From 474fe9f7f551b151222db07a968b15bf05ffe4c4 Mon Sep 17 00:00:00 2001 From: Al Viro Date: Sun, 12 Jul 2015 21:06:44 -0400 Subject: 9p/trans_virtio: don't bother with p9_tag_lookup() Just store the pointer to req instead of that to req->tc as opaque data. Signed-off-by: Al Viro diff --git a/net/9p/trans_virtio.c b/net/9p/trans_virtio.c index 6e70ddb..9fc6a56 100644 --- a/net/9p/trans_virtio.c +++ b/net/9p/trans_virtio.c @@ -143,7 +143,6 @@ static void p9_virtio_close(struct p9_client *client) static void req_done(struct virtqueue *vq) { struct virtio_chan *chan = vq->vdev->priv; - struct p9_fcall *rc; unsigned int len; struct p9_req_t *req; unsigned long flags; @@ -152,8 +151,8 @@ static void req_done(struct virtqueue *vq) while (1) { spin_lock_irqsave(&chan->lock, flags); - rc = virtqueue_get_buf(chan->vq, &len); - if (rc == NULL) { + req = virtqueue_get_buf(chan->vq, &len); + if (req == NULL) { spin_unlock_irqrestore(&chan->lock, flags); break; } @@ -161,9 +160,6 @@ static void req_done(struct virtqueue *vq) spin_unlock_irqrestore(&chan->lock, flags); /* Wakeup if anyone waiting for VirtIO ring space. */ wake_up(chan->vc_wq); - p9_debug(P9_DEBUG_TRANS, ": rc %p\n", rc); - p9_debug(P9_DEBUG_TRANS, ": lookup tag %d\n", rc->tag); - req = p9_tag_lookup(chan->client, rc->tag); p9_client_cb(chan->client, req, REQ_STATUS_RCVD); } } @@ -284,7 +280,7 @@ req_retry: if (in) sgs[out_sgs + in_sgs++] = chan->sg + out; - err = virtqueue_add_sgs(chan->vq, sgs, out_sgs, in_sgs, req->tc, + err = virtqueue_add_sgs(chan->vq, sgs, out_sgs, in_sgs, req, GFP_ATOMIC); if (err < 0) { if (err == -ENOSPC) { @@ -469,7 +465,7 @@ req_retry_pinned: } BUG_ON(out_sgs + in_sgs > ARRAY_SIZE(sgs)); - err = virtqueue_add_sgs(chan->vq, sgs, out_sgs, in_sgs, req->tc, + err = virtqueue_add_sgs(chan->vq, sgs, out_sgs, in_sgs, req, GFP_ATOMIC); if (err < 0) { if (err == -ENOSPC) { -- cgit v0.10.2 From 752343be63d90c84d275f046e43371febe217863 Mon Sep 17 00:00:00 2001 From: Rasmus Villemoes Date: Thu, 29 Oct 2015 12:01:41 +0100 Subject: fs/file.c: __const_max is actually __const_min :-) 7f4b36f9bb930 "get rid of files_defer_init()" inexplicably changed a min() to a __const_max() - but the __const_max macro actually gives the minimum... So no functional change, just less confusing naming. Signed-off-by: Rasmus Villemoes Signed-off-by: Al Viro diff --git a/fs/file.c b/fs/file.c index 39f8f15..1aed0ad 100644 --- a/fs/file.c +++ b/fs/file.c @@ -25,9 +25,9 @@ int sysctl_nr_open __read_mostly = 1024*1024; int sysctl_nr_open_min = BITS_PER_LONG; -/* our max() is unusable in constant expressions ;-/ */ -#define __const_max(x, y) ((x) < (y) ? (x) : (y)) -int sysctl_nr_open_max = __const_max(INT_MAX, ~(size_t)0/sizeof(void *)) & +/* our min() is unusable in constant expressions ;-/ */ +#define __const_min(x, y) ((x) < (y) ? (x) : (y)) +int sysctl_nr_open_max = __const_min(INT_MAX, ~(size_t)0/sizeof(void *)) & -BITS_PER_LONG; static void *alloc_fdmem(size_t size) -- cgit v0.10.2 From 42a561e56fb9b581a4adb89efe54a387e3d4dc1b Mon Sep 17 00:00:00 2001 From: Julia Lawall Date: Sat, 14 Nov 2015 13:30:34 +0100 Subject: lustre: constify inode_operations structures The inode_operations structures are never modified, so declare them as const, like all the other inode_operations structures. Done with the help of Coccinelle. Signed-off-by: Julia Lawall Signed-off-by: Al Viro diff --git a/drivers/staging/lustre/lustre/llite/file.c b/drivers/staging/lustre/lustre/llite/file.c index 02f2759..31cd6b3 100644 --- a/drivers/staging/lustre/lustre/llite/file.c +++ b/drivers/staging/lustre/lustre/llite/file.c @@ -3139,7 +3139,7 @@ struct file_operations ll_file_operations_noflock = { .lock = ll_file_noflock }; -struct inode_operations ll_file_inode_operations = { +const struct inode_operations ll_file_inode_operations = { .setattr = ll_setattr, .getattr = ll_getattr, .permission = ll_inode_permission, diff --git a/drivers/staging/lustre/lustre/llite/llite_internal.h b/drivers/staging/lustre/lustre/llite/llite_internal.h index 9096d31..6102b29 100644 --- a/drivers/staging/lustre/lustre/llite/llite_internal.h +++ b/drivers/staging/lustre/lustre/llite/llite_internal.h @@ -705,7 +705,7 @@ extern const struct address_space_operations ll_aops; extern struct file_operations ll_file_operations; extern struct file_operations ll_file_operations_flock; extern struct file_operations ll_file_operations_noflock; -extern struct inode_operations ll_file_inode_operations; +extern const struct inode_operations ll_file_inode_operations; int ll_have_md_lock(struct inode *inode, __u64 *bits, ldlm_mode_t l_req_mode); ldlm_mode_t ll_take_md_lock(struct inode *inode, __u64 bits, @@ -805,7 +805,7 @@ struct inode *search_inode_for_lustre(struct super_block *sb, const struct lu_fid *fid); /* llite/symlink.c */ -extern struct inode_operations ll_fast_symlink_inode_operations; +extern const struct inode_operations ll_fast_symlink_inode_operations; /* llite/llite_close.c */ struct ll_close_queue { diff --git a/drivers/staging/lustre/lustre/llite/symlink.c b/drivers/staging/lustre/lustre/llite/symlink.c index 69b2036..32c4cf4 100644 --- a/drivers/staging/lustre/lustre/llite/symlink.c +++ b/drivers/staging/lustre/lustre/llite/symlink.c @@ -146,7 +146,7 @@ static void ll_put_link(struct inode *unused, void *cookie) ptlrpc_req_finished(cookie); } -struct