Merge branch 'work.compat' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs

Pull compat updates from Al Viro:
 "Some biarch patches - getting rid of assorted (mis)uses of
  compat_alloc_user_space().

  Not much in that area this cycle..."

* 'work.compat' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs:
  orangefs: simplify compat ioctl handling
  signalfd: lift sigmask copyin and size checks to callers of do_signalfd4()
  vmsplice(): lift importing iovec into vmsplice(2) and compat counterpart
This commit is contained in:
Linus Torvalds 2018-06-16 16:21:50 +09:00
commit 29d6849d88
3 changed files with 112 additions and 136 deletions

View File

@ -719,37 +719,6 @@ struct ORANGEFS_dev_map_desc32 {
__s32 count;
};
static unsigned long translate_dev_map26(unsigned long args, long *error)
{
struct ORANGEFS_dev_map_desc32 __user *p32 = (void __user *)args;
/*
* Depending on the architecture, allocate some space on the
* user-call-stack based on our expected layout.
*/
struct ORANGEFS_dev_map_desc __user *p =
compat_alloc_user_space(sizeof(*p));
compat_uptr_t addr;
*error = 0;
/* get the ptr from the 32 bit user-space */
if (get_user(addr, &p32->ptr))
goto err;
/* try to put that into a 64-bit layout */
if (put_user(compat_ptr(addr), &p->ptr))
goto err;
/* copy the remaining fields */
if (copy_in_user(&p->total_size, &p32->total_size, sizeof(__s32)))
goto err;
if (copy_in_user(&p->size, &p32->size, sizeof(__s32)))
goto err;
if (copy_in_user(&p->count, &p32->count, sizeof(__s32)))
goto err;
return (unsigned long)p;
err:
*error = -EFAULT;
return 0;
}
/*
* 32 bit user-space apps' ioctl handlers when kernel modules
* is compiled as a 64 bit one
@ -758,25 +727,26 @@ static long orangefs_devreq_compat_ioctl(struct file *filp, unsigned int cmd,
unsigned long args)
{
long ret;
unsigned long arg = args;
/* Check for properly constructed commands */
ret = check_ioctl_command(cmd);
if (ret < 0)
return ret;
if (cmd == ORANGEFS_DEV_MAP) {
/*
* convert the arguments to what we expect internally
* in kernel space
*/
arg = translate_dev_map26(args, &ret);
if (ret < 0) {
gossip_err("Could not translate dev map\n");
return ret;
}
struct ORANGEFS_dev_map_desc desc;
struct ORANGEFS_dev_map_desc32 d32;
if (copy_from_user(&d32, (void __user *)args, sizeof(d32)))
return -EFAULT;
desc.ptr = compat_ptr(d32.ptr);
desc.total_size = d32.total_size;
desc.size = d32.size;
desc.count = d32.count;
return orangefs_bufmap_initialize(&desc);
}
/* no other ioctl requires translation */
return dispatch_ioctl_command(cmd, arg);
return dispatch_ioctl_command(cmd, args);
}
#endif /* CONFIG_COMPAT is in .config */

