *mount_bdev(struct file_system_type *fs_type, blkdev_put(bdev, mode); down_write(&s->s_umount); } else { - char b[BDEVNAME_SIZE]; - s->s_mode = mode; - strlcpy(s->s_id, bdevname(bdev, b), sizeof(s->s_id)); + snprintf(s->s_id, sizeof(s->s_id), "%pg", bdev); sb_set_blocksize(s, block_size(bdev)); error = fill_super(s, data, flags & MS_SILENT ? 1 : 0); if (error) { diff --git a/fs/xfs/xfs_buf.c b/fs/xfs/xfs_buf.c index 3243cdf97f33f2..ace91e7c713e39 100644 --- a/fs/xfs/xfs_buf.c +++ b/fs/xfs/xfs_buf.c @@ -1632,13 +1632,9 @@ xfs_setsize_buftarg( btp->bt_meta_sectormask = sectorsize - 1; if (set_blocksize(btp->bt_bdev, sectorsize)) { - char name[BDEVNAME_SIZE]; - - bdevname(btp->bt_bdev, name); - xfs_warn(btp->bt_mount, - "Cannot set_blocksize to %u on device %s", - sectorsize, name); + "Cannot set_blocksize to %u on device %pg", + sectorsize, btp->bt_bdev); return -EINVAL; } From 263a3df18fa2c078ab3e8b14fece6cfa6053e86a Mon Sep 17 00:00:00 2001 From: Al Viro Date: Thu, 7 Jan 2016 10:04:37 -0500 Subject: [PATCH 54/63] nbd: use ->compat_ioctl() Signed-off-by: Al Viro --- drivers/block/nbd.c | 1 + fs/compat_ioctl.c | 11 ----------- 2 files changed, 1 insertion(+), 11 deletions(-) diff --git a/drivers/block/nbd.c b/drivers/block/nbd.c index 93b3f99b6865fe..e4c5cc10793441 100644 --- a/drivers/block/nbd.c +++ b/drivers/block/nbd.c @@ -827,6 +827,7 @@ static const struct block_device_operations nbd_fops = { .owner = THIS_MODULE, .ioctl = nbd_ioctl, + .compat_ioctl = nbd_ioctl, }; #if IS_ENABLED(CONFIG_DEBUG_FS) diff --git a/fs/compat_ioctl.c b/fs/compat_ioctl.c index 9144b779d10ef4..c9fca9c33ff112 100644 --- a/fs/compat_ioctl.c +++ b/fs/compat_ioctl.c @@ -1305,12 +1305,6 @@ COMPATIBLE_IOCTL(PCIIOC_CONTROLLER) COMPATIBLE_IOCTL(PCIIOC_MMAP_IS_IO) COMPATIBLE_IOCTL(PCIIOC_MMAP_IS_MEM) COMPATIBLE_IOCTL(PCIIOC_WRITE_COMBINE) -/* NBD */ -COMPATIBLE_IOCTL(NBD_DO_IT) -COMPATIBLE_IOCTL(NBD_CLEAR_SOCK) -COMPATIBLE_IOCTL(NBD_CLEAR_QUE) -COMPATIBLE_IOCTL(NBD_PRINT_DEBUG) -COMPATIBLE_IOCTL(NBD_DISCONNECT) /* i2c */ COMPATIBLE_IOCTL(I2C_SLAVE) COMPATIBLE_IOCTL(I2C_SLAVE_FORCE) @@ -1529,11 +1523,6 @@ static long do_ioctl_trans(unsigned int cmd, case KDSKBMETA: case KDSKBLED: case KDSETLED: - /* NBD */ - case NBD_SET_SOCK: - case NBD_SET_BLKSIZE: - case NBD_SET_SIZE: - case NBD_SET_SIZE_BLOCKS: return vfs_ioctl(file, cmd, arg); } From bdb97e91e0140230bda9a83f6dbaa29b0c2e0522 Mon Sep 17 00:00:00 2001 From: Al Viro Date: Sat, 9 Jan 2016 02:16:04 -0500 Subject: [PATCH 55/63] [s390] page_to_phys() always returns a multiple of PAGE_SIZE Acked-by: Martin Schwidefsky Signed-off-by: Al Viro --- arch/s390/pci/pci_dma.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/arch/s390/pci/pci_dma.c b/arch/s390/pci/pci_dma.c index d348f2c09a1eed..32da0a6ecec26b 100644 --- a/arch/s390/pci/pci_dma.c +++ b/arch/s390/pci/pci_dma.c @@ -366,8 +366,7 @@ static void *s390_dma_alloc(struct device *dev, size_t size, pa = page_to_phys(page); memset((void *) pa, 0, size); - map = s390_dma_map_pages(dev, page, pa % PAGE_SIZE, - size, DMA_BIDIRECTIONAL, NULL); + map = s390_dma_map_pages(dev, page, 0, size, DMA_BIDIRECTIONAL, NULL); if (dma_mapping_error(dev, map)) { free_pages(pa, get_order(size)); return NULL; From 0b2a6f231dcbc7bd543a5aaa23b0ea76ce16e585 Mon Sep 17 00:00:00 2001 From: Richard Weinberger Date: Sat, 2 Jan 2016 23:09:47 +0100 Subject: [PATCH 56/63] fs: xattr: Use kvfree() ... instead of open coding it. Signed-off-by: Richard Weinberger Signed-off-by: Al Viro --- fs/xattr.c | 38 ++++++++++++++------------------------ 1 file changed, 14 insertions(+), 24 deletions(-) diff --git a/fs/xattr.c b/fs/xattr.c index 9b932b95d74e4f..9e8a6529dfc56b 100644 --- a/fs/xattr.c +++ b/fs/xattr.c @@ -324,7 +324,6 @@ setxattr(struct dentry *d, const char __user *name, const void __user *value, { int error; void *kvalue = NULL; - void *vvalue = NULL; /* If non-NULL, we used vmalloc() */ char kname[XATTR_NAME_MAX + 1]; if (flags & ~(XATTR_CREATE|XATTR_REPLACE)) @@ -341,10 +340,9 @@ setxattr(struct dentry *d, const char __user *name, const void __user *value, return -E2BIG; kvalue = kmalloc(size, GFP_KERNEL | __GFP_NOWARN); if (!kvalue) { - vvalue = vmalloc(size); - if (!vvalue) + kvalue = vmalloc(size); + if (!kvalue) return -ENOMEM; - kvalue = vvalue; } if (copy_from_user(kvalue, value, size)) { error = -EFAULT; @@ -357,10 +355,8 @@ setxattr(struct dentry *d, const char __user *name, const void __user *value, error = vfs_setxattr(d, kname, kvalue, size, flags); out: - if (vvalue) - vfree(vvalue); - else - kfree(kvalue); + kvfree(kvalue); + return error; } @@ -428,7 +424,6 @@ getxattr(struct dentry *d, const char __user *name, void __user *value, { ssize_t error; void *kvalue = NULL; - void *vvalue = NULL; char kname[XATTR_NAME_MAX + 1]; error = strncpy_from_user(kname, name, sizeof(kname)); @@ -442,10 +437,9 @@ getxattr(struct dentry *d, const char __user *name, void __user *value, size = XATTR_SIZE_MAX; kvalue = kzalloc(size, GFP_KERNEL | __GFP_NOWARN); if (!kvalue) { - vvalue = vmalloc(size); - if (!vvalue) + kvalue = vmalloc(size); + if (!kvalue) return -ENOMEM; - kvalue = vvalue; } } @@ -461,10 +455,9 @@ getxattr(struct dentry *d, const char __user *name, void __user *value, than XATTR_SIZE_MAX bytes. Not possible. */ error = -E2BIG; } - if (vvalue) - vfree(vvalue); - else - kfree(kvalue); + + kvfree(kvalue); + return error; } @@ -521,17 +514,15 @@ listxattr(struct dentry *d, char __user *list, size_t size) { ssize_t error; char *klist = NULL; - char *vlist = NULL; /* If non-NULL, we used vmalloc() */ if (size) { if (size > XATTR_LIST_MAX) size = XATTR_LIST_MAX; klist = kmalloc(size, __GFP_NOWARN | GFP_KERNEL); if (!klist) { - vlist = vmalloc(size); - if (!vlist) + klist = vmalloc(size); + if (!klist) return -ENOMEM; - klist = vlist; } } @@ -544,10 +535,9 @@ listxattr(struct dentry *d, char __user *list, size_t size) than XATTR_LIST_MAX bytes. Not possible. */ error = -E2BIG; } - if (vlist) - vfree(vlist); - else - kfree(klist); + + kvfree(klist); + return error; } From 90330e689c32e5105265c461c54af6ecec3373fa Mon Sep 17 00:00:00 2001 From: Abhi Das Date: Fri, 18 Dec 2015 14:11:36 -0600 Subject: [PATCH 57/63] fs: __generic_file_splice_read retry lookup on AOP_TRUNCATED_PAGE During testing, I discovered that __generic_file_splice_read() returns 0 (EOF) when aops->readpage fails with AOP_TRUNCATED_PAGE on the first page of a single/multi-page splice read operation. This EOF return code causes the userspace test to (correctly) report a zero-length read error when it was expecting otherwise. The current strategy of returning a partial non-zero read when ->readpage returns AOP_TRUNCATED_PAGE works only when the failed page is not the first of the lot being processed. This patch attempts to retry lookup and call ->readpage again on pages that had previously failed with AOP_TRUNCATED_PAGE. With this patch, my tests pass and I haven't noticed any unwanted side effects. This version removes the thrice-retry loop and instead indefinitely retries lookups on AOP_TRUNCATED_PAGE errors from ->readpage. This behavior is now similar to do_generic_file_read(). Signed-off-by: Abhi Das Reviewed-by: Jan Kara Cc: Bob Peterson Cc: Al Viro Signed-off-by: Al Viro --- fs/splice.c | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/fs/splice.c b/fs/splice.c index 4cf700d50b4037..82bc0d64fc38d5 100644 --- a/fs/splice.c +++ b/fs/splice.c @@ -415,6 +415,7 @@ __generic_file_splice_read(struct file *in, loff_t *ppos, */ if (!page->mapping) { unlock_page(page); +retry_lookup: page = find_or_create_page(mapping, index, mapping_gfp_mask(mapping)); @@ -439,13 +440,10 @@ __generic_file_splice_read(struct file *in, loff_t *ppos, error = mapping->a_ops->readpage(in, page); if (unlikely(error)) { /* - * We really should re-lookup the page here, - * but it complicates things a lot. Instead - * lets just do what we already stored, and - * we'll get it the next time we are called. + * Re-lookup the page */ if (error == AOP_TRUNCATED_PAGE) - error = 0; + goto retry_lookup; break; } From 0dbf5f20652108106cb822ad7662c786baaa03ff Mon Sep 17 00:00:00 2001 From: Stanislav Kinsburskiy Date: Tue, 15 Dec 2015 19:41:31 +0400 Subject: [PATCH 58/63] fcntl: allow to set O_DIRECT flag on pipe With packetized mode for pipes, it's not possible to set O_DIRECT on pipe file via sys_fcntl, because of unsupported sanity checks. Ability to set this flag will be used by CRIU to migrate packetized pipes. v2: Fixed typos and mode variable to check. Signed-off-by: Stanislav Kinsburskiy Signed-off-by: Al Viro --- fs/fcntl.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/fs/fcntl.c b/fs/fcntl.c index ee85cd4e136abb..350a2c8cfd28f3 100644 --- a/fs/fcntl.c +++ b/fs/fcntl.c @@ -51,7 +51,8 @@ static int setfl(int fd, struct file * filp, unsigned long arg) if (arg & O_NDELAY) arg |= O_NONBLOCK; - if (arg & O_DIRECT) { + /* Pipe packetized mode is controlled by O_DIRECT flag */ + if (!S_ISFIFO(filp->f_inode->i_mode) && (arg & O_DIRECT)) { if (!filp->f_mapping || !filp->f_mapping->a_ops || !filp->f_mapping->a_ops->direct_IO) return -EINVAL; From bc51b2a9193f917f2065313d9971d7d5e867bc81 Mon Sep 17 00:00:00 2001 From: Julia Lawall Date: Fri, 11 Dec 2015 17:03:26 +0100 Subject: [PATCH 59/63] logfs: constify logfs_block_ops structures The logfs_block_ops structures are never modified, so declare them as const. Done with the help of Coccinelle. Signed-off-by: Julia