inode_operations ll_fast_symlink_inode_operations = { +const struct inode_operations ll_fast_symlink_inode_operations = { .readlink = generic_readlink, .setattr = ll_setattr, .follow_link = ll_follow_link, -- cgit v0.10.2 From 3e004eea56b4f2cb6768ebe9000c830eda0c71b1 Mon Sep 17 00:00:00 2001 From: Yaowei Bai Date: Tue, 17 Nov 2015 14:40:09 +0800 Subject: fs/block_dev.c: make sb_is_blkdev_sb return bool when CONFIG_BLOCK undefined Currently when CONFIG_BLOCK is defined sb_is_blkdev_sb returns bool, while when CONFIG_BLOCK is not defined it returns int. Let's keep consistent to make sb_is_blkdev_sb return bool as well when CONFIG_BLOCK isn't defined. No functional change. Signed-off-by: Yaowei Bai Signed-off-by: Al Viro diff --git a/include/linux/fs.h b/include/linux/fs.h index 3aa5142..11505af 100644 --- a/include/linux/fs.h +++ b/include/linux/fs.h @@ -2291,9 +2291,9 @@ static inline void iterate_bdevs(void (*f)(struct block_device *, void *), void { } -static inline int sb_is_blkdev_sb(struct super_block *sb) +static inline bool sb_is_blkdev_sb(struct super_block *sb) { - return 0; + return false; } #endif extern int sync_filesystem(struct super_block *); -- cgit v0.10.2 From 25ab4c9b1ccb64b1433cecd3f19f28fe300c1576 Mon Sep 17 00:00:00 2001 From: Yaowei Bai Date: Tue, 17 Nov 2015 14:40:10 +0800 Subject: fs/namespace.c: path_is_under can be boolean This patch makes path_is_under return bool to improve readability due to this particular function only using either one or zero as its return value. No functional change. Signed-off-by: Yaowei Bai Signed-off-by: Al Viro diff --git a/fs/namespace.c b/fs/namespace.c index 0570729..b27156f 100644 --- a/fs/namespace.c +++ b/fs/namespace.c @@ -2939,9 +2939,9 @@ bool is_path_reachable(struct mount *mnt, struct dentry *dentry, return &mnt->mnt == root->mnt && is_subdir(dentry, root->dentry); } -int path_is_under(struct path *path1, struct path *path2) +bool path_is_under(struct path *path1, struct path *path2) { - int res; + bool res; read_seqlock_excl(&mount_lock); res = is_path_reachable(real_mount(path1->mnt), path1->dentry, path2); read_sequnlock_excl(&mount_lock); diff --git a/include/linux/fs.h b/include/linux/fs.h index 11505af..aab8094 100644 --- a/include/linux/fs.h +++ b/include/linux/fs.h @@ -2533,7 +2533,7 @@ extern struct file * open_exec(const char *); /* fs/dcache.c -- generic fs support functions */ extern int is_subdir(struct dentry *, struct dentry *); -extern int path_is_under(struct path *, struct path *); +extern bool path_is_under(struct path *, struct path *); extern char *file_path(struct file *, char *, int); -- cgit v0.10.2 From a6e5787fc8fc9c88290a7bceed07aa4d14029fa7 Mon Sep 17 00:00:00 2001 From: Yaowei Bai Date: Tue, 17 Nov 2015 14:40:11 +0800 Subject: fs/dcache.c: is_subdir can be boolean This patch makes is_subdir return bool to improve readability due to this particular function only using either one or zero as its return value. No functional change. Signed-off-by: Yaowei Bai Signed-off-by: Al Viro diff --git a/fs/dcache.c b/fs/dcache.c index 5c33aeb..670f789 100644 --- a/fs/dcache.c +++ b/fs/dcache.c @@ -3303,18 +3303,18 @@ out: * @new_dentry: new dentry * @old_dentry: old dentry * - * Returns 1 if new_dentry is a subdirectory of the parent (at any depth). - * Returns 0 otherwise. + * Returns true if new_dentry is a subdirectory of the parent (at any depth). + * Returns false otherwise. * Caller must ensure that "new_dentry" is pinned before calling is_subdir() */ -int is_subdir(struct dentry *new_dentry, struct dentry *old_dentry) +bool is_subdir(struct dentry *new_dentry, struct dentry *old_dentry) { - int result; + bool result; unsigned seq; if (new_dentry == old_dentry) - return 1; + return true; do { /* for restarting inner loop in case of seq retry */ @@ -3325,9 +3325,9 @@ int is_subdir(struct dentry *new_dentry, struct dentry *old_dentry) */ rcu_read_lock(); if (d_ancestor(old_dentry, new_dentry)) - result = 1; + result = true; else - result = 0; + result = false; rcu_read_unlock(); } while (read_seqretry(&rename_lock, seq)); diff --git a/include/linux/fs.h b/include/linux/fs.h index aab8094..4b23def 100644 --- a/include/linux/fs.h +++ b/include/linux/fs.h @@ -2532,7 +2532,7 @@ extern ssize_t __kernel_write(struct file *, const char *, size_t, loff_t *); extern struct file * open_exec(const char *); /* fs/dcache.c -- generic fs support functions */ -extern int is_subdir(struct dentry *, struct dentry *); +extern bool is_subdir(struct dentry *, struct dentry *); extern bool path_is_under(struct path *, struct path *); extern char *file_path(struct file *, char *, int); -- cgit v0.10.2 From 0e3ef1fe453c9f29c30d040cd2559c5cac724e93 Mon Sep 17 00:00:00 2001 From: Yaowei Bai Date: Thu, 19 Nov 2015 21:00:11 +0800 Subject: fs/bad_inode.c: is_bad_inode can be boolean This patch makes is_bad_inode return bool to improve readability due to this particular function only using either one or zero as its return value. No functional change. Signed-off-by: Yaowei Bai Signed-off-by: Al Viro diff --git a/fs/bad_inode.c b/fs/bad_inode.c index 861b1e1..103f5d7 100644 --- a/fs/bad_inode.c +++ b/fs/bad_inode.c @@ -192,7 +192,7 @@ EXPORT_SYMBOL(make_bad_inode); * Returns true if the inode in question has been marked as bad. */ -int is_bad_inode(struct inode *inode) +bool is_bad_inode(struct inode *inode) { return (inode->i_op == &bad_inode_ops); } diff --git a/include/linux/fs.h b/include/linux/fs.h index 4b23def..6b33ac4 100644 --- a/include/linux/fs.h +++ b/include/linux/fs.h @@ -2371,7 +2371,7 @@ extern void init_special_inode(struct inode *, umode_t, dev_t); /* Invalid inode operations -- fs/bad_inode.c */ extern void make_bad_inode(struct inode *); -extern int is_bad_inode(struct inode *); +extern bool is_bad_inode(struct inode *); #ifdef CONFIG_BLOCK /* -- cgit v0.10.2 From d37177bacdf7cbcdb23a513cbb475fa241f8083c Mon Sep 17 00:00:00 2001 From: Yaowei Bai Date: Thu, 19 Nov 2015 21:00:12 +0800 Subject: fs/attr.c: is_sxid can be boolean This patch makes is_sxid return bool to improve readability due to this particular function only using either one or zero as its return value. No functional change. Signed-off-by: Yaowei Bai Signed-off-by: Al Viro diff --git a/include/linux/fs.h b/include/linux/fs.h index 6b33ac4..bd14476 100644 --- a/include/linux/fs.h +++ b/include/linux/fs.h @@ -2963,7 +2963,7 @@ int __init get_filesystem_list(char *buf); #define OPEN_FMODE(flag) ((__force fmode_t)(((flag + 1) & O_ACCMODE) | \ (flag & __FMODE_NONOTIFY))) -static inline int is_sxid(umode_t mode) +static inline bool is_sxid(umode_t mode) { return (mode & S_ISUID) || ((mode & S_ISGID) && (mode & S_IXGRP)); } -- cgit v0.10.2 From 5d9f3c7b620f6d1d9555223817bdfddfbd4b93a0 Mon Sep 17 00:00:00 2001 From: "Dmitry V. Levin" Date: Thu, 19 Nov 2015 00:57:52 +0300 Subject: vfs: show_vfsmnt: remove redundant initialization of error code As err variable is now always checked right after the first assignment, its initialization is redundant and could be safely removed. Signed-off-by: Dmitry V. Levin Signed-off-by: Al Viro diff --git a/fs/proc_namespace.c b/fs/proc_namespace.c index 8ebd9a3..1d984b5 100644 --- a/fs/proc_namespace.c +++ b/fs/proc_namespace.c @@ -95,9 +95,9 @@ static int show_vfsmnt(struct seq_file *m, struct vfsmount *mnt) { struct proc_mounts *p = m->private; struct mount *r = real_mount(mnt); - int err = 0; struct path mnt_path = { .dentry = mnt->mnt_root, .mnt = mnt }; struct super_block *sb = mnt_path.dentry->d_sb; + int err; if (sb->s_op->show_devname) { err = sb->s_op->show_devname(m, mnt_path.dentry); -- cgit v0.10.2 From 6ce4bca0adfde9ee404ce659d110f2bdeff9c13b Mon Sep 17 00:00:00 2001 From: "Dmitry V. Levin" Date: Thu, 19 Nov 2015 00:58:20 +0300 Subject: vfs: show_mountinfo: cleanup error code checks Check err variable right after each assignment. This change makes initialization of err redundant, so remove the initialization. Signed-off-by: Dmitry V. Levin Signed-off-by: Al Viro diff --git a/fs/proc_namespace.c b/fs/proc_namespace.c index 1d984b5..9363758 100644 --- a/fs/proc_namespace.c +++ b/fs/proc_namespace.c @@ -131,16 +131,17 @@ static int show_mountinfo(struct seq_file *m, struct vfsmount *mnt) struct mount *r = real_mount(mnt); struct super_block *sb = mnt->mnt_sb; struct path mnt_path = { .dentry = mnt->mnt_root, .mnt = mnt }; - int err = 0; + int err; seq_printf(m, "%i %i %u:%u ", r->mnt_id, r->mnt_parent->mnt_id, MAJOR(sb->s_dev), MINOR(sb->s_dev)); - if (sb->s_op->show_path) + if (sb->s_op->show_path) { err = sb->s_op->show_path(m, mnt->mnt_root); - else + if (err) + goto out; + } else { seq_dentry(m, mnt->mnt_root, " \t\n\\"); - if (err) - goto out; + } seq_putc(m, ' '); /* mountpoints outside of chroot jail will give SEQ_SKIP on this */ @@ -168,12 +169,13 @@ static int show_mountinfo(struct seq_file *m, struct vfsmount *mnt) seq_puts(m, " - "); show_type(m, sb); seq_putc(m, ' '); - if (sb->s_op->show_devname) + if (sb->s_op->show_devname) { err = sb->s_op->show_devname(m, mnt->mnt_root); - else + if (err) + goto out; + } else { mangle(m, r->mnt_devname ? r->mnt_devname : "none"); - if (err) - goto out; + } seq_puts(m, sb->s_flags & MS_RDONLY ? " ro" : " rw"); err = show_sb_opts(m, sb); if (err) -- cgit v0.10.2 From b896fb35ca904fe5b7765fcd81a45f09a62e8d03 Mon Sep 17 00:00:00 2001 From: "Dmitry V. Levin" Date: Thu, 19 Nov 2015 00:58:32 +0300 Subject: vfs: show_vfsstat: remove redundant initialization and check of error code As err variable is now always checked right after each assignment, its initialization is redundant and could be safely removed. For the same reason, the last check of err is also redundant and could be removed as well. Signed-off-by: Dmitry V. Levin Signed-off-by: Al Viro diff --git a/fs/proc_namespace.c b/fs/proc_namespace.c index 9363758..2256e7e 100644 --- a/fs/proc_namespace.c +++ b/fs/proc_namespace.c @@ -193,7 +193,7 @@ static int show_vfsstat(struct seq_file *m, struct vfsmount *mnt) struct mount *r = real_mount(mnt); struct path mnt_path = { .dentry = mnt->mnt_root, .mnt = mnt }; struct super_block *sb = mnt_path.dentry->d_sb; - int err = 0; + int err; /* device */ if (sb->s_op->show_devname) { @@ -222,8 +222,7 @@ static int show_vfsstat(struct seq_file *m, struct vfsmount *mnt) /* optional statistics */ if (sb->s_op->show_stats) { seq_putc(m, ' '); - if (!err) - err = sb->s_op->show_stats(m, mnt_path.dentry); + err = sb->s_op->show_stats(m, mnt_path.dentry); } seq_putc(m, '\n'); -- cgit v0.10.2 From 0125f504ed320826a78b43d636de957d703465a8 Mon Sep 17 00:00:00 2001 From: Julia Lawall Date: Sat, 21 Nov 2015 16:15:37 +0100 Subject: adfs: constify