View File

@ -259,10 +259,8 @@ static const struct file_operations signalfd_fops = {
.llseek = noop_llseek,
};
static int do_signalfd4(int ufd, sigset_t __user *user_mask, size_t sizemask,
int flags)
static int do_signalfd4(int ufd, sigset_t *mask, int flags)
{
sigset_t sigmask;
struct signalfd_ctx *ctx;
/* Check the SFD_* constants for consistency. */
@ -272,18 +270,15 @@ static int do_signalfd4(int ufd, sigset_t __user *user_mask, size_t sizemask,
if (flags & ~(SFD_CLOEXEC | SFD_NONBLOCK))
return -EINVAL;
if (sizemask != sizeof(sigset_t) ||
copy_from_user(&sigmask, user_mask, sizeof(sigmask)))
return -EINVAL;
sigdelsetmask(&sigmask, sigmask(SIGKILL) | sigmask(SIGSTOP));
signotset(&sigmask);
sigdelsetmask(mask, sigmask(SIGKILL) | sigmask(SIGSTOP));
signotset(mask);
if (ufd == -1) {
ctx = kmalloc(sizeof(*ctx), GFP_KERNEL);
if (!ctx)
return -ENOMEM;
ctx->sigmask = sigmask;
ctx->sigmask = *mask;
/*
* When we call this, the initialization must be complete, since
@ -303,7 +298,7 @@ static int do_signalfd4(int ufd, sigset_t __user *user_mask, size_t sizemask,
return -EINVAL;
}
spin_lock_irq(&current->sighand->siglock);
ctx->sigmask = sigmask;
ctx->sigmask = *mask;
spin_unlock_irq(&current->sighand->siglock);
wake_up(&current->sighand->signalfd_wqh);
@ -316,46 +311,51 @@ static int do_signalfd4(int ufd, sigset_t __user *user_mask, size_t sizemask,
SYSCALL_DEFINE4(signalfd4, int, ufd, sigset_t __user *, user_mask,
size_t, sizemask, int, flags)
{
return do_signalfd4(ufd, user_mask, sizemask, flags);
sigset_t mask;
if (sizemask != sizeof(sigset_t) ||
copy_from_user(&mask, user_mask, sizeof(mask)))
return -EINVAL;
return do_signalfd4(ufd, &mask, flags);
}
SYSCALL_DEFINE3(signalfd, int, ufd, sigset_t __user *, user_mask,
size_t, sizemask)
{
return do_signalfd4(ufd, user_mask, sizemask, 0);
sigset_t mask;
if (sizemask != sizeof(sigset_t) ||
copy_from_user(&mask, user_mask, sizeof(mask)))
return -EINVAL;
return do_signalfd4(ufd, &mask, 0);
}
#ifdef CONFIG_COMPAT
static long do_compat_signalfd4(int ufd,
const compat_sigset_t __user *sigmask,
const compat_sigset_t __user *user_mask,
compat_size_t sigsetsize, int flags)
{
sigset_t tmp;
sigset_t __user *ksigmask;
sigset_t mask;
if (sigsetsize != sizeof(compat_sigset_t))
return -EINVAL;
if (get_compat_sigset(&tmp, sigmask))
if (get_compat_sigset(&mask, user_mask))
return -EFAULT;
ksigmask = compat_alloc_user_space(sizeof(sigset_t));
if (copy_to_user(ksigmask, &tmp, sizeof(sigset_t)))
return -EFAULT;
return do_signalfd4(ufd, ksigmask, sizeof(sigset_t), flags);
return do_signalfd4(ufd, &mask, flags);
}
COMPAT_SYSCALL_DEFINE4(signalfd4, int, ufd,
const compat_sigset_t __user *, sigmask,
const compat_sigset_t __user *, user_mask,
compat_size_t, sigsetsize,
int, flags)
{
return do_compat_signalfd4(ufd, sigmask, sigsetsize, flags);
return do_compat_signalfd4(ufd, user_mask, sigsetsize, flags);
}
COMPAT_SYSCALL_DEFINE3(signalfd, int, ufd,
const compat_sigset_t __user *,sigmask,
const compat_sigset_t __user *, user_mask,
compat_size_t, sigsetsize)
{
return do_compat_signalfd4(ufd, sigmask, sigsetsize, 0);
return do_compat_signalfd4(ufd, user_mask, sigsetsize, 0);
}
#endif