Lawall Signed-off-by: Al Viro --- fs/logfs/logfs.h | 4 ++-- fs/logfs/readwrite.c | 4 ++-- fs/logfs/segment.c | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/fs/logfs/logfs.h b/fs/logfs/logfs.h index 5f09376094651c..5731361eba464e 100644 --- a/fs/logfs/logfs.h +++ b/fs/logfs/logfs.h @@ -302,7 +302,7 @@ struct logfs_block { struct inode *inode; struct logfs_transaction *ta; unsigned long alias_map[LOGFS_BLOCK_FACTOR / BITS_PER_LONG]; - struct logfs_block_ops *ops; + const struct logfs_block_ops *ops; int full; int partial; int reserved_bytes; @@ -579,7 +579,7 @@ int logfs_exist_block(struct inode *inode, u64 bix); int get_page_reserve(struct inode *inode, struct page *page); void logfs_get_wblocks(struct super_block *sb, struct page *page, int lock); void logfs_put_wblocks(struct super_block *sb, struct page *page, int lock); -extern struct logfs_block_ops indirect_block_ops; +extern const struct logfs_block_ops indirect_block_ops; /* segment.c */ int logfs_erase_segment(struct super_block *sb, u32 ofs, int ensure_erase); diff --git a/fs/logfs/readwrite.c b/fs/logfs/readwrite.c index 380d86e1ab450b..20973c9e52f807 100644 --- a/fs/logfs/readwrite.c +++ b/fs/logfs/readwrite.c @@ -569,13 +569,13 @@ static void indirect_free_block(struct super_block *sb, } -static struct logfs_block_ops inode_block_ops = { +static const struct logfs_block_ops inode_block_ops = { .write_block = inode_write_block, .free_block = inode_free_block, .write_alias = inode_write_alias, }; -struct logfs_block_ops indirect_block_ops = { +const struct logfs_block_ops indirect_block_ops = { .write_block = indirect_write_block, .free_block = indirect_free_block, .write_alias = indirect_write_alias, diff --git a/fs/logfs/segment.c b/fs/logfs/segment.c index 6de0fbfc6c00a2..d270e4b2ab6b0f 100644 --- a/fs/logfs/segment.c +++ b/fs/logfs/segment.c @@ -197,7 +197,7 @@ static int btree_write_alias(struct super_block *sb, struct logfs_block *block, return 0; } -static struct logfs_block_ops btree_block_ops = { +static const struct logfs_block_ops btree_block_ops = { .write_block = btree_write_block, .free_block = __free_block, .write_alias = btree_write_alias, From 3cc4a84e026e8d61b7ffe4a7367ed09a555f2c5b Mon Sep 17 00:00:00 2001 From: Eric Dumazet Date: Thu, 3 Dec 2015 11:12:07 -0800 Subject: [PATCH 60/63] proc: add a reschedule point in proc_readfd_common() User can pass an arbitrary large buffer to getdents(). It is typically a 32KB buffer used by libc scandir() implementation. When scanning /proc/{pid}/fd, we can hold cpu way too long, so add a cond_resched() to be kind with other tasks. We've seen latencies of more than 50ms on real workloads. Signed-off-by: Eric Dumazet Cc: Alexander Viro Signed-off-by: Al Viro --- fs/proc/fd.c | 1 + 1 file changed, 1 insertion(+) diff --git a/fs/proc/fd.c b/fs/proc/fd.c index 3c2a915c695a31..56afa5ef08f2db 100644 --- a/fs/proc/fd.c +++ b/fs/proc/fd.c @@ -258,6 +258,7 @@ static int proc_readfd_common(struct file *file, struct dir_context *ctx, name, len, instantiate, p, (void *)(unsigned long)fd)) goto out_fd_loop; + cond_resched(); rcu_read_lock(); } rcu_read_unlock(); From 