adfs_dir_ops structures The adfs_dir_ops structures are never modified, so declare them as const. Done with the help of Coccinelle. Signed-off-by: Julia Lawall Signed-off-by: Al Viro diff --git a/fs/adfs/adfs.h b/fs/adfs/adfs.h index 24575d9..ea4aba5 100644 --- a/fs/adfs/adfs.h +++ b/fs/adfs/adfs.h @@ -45,7 +45,7 @@ struct adfs_dir_ops; struct adfs_sb_info { union { struct { struct adfs_discmap *s_map; /* bh list containing map */ - struct adfs_dir_ops *s_dir; /* directory operations */ + const struct adfs_dir_ops *s_dir; /* directory operations */ }; struct rcu_head rcu; /* used only at shutdown time */ }; @@ -168,8 +168,8 @@ void __adfs_error(struct super_block *sb, const char *function, extern const struct inode_operations adfs_dir_inode_operations; extern const struct file_operations adfs_dir_operations; extern const struct dentry_operations adfs_dentry_operations; -extern struct adfs_dir_ops adfs_f_dir_ops; -extern struct adfs_dir_ops adfs_fplus_dir_ops; +extern const struct adfs_dir_ops adfs_f_dir_ops; +extern const struct adfs_dir_ops adfs_fplus_dir_ops; extern int adfs_dir_update(struct super_block *sb, struct object_info *obj, int wait); diff --git a/fs/adfs/dir.c b/fs/adfs/dir.c index 51c279a..fd4cf2c 100644 --- a/fs/adfs/dir.c +++ b/fs/adfs/dir.c @@ -21,7 +21,7 @@ adfs_readdir(struct file *file, struct dir_context *ctx) { struct inode *inode = file_inode(file); struct super_block *sb = inode->i_sb; - struct adfs_dir_ops *ops = ADFS_SB(sb)->s_dir; + const struct adfs_dir_ops *ops = ADFS_SB(sb)->s_dir; struct object_info obj; struct adfs_dir dir; int ret = 0; @@ -69,7 +69,7 @@ adfs_dir_update(struct super_block *sb, struct object_info *obj, int wait) { int ret = -EINVAL; #ifdef CONFIG_ADFS_FS_RW - struct adfs_dir_ops *ops = ADFS_SB(sb)->s_dir; + const struct adfs_dir_ops *ops = ADFS_SB(sb)->s_dir; struct adfs_dir dir; printk(KERN_INFO "adfs_dir_update: object %06X in dir %06X\n", @@ -129,7 +129,7 @@ static int adfs_dir_lookup_byname(struct inode *inode, struct qstr *name, struct object_info *obj) { struct super_block *sb = inode->i_sb; - struct adfs_dir_ops *ops = ADFS_SB(sb)->s_dir; + const struct adfs_dir_ops *ops = ADFS_SB(sb)->s_dir; struct adfs_dir dir; int ret; diff --git a/fs/adfs/dir_f.c b/fs/adfs/dir_f.c index 4bbe853..0fbfd0b 100644 --- a/fs/adfs/dir_f.c +++ b/fs/adfs/dir_f.c @@ -476,7 +476,7 @@ adfs_f_free(struct adfs_dir *dir) dir->sb = NULL; } -struct adfs_dir_ops adfs_f_dir_ops = { +const struct adfs_dir_ops adfs_f_dir_ops = { .read = adfs_f_read, .setpos = adfs_f_setpos, .getnext = adfs_f_getnext, diff --git a/fs/adfs/dir_fplus.c b/fs/adfs/dir_fplus.c index 82d14cd..c92cfb6 100644 --- a/fs/adfs/dir_fplus.c +++ b/fs/adfs/dir_fplus.c @@ -256,7 +256,7 @@ adfs_fplus_free(struct adfs_dir *dir) dir->sb = NULL; } -struct adfs_dir_ops adfs_fplus_dir_ops = { +const struct adfs_dir_ops adfs_fplus_dir_ops = { .read = adfs_fplus_read, .setpos = adfs_fplus_setpos, .getnext = adfs_fplus_getnext, -- cgit v0.10.2 From 03927c8acb63100046260711c06ba28b6b5936fb Mon Sep 17 00:00:00 2001 From: Arnd Bergmann Date: Wed, 25 Nov 2015 16:22:25 +0100 Subject: coredump: Use 64bit time for unix time of coredump struct timeval on 32-bit systems will have its tv_sec value overflow in year 2038 and beyond. Use a 64 bit value to print time of the coredump in seconds. ktime_get_real_seconds is chosen here for efficiency reasons. Suggested by: Arnd Bergmann Signed-off-by: Tina Ruchandani Signed-off-by: Arnd Bergmann Signed-off-by: Al Viro diff --git a/fs/coredump.c b/fs/coredump.c index 1777331..b3c153c 100644 --- a/fs/coredump.c +++ b/fs/coredump.c @@ -32,6 +32,7 @@ #include #include #include +#include #include #include @@ -232,9 +233,10 @@ static int format_corename(struct core_name *cn, struct coredump_params *cprm) break; /* UNIX time of coredump */ case 't': { - struct timeval tv; - do_gettimeofday(&tv); - err = cn_printf(cn, "%lu", tv.tv_sec); + time64_t time; + + time = ktime_get_real_seconds(); + err = cn_printf(cn, "%lld", time); break; } /* hostname */ -- cgit v0.10.2 From dfbf53ed548e838ab933d1a7072ffc38cba3bae8 Mon Sep 17 00:00:00 2001 From: Al Viro Date: Thu, 26 Nov 2015 23:24:14 -0500 Subject: vgaarb: remove bogus checks neither ->release() nor ->poll() can be called unless ->open() has succeeded on the same struct file, so checking for "has open() failed" is pointless. What's more, ->poll() doesn't return -E... - it always returns a bitmap of POLL... values, so the dead code in that one had been actively bogus. Signed-off-by: Al Viro diff --git a/drivers/gpu/vga/vgaarb.c b/drivers/gpu/vga/vgaarb.c index 3166e4b..de083aa 100644 --- a/drivers/gpu/vga/vgaarb.c +++ b/drivers/gpu/vga/vgaarb.c @@ -1161,12 +1161,8 @@ done: static unsigned int vga_arb_fpoll(struct file *file, poll_table *wait) { - struct vga_arb_private *priv = file->private_data; - pr_debug("%s\n", __func__); - if (priv == NULL) - return -ENODEV; poll_wait(file, &vga_wait_queue, wait); return POLLIN; } @@ -1207,9 +1203,6 @@ static int vga_arb_release(struct inode *inode, struct file *file) pr_debug("%s\n", __func__); - if (priv == NULL) - return -ENODEV; - spin_lock_irqsave(&vga_user_lock, flags); list_del(&priv->list); for (i = 0; i < MAX_USER_CARDS; i++) { -- cgit v0.10.2 From 57e3715cfa3fb01581555934d7191f8eabf740f4 Mon Sep 17 00:00:00 2001 From: Mike Marshall