View File

@ -1243,38 +1243,26 @@ static int pipe_to_user(struct pipe_inode_info *pipe, struct pipe_buffer *buf,
* For lack of a better implementation, implement vmsplice() to userspace
* as a simple copy of the pipes pages to the user iov.
*/
static long vmsplice_to_user(struct file *file, const struct iovec __user *uiov,
unsigned long nr_segs, unsigned int flags)
static long vmsplice_to_user(struct file *file, struct iov_iter *iter,
unsigned int flags)
{
struct pipe_inode_info *pipe;
struct splice_desc sd;
long ret;
struct iovec iovstack[UIO_FASTIOV];
struct iovec *iov = iovstack;
struct iov_iter iter;
struct pipe_inode_info *pipe = get_pipe_info(file);
struct splice_desc sd = {
.total_len = iov_iter_count(iter),
.flags = flags,
.u.data = iter
};
long ret = 0;
pipe = get_pipe_info(file);
if (!pipe)
return -EBADF;
ret = import_iovec(READ, uiov, nr_segs,
ARRAY_SIZE(iovstack), &iov, &iter);
if (ret < 0)
return ret;
sd.total_len = iov_iter_count(&iter);
sd.len = 0;
sd.flags = flags;
sd.u.data = &iter;
sd.pos = 0;
if (sd.total_len) {
pipe_lock(pipe);
ret = __splice_from_pipe(pipe, &sd, pipe_to_user);
pipe_unlock(pipe);
}
kfree(iov);
return ret;
}
@ -1283,14 +1271,11 @@ static long vmsplice_to_user(struct file *file, const struct iovec __user *uiov,
* as splice-from-memory, where the regular splice is splice-from-file (or
* to file). In both cases the output is a pipe, naturally.
*/
static long vmsplice_to_pipe(struct file *file, const struct iovec __user *uiov,
unsigned long nr_segs, unsigned int flags)
static long vmsplice_to_pipe(struct file *file, struct iov_iter *iter,
unsigned int flags)
{
struct pipe_inode_info *pipe;
struct iovec iovstack[UIO_FASTIOV];
struct iovec *iov = iovstack;
struct iov_iter from;
long ret;
long ret = 0;
unsigned buf_flag = 0;
if (flags & SPLICE_F_GIFT)
@ -1300,22 +1285,31 @@ static long vmsplice_to_pipe(struct file *file, const struct iovec __user *uiov,
if (!pipe)
return -EBADF;
ret = import_iovec(WRITE, uiov, nr_segs,
ARRAY_SIZE(iovstack), &iov, &from);
if (ret < 0)
return ret;
pipe_lock(pipe);
ret = wait_for_space(pipe, flags);
if (!ret)
ret = iter_to_pipe(&from, pipe, buf_flag);
ret = iter_to_pipe(iter, pipe, buf_flag);
pipe_unlock(pipe);
if (ret > 0)
wakeup_pipe_readers(pipe);
kfree(iov);
return ret;
}
static int vmsplice_type(struct fd f, int *type)
{
if (!f.file)
return -EBADF;
if (f.file->f_mode & FMODE_WRITE) {
*type = WRITE;
} else if (f.file->f_mode & FMODE_READ) {
*type = READ;
} else {
fdput(f);
return -EBADF;
}
return 0;
}
/*
* Note that vmsplice only really supports true splicing _from_ user memory
* to a pipe, not the other way around. Splicing from user memory is a simple
@ -1332,57 +1326,69 @@ static long vmsplice_to_pipe(struct file *file, const struct iovec __user *uiov,
* Currently we punt and implement it as a normal copy, see pipe_to_user().
*
*/
static long do_vmsplice(int fd, const struct iovec __user *iov,
unsigned long nr_segs, unsigned int flags)
static long do_vmsplice(struct file *f, struct iov_iter *iter, unsigned int flags)
{
struct fd f;
long error;
if (unlikely(flags & ~SPLICE_F_ALL))
return -EINVAL;
if (unlikely(nr_segs > UIO_MAXIOV))
return -EINVAL;
else if (unlikely(!nr_segs))
if (!iov_iter_count(iter))
return 0;
error = -EBADF;
f = fdget(fd);
if (f.file) {
if (f.file->f_mode & FMODE_WRITE)
error = vmsplice_to_pipe(f.file, iov, nr_segs, flags);
else if (f.file->f_mode & FMODE_READ)
error = vmsplice_to_user(f.file, iov, nr_segs, flags);
fdput(f);
if (iov_iter_rw(iter) == WRITE)
return vmsplice_to_pipe(f, iter, flags);
else
return vmsplice_to_user(f, iter, flags);
}
return error;
}
SYSCALL_DEFINE4(vmsplice, int, fd, const struct iovec __user *, iov,
SYSCALL_DEFINE4(vmsplice, int, fd, const struct iovec __user *, uiov,
unsigned long, nr_segs, unsigned int, flags)
{
return do_vmsplice(fd, iov, nr_segs, flags);
struct iovec iovstack[UIO_FASTIOV];
struct iovec *iov = iovstack;
struct iov_iter iter;
long error;
struct fd f;
int type;
f = fdget(fd);
error = vmsplice_type(f, &type);
if (error)
return error;
error = import_iovec(type, uiov, nr_segs,
ARRAY_SIZE(iovstack), &iov, &iter);
if (!error) {
error = do_vmsplice(f.file, &iter, flags);
kfree(iov);
}
fdput(f);
return error;
}
#ifdef CONFIG_COMPAT
COMPAT_SYSCALL_DEFINE4(vmsplice, int, fd, const struct compat_iovec __user *, iov32,
unsigned int, nr_segs, unsigned int, flags)
{
unsigned i;
struct iovec __user *iov;
if (nr_segs > UIO_MAXIOV)
return -EINVAL;
iov = compat_alloc_user_space(nr_segs * sizeof(struct iovec));
for (i = 0; i < nr_segs; i++) {
struct compat_iovec v;
if (get_user(v.iov_base, &iov32[i].iov_base) ||
get_user(v.iov_len, &iov32[i].iov_len) ||
put_user(compat_ptr(v.iov_base), &iov[i].iov_base) ||
put_user(v.iov_len, &iov[i].iov_len))
return -EFAULT;
struct iovec iovstack[UIO_FASTIOV];
struct iovec *iov = iovstack;
struct iov_iter iter;
long error;
struct fd f;
int type;
f = fdget(fd);
error = vmsplice_type(f, &type);
if (error)
return error;
error = compat_import_iovec(type, iov32, nr_segs,
ARRAY_SIZE(iovstack), &iov, &iter);
if (!error) {
error = do_vmsplice(f.file, &iter, flags);
kfree(iov);
}
return do_vmsplice(fd, iov, nr_segs, flags);
fdput(f);
return error;
}
#endif