8f5fed1e917588f946ad8882bd47a4093db0ff4c Mon Sep 17 00:00:00 2001 From: Sasha Levin Date: Thu, 7 Jan 2016 17:49:51 -0500 Subject: [PATCH 61/63] fs/9p: use fscache mutex rather than spinlock We may sleep inside a the lock, so use a mutex rather than spinlock. Signed-off-by: Sasha Levin Signed-off-by: Al Viro --- fs/9p/cache.c | 8 ++++---- fs/9p/v9fs.h | 2 +- fs/9p/vfs_inode.c | 2 +- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/fs/9p/cache.c b/fs/9p/cache.c index a69260f27555df..103ca5e1267beb 100644 --- a/fs/9p/cache.c +++ b/fs/9p/cache.c @@ -243,14 +243,14 @@ void v9fs_cache_inode_set_cookie(struct inode *inode, struct file *filp) if (!v9inode->fscache) return; - spin_lock(&v9inode->fscache_lock); + mutex_lock(&v9inode->fscache_lock); if ((filp->f_flags & O_ACCMODE) != O_RDONLY) v9fs_cache_inode_flush_cookie(inode); else v9fs_cache_inode_get_cookie(inode); - spin_unlock(&v9inode->fscache_lock); + mutex_unlock(&v9inode->fscache_lock); } void v9fs_cache_inode_reset_cookie(struct inode *inode) @@ -264,7 +264,7 @@ void v9fs_cache_inode_reset_cookie(struct inode *inode) old = v9inode->fscache; - spin_lock(&v9inode->fscache_lock); + mutex_lock(&v9inode->fscache_lock); fscache_relinquish_cookie(v9inode->fscache, 1); v9ses = v9fs_inode2v9ses(inode); @@ -274,7 +274,7 @@ void v9fs_cache_inode_reset_cookie(struct inode *inode) p9_debug(P9_DEBUG_FSC, "inode %p revalidating cookie old %p new %p\n", inode, old, v9inode->fscache); - spin_unlock(&v9inode->fscache_lock); + mutex_unlock(&v9inode->fscache_lock); } int __v9fs_fscache_release_page(struct page *page, gfp_t gfp) diff --git a/fs/9p/v9fs.h b/fs/9p/v9fs.h index 0923f2cf3c80aa..6877050384a140 100644 --- a/fs/9p/v9fs.h +++ b/fs/9p/v9fs.h @@ -123,7 +123,7 @@ struct v9fs_session_info { struct v9fs_inode { #ifdef CONFIG_9P_FSCACHE - spinlock_t fscache_lock; + struct mutex fscache_lock; struct fscache_cookie *fscache; #endif struct p9_qid qid; diff --git a/fs/9p/vfs_inode.c b/fs/9p/vfs_inode.c index 511078586fa135..fbdb29ba62af6d 100644 --- a/fs/9p/vfs_inode.c +++ b/fs/9p/vfs_inode.c @@ -244,7 +244,7 @@ struct inode *v9fs_alloc_inode(struct super_block *sb) return NULL; #ifdef CONFIG_9P_FSCACHE v9inode->fscache = NULL; - spin_lock_init(&v9inode->fscache_lock); + mutex_init(&v9inode->fscache_lock); #endif v9inode->writeback_fid = NULL; v9inode->cache_validity = 0; From db39c16724d019029d7533561754d92bef1b389a Mon Sep 17 00:00:00 2001 From: DengChao Date: Thu, 12 Nov 2015 21:40:41 +0800 Subject: [PATCH 62/63] fs:affs:Replace time_t with time64_t The affs code uses "time_t" and "get_seconds()". This will cause problems on 32-bit architectures in 2038 when time_t overflows. This patch replaces them with "time64_t" and "ktime_get_real_seconds()". This patch introduces expensive 64-bit divsion in "secs_to_datestamp()", considering this function is not called so often, the cost should be acceptable. Reviewed-by: Arnd Bergmann Signed-off-by: DengChao Signed-off-by: Al Viro --- fs/affs/affs.h | 2 +- fs/affs/amigaffs.c | 13 +++++++------ fs/affs/super.c | 2 +- 3 files changed, 9 insertions(+), 8 deletions(-) diff --git a/fs/affs/affs.h b/fs/affs/affs.h