Date: Mon, 30 Nov 2015 11:11:59 -0500 Subject: typo in fs/namei.c comment Signed-off-by: Al Viro diff --git a/fs/namei.c b/fs/namei.c index 0c3974c..e818ed1 100644 --- a/fs/namei.c +++ b/fs/namei.c @@ -657,7 +657,7 @@ static bool legitimize_links(struct nameidata *nd) * Path walking has 2 modes, rcu-walk and ref-walk (see * Documentation/filesystems/path-lookup.txt). In situations when we can't * continue in RCU mode, we attempt to drop out of rcu-walk mode and grab - * normal reference counts on dentries and vfsmounts to transition to rcu-walk + * normal reference counts on dentries and vfsmounts to transition to ref-walk * mode. Refcounts are grabbed at the last known good point before rcu-walk * got stuck, so ref-walk may continue from there. If this is not successful * (eg. a seqcount has changed), then failure is returned and it's up to caller -- cgit v0.10.2 From 886f56f970f9c1563503cd71a572ba082b6a035b Mon Sep 17 00:00:00 2001 From: Al Viro Date: Sat, 5 Dec 2015 03:56:06 -0500 Subject: f2fs: it's umode_t, not mode_t... Signed-off-by: Al Viro diff --git a/fs/f2fs/f2fs.h b/fs/f2fs/f2fs.h index 9db5500..ec6067c 100644 --- a/fs/f2fs/f2fs.h +++ b/fs/f2fs/f2fs.h @@ -1602,13 +1602,11 @@ static inline bool is_dot_dotdot(const struct qstr *str) static inline bool f2fs_may_extent_tree(struct inode *inode) { - mode_t mode = inode->i_mode; - if (!test_opt(F2FS_I_SB(inode), EXTENT_CACHE) || is_inode_flag_set(F2FS_I(inode), FI_NO_EXTENT)) return false; - return S_ISREG(mode); + return S_ISREG(inode->i_mode); } static inline void *f2fs_kvmalloc(size_t size, gfp_t flags) @@ -2121,7 +2119,7 @@ static inline int f2fs_sb_has_crypto(struct super_block *sb) static inline bool f2fs_may_encrypt(struct inode *inode) { #ifdef CONFIG_F2FS_FS_ENCRYPTION - mode_t mode = inode->i_mode; + umode_t mode = inode->i_mode; return (S_ISREG(mode) || S_ISDIR(mode) || S_ISLNK(mode)); #else -- cgit v0.10.2 From 0e81ba231239b58c8b17dca18c6345c13e793824 Mon Sep 17 00:00:00 2001 From: Al Viro Date: Sat, 5 Dec 2015 18:23:48 -0500 Subject: don't opencode iget_failed() Signed-off-by: Al Viro diff --git a/drivers/staging/lustre/lustre/llite/namei.c b/drivers/staging/lustre/lustre/llite/namei.c index 2ca2200..64db5e8 100644 --- a/drivers/staging/lustre/lustre/llite/namei.c +++ b/drivers/staging/lustre/lustre/llite/namei.c @@ -126,9 +126,7 @@ struct inode *ll_iget(struct super_block *sb, ino_t hash, rc = cl_file_inode_init(inode, md); } if (rc != 0) { - make_bad_inode(inode); - unlock_new_inode(inode); - iput(inode); + iget_failed(inode); inode = ERR_PTR(rc); } else unlock_new_inode(inode); diff --git a/fs/ecryptfs/inode.c b/fs/ecryptfs/inode.c index e2e47ba..92c5dae 100644 --- a/fs/ecryptfs/inode.c +++ b/fs/ecryptfs/inode.c @@ -282,9 +282,7 @@ ecryptfs_create(struct inode *directory_inode, struct dentry *ecryptfs_dentry, if (rc) { ecryptfs_do_unlink(directory_inode, ecryptfs_dentry, ecryptfs_inode); - make_bad_inode(ecryptfs_inode); - unlock_new_inode(ecryptfs_inode); - iput(ecryptfs_inode); + iget_failed(ecryptfs_inode); goto out; } unlock_new_inode(ecryptfs_inode); -- cgit v0.10.2 From 9e6697e26f9888cdb6088664d31c3772b0dff0a4 Mon Sep 17 00:00:00 2001 From: Al Viro Date: Sat, 5 Dec 2015 20:07:21 -0500 Subject: namei.c: fold set_root_rcu() into set_root() Signed-off-by: Al Viro diff --git a/fs/namei.c b/fs/namei.c index e818ed1..f89fe5f 100644 --- a/fs/namei.c +++ b/fs/namei.c @@ -807,19 +807,19 @@ static int complete_walk(struct nameidata *nd) static void set_root(struct nameidata *nd) { - get_fs_root(current->fs, &nd->root); -} - -static void set_root_rcu(struct nameidata *nd) -{ struct fs_struct *fs = current->fs; - unsigned seq; - do { - seq = read_seqcount_begin(&fs->seq); - nd->root = fs->root; - nd->root_seq = __read_seqcount_begin(&nd->root.dentry->d_seq); - } while (read_seqcount_retry(&fs->seq, seq)); + if (nd->flags & LOOKUP_RCU) { + unsigned seq; + + do { + seq = read_seqcount_begin(&fs->seq); + nd->root = fs->root; + nd->root_seq = __read_seqcount_begin(&nd->root.dentry->d_seq); + } while (read_seqcount_retry(&fs->seq, seq)); + } else { + get_fs_root(fs, &nd->root); + } } static void path_put_conditional(struct path *path, struct nameidata *nd) @@ -1015,10 +1015,10 @@ const char *get_link(struct nameidata *nd) } } if (*res == '/') { + if (!nd->root.mnt) + set_root(nd); if (nd->flags & LOOKUP_RCU) { struct dentry *d; - if (!nd->root.mnt) - set_root_rcu(nd); nd->path = nd->root; d = nd->path.dentry; nd->inode = d->d_inode; @@ -1026,8 +1026,6 @@ const char *get_link(struct nameidata *nd) if (unlikely(read_seqcount_retry(&d->d_seq, nd->seq))) return ERR_PTR(-ECHILD); } else { - if (!nd->root.mnt) - set_root(nd); path_put(&nd->path); nd->path = nd->root; path_get(&nd->root); @@ -1294,8 +1292,6 @@ static bool __follow_mount_rcu(struct nameidata *nd, struct path *path, static int follow_dotdot_rcu(struct nameidata *nd) { struct inode *inode = nd->inode; - if (!nd->root.mnt) - set_root_rcu(nd); while (1) { if (path_equal(&nd->path, &nd->root)) @@ -1415,9 +1411,6 @@ static void follow_mount(struct path *path) static int follow_dotdot(struct nameidata *nd) { - if (!nd->root.mnt) - set_root(nd); - while(1) { struct dentry *old = nd->path.dentry; @@ -1655,6 +1648,8 @@ static inline int may_lookup(struct nameidata *nd) static inline int handle_dots(struct nameidata *nd, int type) { if (type == LAST_DOTDOT) { + if (!nd->root.mnt) + set_root(nd); if (nd->flags & LOOKUP_RCU) { return follow_dotdot_rcu(nd); } else @@ -2023,15 +2018,16 @@ static const char *path_init(struct nameidata *nd, unsigned flags) nd->m_seq = read_seqbegin(&mount_lock); if (*s == '/') { - if (flags & LOOKUP_RCU) { + if (flags & LOOKUP_RCU) rcu_read_lock(); - set_root_rcu(nd); + set_root(nd); + if (flags & LOOKUP_RCU) { nd->seq = nd->root_seq; + nd->path = nd->root; } else { - set_root(nd); path_get(&nd->root); + nd->path = nd->root; } - nd->path = nd->root; } else if (nd->dfd == AT_FDCWD) { if (flags & LOOKUP_RCU) { struct fs_struct *fs = current->fs; -- cgit v0.10.2 From ef55d91700d54f29b9ac301658b5b8f377ef3206 Mon Sep 17 00:00:00 2001 From: Al Viro Date: Sat, 5 Dec 2015 20:25:06 -0500 Subject: path_init(): set nd->inode earlier in cwd-relative case that allows to kill the recheck of nd->seq on the way out in this case, and this check on the way out is left only for absolute pathnames. Signed-off-by: Al Viro diff --git a/fs/namei.c b/fs/namei.c index f89fe5f..a08018b 100644 --- a/fs/namei.c +++ b/fs/namei.c @@ -2028,6 +2028,15 @@ static const char *path_init(struct nameidata *nd, unsigned flags) path_get(&nd->root); nd->path = nd->root; } + nd->inode = nd->path.dentry->d_inode; + if (!(flags & LOOKUP_RCU)) + return s; + if (likely(!read_seqcount_retry(&nd->path.dentry->d_seq, nd->seq))) + return s; + if (!(nd->flags & LOOKUP_ROOT)) + nd->root.mnt = NULL; + rcu_read_unlock(); + return ERR_PTR(-ECHILD); } else if (nd->dfd == AT_FDCWD) { if (flags & LOOKUP_RCU) { struct fs_struct *fs = current->fs; @@ -2038,11 +2047,14 @@ static const char *path_init(struct nameidata *nd, unsigned flags) do { seq = read_seqcount_begin(&fs->seq); nd->path = fs->pwd; + nd->inode = nd->path.dentry->d_inode; nd->seq = __read_seqcount_begin(&nd->path.dentry->d_seq); } while (read_seqcount_retry(&fs->seq, seq)); } else { get_fs_pwd(current->fs, &nd->path); + nd->inode = nd->path.dentry->d_inode; } + return s; } else { /* Caller must check execute permissions on the starting path component */ struct fd f = fdget_raw(nd->dfd); @@ -2072,16 +2084,6 @@ static const char *path_init(struct nameidata *nd, unsigned flags) fdput(f); return s; } - - nd->inode = nd->path.dentry->d_inode; - if (!(flags & LOOKUP_RCU)) - return s; - if (likely(!read_seqcount_retry(&nd->path.dentry->d_seq, nd->seq))) - return s; - if (!(nd->flags & LOOKUP_ROOT)) - nd->root.mnt = NULL; - rcu_read_unlock(); - return ERR_PTR(-ECHILD); } static const char *trailing_symlink(struct nameidata *nd) -- cgit v0.10.2 From 248fb5b9557aa117f0b8c68b8cf2ce436e4d839d Mon Sep 17 00:00:00 2001 From: Al Viro Date: Sat, 5 Dec 2015 20:51:58 -0500 Subject: namei.c: take "jump to root" into a new helper ... and use it both in path_init() (for absolute pathnames) and get_link() (for absolute symlinks). Signed-off-by: Al Viro diff --git a/fs/namei.c b/fs/namei.c index a08018b..0baf64b 100644 --- a/fs/namei.c +++ b/fs/namei.c @@ -841,6 +841,26 @@ static inline void path_to_nameidata(const struct path *path, nd->path.dentry = path->dentry; } +static int nd_jump_root(struct nameidata *nd) +{ + if (nd->flags & LOOKUP_RCU) { + struct dentry *d; + nd->path = nd->root; + d = nd->path.dentry; + nd->inode = d->d_inode; + nd->seq = nd->root_seq; + if (unlikely(read_seqcount_retry(&d->d_seq, nd->seq))) + return -ECHILD; + } else { + path_put(&nd->path); + nd->path = nd->root; + path_get(&nd->path); + nd->inode = nd->path.dentry->d_inode; + } + nd->flags |= LOOKUP_JUMPED; + return 0; +} + /* * Helper to directly jump to a known parsed path from ->follow_link, * caller must have taken a reference to path beforehand. @@ -1017,21 +1037,8 @@ const char *get_link(struct nameidata *nd) if (*res == '/') { if (!nd->root.mnt) set_root(nd); - if (nd->flags & LOOKUP_RCU) { - struct dentry *d; - nd->path = nd->root; - d = nd->path.dentry; - nd->inode = d->d_inode; - nd->seq = nd->root_seq; - if (unlikely(read_seqcount_retry(&d->d_seq, nd->seq))) - return ERR_PTR(-ECHILD); - } else { - path_put(&nd->path); - nd->path = nd->root; - path_get(&nd->root); - nd->inode = nd->path.dentry->d_inode; - } - nd->flags |= LOOKUP_JUMPED; + if (unlikely(nd_jump_root(nd))) + return ERR_PTR(-ECHILD); while (unlikely(*++res == '/')) ; } @@ -2015,26 +2022,17 @@ static const char *path_init(struct nameidata *nd, unsigned flags) } nd->root.mnt = NULL; + nd->path.mnt = NULL; + nd->path.dentry = NULL; nd->m_seq = read_seqbegin(&mount_lock); if (*s == '/') { if (flags & LOOKUP_RCU) rcu_read_lock(); set_root(nd); - if (flags & LOOKUP_RCU) { - nd->seq = nd->root_seq; - nd->path = nd->root; - } else { - path_get(&nd->root); - nd->path = nd->root; - } - nd->inode = nd->path.dentry->d_inode; - if (!(flags & LOOKUP_RCU)) - return s; - if (likely(!read_seqcount_retry(&nd->path.dentry->d_seq, nd->seq))) + if (likely(!nd_jump_root(nd))) return s; - if (!