index c69a87eaf57d14..cc2b2efc92116c 100644 --- a/fs/affs/affs.h +++ b/fs/affs/affs.h @@ -138,7 +138,7 @@ extern int affs_remove_hash(struct inode *dir, struct buffer_head *rem_bh); extern int affs_remove_header(struct dentry *dentry); extern u32 affs_checksum_block(struct super_block *sb, struct buffer_head *bh); extern void affs_fix_checksum(struct super_block *sb, struct buffer_head *bh); -extern void secs_to_datestamp(time_t secs, struct affs_date *ds); +extern void secs_to_datestamp(time64_t secs, struct affs_date *ds); extern umode_t prot_to_mode(u32 prot); extern void mode_to_prot(struct inode *inode); __printf(3, 4) diff --git a/fs/affs/amigaffs.c b/fs/affs/amigaffs.c index 5fa92bc790ef7e..d6c7a51c93e4cc 100644 --- a/fs/affs/amigaffs.c +++ b/fs/affs/amigaffs.c @@ -8,6 +8,7 @@ * Please send bug reports to: hjw@zvw.de */ +#include #include "affs.h" /* @@ -366,22 +367,22 @@ affs_fix_checksum(struct super_block *sb, struct buffer_head *bh) } void -secs_to_datestamp(time_t secs, struct affs_date *ds) +secs_to_datestamp(time64_t secs, struct affs_date *ds) { u32 days; u32 minute; + s32 rem; secs -= sys_tz.tz_minuteswest * 60 + ((8 * 365 + 2) * 24 * 60 * 60); if (secs < 0) secs = 0; - days = secs / 86400; - secs -= days * 86400; - minute = secs / 60; - secs -= minute * 60; + days = div_s64_rem(secs, 86400, &rem); + minute = rem / 60; + rem -= minute * 60; ds->days = cpu_to_be32(days); ds->mins = cpu_to_be32(minute); - ds->ticks = cpu_to_be32(secs * 50); + ds->ticks = cpu_to_be32(rem * 50); } umode_t diff --git a/fs/affs/super.c b/fs/affs/super.c index 5b50c4ca43a7dd..8836df5f1e1118 100644 --- a/fs/affs/super.c +++ b/fs/affs/super.c @@ -32,7 +32,7 @@ affs_commit_super(struct super_block *sb, int wait) struct affs_root_tail *tail = AFFS_ROOT_TAIL(sb, bh); lock_buffer(bh); - secs_to_datestamp(get_seconds(), &tail->disk_change); + secs_to_datestamp(ktime_get_real_seconds(), &tail->disk_change); affs_fix_checksum(sb, bh); unlock_buffer(bh); From bbddca8e8fac07ece3938e03526b5d00fa791a4c Mon Sep 17 00:00:00 2001 From: NeilBrown Date: Thu, 7 Jan 2016 16:08:20 -0500 Subject: [PATCH 63/63] nfsd: don't hold i_mutex over userspace upcalls We need information about exports when crossing mountpoints during lookup or NFSv4 readdir. If we don't already have that information cached, we may have to ask (and wait for) rpc.mountd. In both cases we currently hold the i_mutex on the parent of the directory we're asking rpc.mountd about. We've seen situations where rpc.mountd performs some operation on that directory that tries to take the i_mutex again, resulting in deadlock. With some care, we may be able to avoid that in rpc.mountd. But it seems better just to avoid holding a mutex while waiting on userspace. It appears that lookup_one_len is pretty much the only operation that needs the i_mutex. So we could just drop the i_mutex elsewhere and do something like mutex_lock() lookup_one_len() mutex_unlock() In many cases though the lookup would have been cached and not required the i_mutex, so it's more efficient to create a lookup_one_len() variant that only takes the i_mutex when necessary. Signed-off-by: NeilBrown Signed-off-by: J. Bruce Fields Signed-off-by: Al Viro --- fs/namei.c | 71 +++++++++++++++++++++++++++++++++++++++++++ fs/nfsd/nfs3xdr.c | 2 +- fs/nfsd/nfs4xdr.c | 8 ++--- fs/nfsd/vfs.c | 23 ++++++-------- include/linux/namei.h | 1 + 5 files changed, 86 insertions(+), 19 deletions(-) diff --git a/fs/namei.c b/fs/namei.c index 45c702edce3c06..1067f7a0287ab1 100644 --- a/fs/namei.c +++ b/fs/namei.c @@ -2272,6 +2272,8 @@ EXPORT_SYMBOL(vfs_path_lookup); * * Note that this routine is purely a helper for filesystem usage and should * not be called by generic code. + * + * The caller must hold base->i_mutex. */ struct dentry *lookup_one_len(const char *name, struct dentry *base, int len) { @@ -2315,6 +2317,75 @@ struct dentry *lookup_one_len(const char *name, struct dentry *base, int len) } EXPORT_SYMBOL(lookup_one_len); +/** + * lookup_one_len_unlocked - filesystem helper to lookup single pathname component + * @name: pathname component to lookup + * @base: base directory to lookup from + * @len: maximum length @len should be interpreted to + * + * Note that this routine is purely a helper for filesystem usage and should + * not be called by generic code. + * + * Unlike lookup_one_len, it should be called without the parent + * i_mutex held, and will take the i_mutex itself if necessary. + */ +struct dentry *lookup_one_len_unlocked(const char *name, + struct dentry *base, int len) +{ + struct qstr this; + unsigned int c; + int err; + struct dentry *ret; + + this.name = name; + this.len = len; + this.hash = full_name_hash(name, len); + if (!len) + return ERR_PTR(-EACCES); + + if (unlikely(name[0] == '.')) { + if (len < 2 || (len == 2 && name[1] == '.')) + return ERR_PTR(-EACCES); + } + + while (len--) { + c = *(const unsigned char *)name++; + if (c == '/' || c == '\0') + return ERR_PTR(-EACCES); + } + /* + * See if the low-level filesystem might want + * to use its own hash.. + */ + if (base->d_flags & DCACHE_OP_HASH) { + int err = base->d_op->d_hash(base, &this); + if (err < 0) + return ERR_PTR(err); + } + + err = inode_permission(base->d_inode, MAY_EXEC); + if (err) + return ERR_PTR(err); + + /* + * __d_lookup() is used to try to get a quick answer and avoid the + * mutex. A false-negative does no harm. + */ + ret = __d_lookup(base, &this); + if (ret && unlikely(ret->d_flags & DCACHE_OP_REVALIDATE)) { + dput(ret); + ret = NULL; + } + if (ret) + return ret; + + mutex_lock(&base->d_inode->i_mutex); + ret = __lookup_hash(&this, base, 0); + mutex_unlock(&base->d_inode->i_mutex); + return ret; +} +EXPORT_SYMBOL(lookup_one_len_unlocked); + int user_path_at_empty(int dfd, const char __user *name, unsigned flags, struct path *path, int *empty) { diff --git a/fs/nfsd/nfs3xdr.c b/fs/nfsd/nfs3xdr.c index 00575d776d91f5..2246454dec7654 100644 --- a/fs/nfsd/nfs3xdr.c +++ b/fs/nfsd/nfs3xdr.c @@ -823,7 +823,7 @@ compose_entry_fh(struct nfsd3_readdirres *cd, struct svc_fh *fhp, } else dchild = dget(dparent); } else - dchild = lookup_one_len(name, dparent, namlen); + dchild = lookup_one_len_unlocked(name, dparent, namlen); if (IS_ERR(dchild)) return rv; if (d_mountpoint(dchild)) diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c index 51c9e9ca39a4d7..325521ce389adb 100644 --- a/fs/nfsd/nfs4xdr.c +++ b/fs/nfsd/nfs4xdr.c @@ -2838,14 +2838,14 @@ nfsd4_encode_dirent_fattr(struct xdr_stream *xdr, struct nfsd4_readdir *cd, __be32 nfserr; int ignore_crossmnt = 0; - dentry = lookup_one_len(name, cd->rd_fhp->fh_dentry, namlen); + dentry = lookup_one_len_unlocked(name, cd->rd_fhp->fh_dentry, namlen); if (IS_ERR(dentry)) return nfserrno(PTR_ERR(dentry)); if (d_really_is_negative(dentry)) { /* - * nfsd_buffered_readdir drops the i_mutex between - * readdir and calling this callback, leaving a window - * where this directory entry could have gone away. + * we're not holding the i_mutex here, so there's + * a window where this directory entry could have gone + * away. */ dput(dentry); return nfserr_noent; diff --git a/fs/nfsd/vfs.c b/fs/nfsd/vfs.c index 994d66fbb4467a..4212aaacbb5537 100644 --- a/fs/nfsd/vfs.c +++ b/fs/nfsd/vfs.c @@ -217,10 +217,16 @@ nfsd_lookup_dentry(struct svc_rqst *rqstp, struct svc_fh *fhp, host_err = PTR_ERR(dentry); if (IS_ERR(dentry)) goto out_nfserr; - /* - * check if we have crossed a mount point ... - */ if (nfsd_mountpoint(dentry, exp)) { + /* + * We don't need the i_mutex after all. It's + * still possible we could open this (regular + * files can be mountpoints too), but the + * i_mutex is just there to prevent renames of + * something that we might be about to delegate, + * and a mountpoint won't be renamed: + */ + fh_unlock(fhp); if ((host_err = nfsd_cross_mnt(rqstp, &dentry, &exp))) { dput(dentry); goto out_nfserr; @@ -1809,7 +1815,6 @@ static __be32 nfsd_buffered_readdir(struct file *file, nfsd_filldir_t func, offset = *offsetp; while (1) { - struct inode *dir_inode = file_inode(file); unsigned int reclen; cdp->err = nfserr_eof; /* will be cleared on successful read */ @@ -1828,15 +1833,6 @@ static __be32 nfsd_buffered_readdir(struct file *file, nfsd_filldir_t func, if (!size) break; - /* - * Various filldir functions may end up calling back into - * lookup_one_len() and the file system's ->lookup() method. - * These expect i_mutex to be held, as it would within readdir. - */ - host_err = mutex_lock_killable(&dir_inode->i_mutex); - if (host_err) - break; - de = (struct buffered_dirent *)buf.dirent; while (size > 0) { offset = de->offset; @@ -1853,7 +1849,6 @@ static __be32 nfsd_buffered_readdir(struct file *file, nfsd_filldir_t func, size -= reclen; de = (struct buffered_dirent *)((char *)de + reclen); } - mutex_unlock(&dir_inode->i_mutex); if (size > 0) /* We bailed out early */ break; diff --git a/include/linux/namei.h b/include/linux/namei.h index d8c6334cd15005..d0f25d81b46a6c 100644 --- a/include/linux/namei.h +++ b/include/linux/namei.h @@ -77,6 +77,7 @@ extern struct dentry *kern_path_locked(const char *, struct path *); extern int kern_path_mountpoint(int, const char *, struct path *, unsigned int); extern struct dentry *lookup_one_len(const char *, struct dentry *, int); +extern struct dentry *lookup_one_len_unlocked(const char *, struct dentry *, int); extern int follow_down_one(struct path *); extern int follow_down(struct path *);