(nd->flags & LOOKUP_ROOT)) - nd->root.mnt = NULL; + nd->root.mnt = NULL; rcu_read_unlock(); return ERR_PTR(-ECHILD); } else if (nd->dfd == AT_FDCWD) { -- cgit v0.10.2 From e1a63bbc40c00d5198b1c1d133b139e962f5e872 Mon Sep 17 00:00:00 2001 From: Al Viro Date: Sat, 5 Dec 2015 21:06:33 -0500 Subject: restore_nameidata(): no need to clear now->stack microoptimization: in all callers *now is in the frame we are about to leave. Signed-off-by: Al Viro diff --git a/fs/namei.c b/fs/namei.c index 0baf64b..9e102ac 100644 --- a/fs/namei.c +++ b/fs/namei.c @@ -534,10 +534,8 @@ static void restore_nameidata(void) current->nameidata = old; if (old) old->total_link_count = now->total_link_count; - if (now->stack != now->internal) { + if (now->stack != now->internal) kfree(now->stack); - now->stack = now->internal; - } } static int __nd_alloc_stack(struct nameidata *nd) -- cgit v0.10.2 From b808b1d632f6915e4d6b1badb927b2c970ad11bb Mon Sep 17 00:00:00 2001 From: Al Viro Date: Sat, 5 Dec 2015 21:39:06 -0500 Subject: don't open-code generic_file_llseek_size() Signed-off-by: Al Viro diff --git a/arch/powerpc/kernel/nvram_64.c b/arch/powerpc/kernel/nvram_64.c index 32e2652..0cab9e8 100644 --- a/arch/powerpc/kernel/nvram_64.c +++ b/arch/powerpc/kernel/nvram_64.c @@ -27,6 +27,7 @@ #include #include #include +#include #include #include #include @@ -733,24 +734,10 @@ static void oops_to_nvram(struct kmsg_dumper *dumper, static loff_t dev_nvram_llseek(struct file *file, loff_t offset, int origin) { - int size; - if (ppc_md.nvram_size == NULL) return -ENODEV; - size = ppc_md.nvram_size(); - - switch (origin) { - case 1: - offset += file->f_pos; - break; - case 2: - offset += size; - break; - } - if (offset < 0) - return -EINVAL; - file->f_pos = offset; - return file->f_pos; + return generic_file_llseek_size(file, offset, origin, MAX_LFS_FILESIZE, + ppc_md.nvram_size()); } diff --git a/drivers/char/generic_nvram.c b/drivers/char/generic_nvram.c index 6c4f4b5..073db95 100644 --- a/drivers/char/generic_nvram.c +++ b/drivers/char/generic_nvram.c @@ -20,6 +20,7 @@ #include #include #include +#include #include #include #ifdef CONFIG_PPC_PMAC @@ -33,24 +34,8 @@ static ssize_t nvram_len; static loff_t nvram_llseek(struct file *file, loff_t offset, int origin) { - switch (origin) { - case 0: - break; - case 1: - offset += file->f_pos; - break; - case 2: - offset += nvram_len; - break; - default: - offset = -1; - } - if (offset < 0) - return -EINVAL; - - file->f_pos = offset; - - return file->f_pos; + return generic_file_llseek_size(file, offset, origin, + MAX_LFS_FILESIZE, nvram_len); } static ssize_t read_nvram(struct file *file, char __user *buf, diff --git a/drivers/char/mbcs.c b/drivers/char/mbcs.c index e5d3e3f..67d4264 100644 --- a/drivers/char/mbcs.c +++ b/drivers/char/mbcs.c @@ -26,6 +26,7 @@ #include #include #include +#include #include #include #include @@ -451,31 +452,8 @@ mbcs_sram_write(struct file * fp, const char __user *buf, size_t len, loff_t * o static loff_t mbcs_sram_llseek(struct file * filp, loff_t off, int whence) { - loff_t newpos; - - switch (whence) { - case SEEK_SET: - newpos = off; - break; - - case SEEK_CUR: - newpos = filp->f_pos + off; - break; - - case SEEK_END: - newpos = MBCS_SRAM_SIZE + off; - break; - - default: /* can't happen */ - return -EINVAL; - } - - if (newpos < 0) - return -EINVAL; - - filp->f_pos = newpos; - - return newpos; + return generic_file_llseek_size(filp, off, whence, MAX_LFS_FILESIZE, + MBCS_SRAM_SIZE); } static uint64_t mbcs_pioaddr(struct mbcs_soft *soft, uint64_t offset) diff --git a/drivers/char/nvram.c b/drivers/char/nvram.c index 97c2d8d..0129232 100644 --- a/drivers/char/nvram.c +++ b/drivers/char/nvram.c @@ -110,6 +110,7 @@ #include #include #include +#include static DEFINE_MUTEX(nvram_mutex); @@ -213,21 +214,8 @@ void nvram_set_checksum(void) static loff_t nvram_llseek(struct file *file, loff_t offset, int origin) { - switch (origin) { - case 0: - /* nothing to do */ - break; - case 1: - offset += file->f_pos; - break; - case 2: - offset += NVRAM_BYTES; - break; - default: - return -EINVAL; - } - - return (offset >= 0) ? (file->f_pos = offset) : -EINVAL; + return generic_file_llseek_size(file, offset, origin, MAX_LFS_FILESIZE, + NVRAM_BYTES); } static ssize_t nvram_read(struct file *file, char __user *buf, -- cgit v0.10.2 From b25472f9b96159cc0b9b7ed449448805973cd789 Mon Sep 17 00:00:00 2001 From: Al Viro Date: Sat, 5 Dec 2015 22:04:48 -0500 Subject: new helpers: no_seek_end_llseek{,_size}() Signed-off-by: Al Viro diff --git a/arch/sparc/kernel/mdesc.c b/arch/sparc/kernel/mdesc.c index 6f80936..1122886 100644 --- a/arch/sparc/kernel/mdesc.c +++ b/arch/sparc/kernel/mdesc.c @@ -1033,25 +1033,9 @@ static ssize_t mdesc_read(struct file *file, char __user *buf, static loff_t mdesc_llseek(struct file *file, loff_t offset, int whence) { - struct mdesc_handle *hp; - - switch (whence) { - case SEEK_CUR: - offset += file->f_pos; - break; - case SEEK_SET: - break; - default: - return -EINVAL; - } - - hp = file->private_data; - if (offset > hp->handle_size) - return -EINVAL; - else - file->f_pos = offset; + struct mdesc_handle *hp = file->private_data; - return offset; + return no_seek_end_llseek_size(file, offset, whence, hp->handle_size); } /* mdesc_close() - /dev/mdesc is being closed, release the reference to diff --git a/arch/x86/kernel/cpuid.c b/arch/x86/kernel/cpuid.c index bd3507d..2836de3 100644 --- a/arch/x86/kernel/cpuid.c +++ b/arch/x86/kernel/cpuid.c @@ -58,28 +58,6 @@ static void cpuid_smp_cpuid(void *cmd_block) &cmd->eax, &cmd->ebx, &cmd->ecx, &cmd->edx); } -static loff_t cpuid_seek(struct file *file, loff_t offset, int orig) -{ - loff_t ret; - struct inode *inode = file->f_mapping->host; - - mutex_lock(&inode->i_mutex); - switch (orig) { - case 0: - file->f_pos = offset; - ret = file->f_pos; - break; - case 1: - file->f_pos += offset; - ret = file->f_pos; - break; - default: - ret = -EINVAL; - } - mutex_unlock(&inode->i_mutex); - return ret; -} - static ssize_t cpuid_read(struct file *file, char __user *buf, size_t count, loff_t *ppos) { @@ -132,7 +110,7 @@ static int cpuid_open(struct inode *inode, struct file *file) */ static const struct file_operations cpuid_fops = { .owner = THIS_MODULE, - .llseek = cpuid_seek, + .llseek = no_seek_end_llseek, .read = cpuid_read, .open = cpuid_open, }; diff --git a/arch/x86/kernel/msr.c b/arch/x86/kernel/msr.c index 113e707..64f9616 100644 --- a/arch/x86/kernel/msr.c +++ b/arch/x86/kernel/msr.c @@ -45,28 +45,6 @@ static struct class *msr_class; -static loff_t msr_seek(struct file *file, loff_t offset, int orig) -{ - loff_t ret; - struct inode *inode = file_inode(file); - - mutex_lock(&inode->i_mutex); - switch (orig) { - case SEEK_SET: - file->f_pos = offset; - ret = file->f_pos; - break; - case SEEK_CUR: - file->f_pos += offset; - ret = file->f_pos; - break; - default: - ret = -EINVAL; - } - mutex_unlock(&inode->i_mutex); - return ret; -} - static ssize_t msr_read(struct file *file, char __user *buf, size_t count, loff_t *ppos) { @@ -194,7 +172,7 @@ static int msr_open(struct inode *inode, struct file *file) */ static const struct file_operations msr_fops = { .owner = THIS_MODULE, - .llseek = msr_seek, + .llseek = no_seek_end_llseek, .read = msr_read, .write = msr_write, .open = msr_open, diff --git a/drivers/char/nwflash.c b/drivers/char/nwflash.c index e371480..dbe598d 100644 --- a/drivers/char/nwflash.c +++ b/drivers/char/nwflash.c @@ -277,36 +277,7 @@ static loff_t flash_llseek(struct file *file, loff_t offset, int orig) printk(KERN_DEBUG "flash_llseek: offset=0x%X, orig=0x%X.\n", (unsigned int) offset, orig); - switch (orig) { - case 0: - if (offset < 0) { - ret = -EINVAL; - break; - } - - if ((unsigned int) offset > gbFlashSize) { - ret = -EINVAL; - break; - } - - file->f_pos = (unsigned int) offset; - ret = file->f_pos; - break; - case 1: - if ((file->f_pos + offset) > gbFlashSize) { - ret = -EINVAL; - break; - } - if ((file->f_pos + offset) < 0) { - ret = -EINVAL; - break; - } - file->f_pos += offset; - ret = file->f_pos; - break; - default: - ret = -EINVAL; - } + ret = no_seek_end_llseek_size(file, offset, orig, gbFlashSize); mutex_unlock(&flash_mutex); return ret; } diff --git a/drivers/net/wireless/ti/wlcore/debugfs.c b/drivers/net/wireless/ti/wlcore/debugfs.c index eb43f94..be72306 100644 --- a/drivers/net/wireless/ti/wlcore/debugfs.c +++ b/drivers/net/wireless/ti/wlcore/debugfs.c @@ -1205,26 +1205,11 @@ err_out: static loff_t dev_mem_seek(struct file *file, loff_t offset, int orig) { - loff_t ret; - /* only requests of dword-aligned size and offset are supported */ if (offset % 4) return -EINVAL; - switch (orig) { - case SEEK_SET: - file->f_pos = offset; - ret = file->f_pos; - break; - case SEEK_CUR: - file->f_pos += offset; - ret = file->f_pos; - break; - default: - ret = -EINVAL; - } - - return ret; + return no_seek_end_llseek(file, offset, orig); } static const struct file_operations dev_mem_ops = { diff --git a/drivers/s390/char/vmur.c b/drivers/s390/char/vmur.c index 0efb27f..6c30e93a 100644 --- a/drivers/s390/char/vmur.c +++ b/drivers/s390/char/vmur.c @@ -782,24 +782,11 @@ static int ur_release(struct inode *inode, struct file *file) static loff_t ur_llseek(struct file *file, loff_t offset, int whence) { - loff_t newpos; - if ((file->f_flags & O_ACCMODE) != O_RDONLY) return -ESPIPE; /* seek allowed only for reader */ if (offset % PAGE_SIZE) return -ESPIPE; /* only multiples of 4K allowed */ - switch (whence) { - case 0: /* SEEK_SET */ - newpos = offset; - break; - case 1: /* SEEK_CUR */ - newpos = file->f_pos + offset; - break; - default: - return -EINVAL; - } - file->f_pos = newpos; - return newpos; + return no_seek_end_llseek(file, offset, whence); } static const struct file_operations ur_fops = { diff --git a/drivers/s390/char/zcore.c b/drivers/s390/char/zcore.c index 823f41f..3339b86 100644 --- a/drivers/s390/char/zcore.c +++ b/drivers/s390/char/zcore.c @@ -385,18 +385,7 @@ static loff_t zcore_lseek(struct file *file, loff_t offset, int orig) loff_t rc; mutex_lock(&zcore_mutex); - switch (orig) { - case 0: - file->f_pos = offset; - rc = file->f_pos; - break; - case 1: - file->f_pos += offset; - rc = file->f_pos; - break; - default: - rc = -EINVAL; - } + rc = no_seek_end_llseek(file, offset, orig); mutex_unlock(&zcore_mutex); return rc; } diff --git a/drivers/usb/core/devices.c b/drivers/usb/core/devices.c index 2a3bbdf..cffa0a0 100644 --- a/drivers/usb/core/devices.c +++ b/drivers/usb/core/devices.c @@ -661,32 +661,8 @@ static unsigned int usb_device_poll(struct file *file, return 0; } -static loff_t usb_device_lseek(struct file *file, loff_t offset, int orig) -{ - loff_t ret; - - mutex_lock(&file_inode(file)->i_mutex); - - switch (orig) { - case 0: - file->f_pos = offset; - ret = file->f_pos; - break; - case 1: - file->f_pos += offset; - ret = file->f_pos; - break; - case 2: - default: - ret = -EINVAL; - } - - mutex_unlock(&file_inode(file)->i_mutex); - return ret; -} - const struct file_operations usbfs_devices_fops = { - .llseek = usb_device_lseek, + .llseek = no_seek_end_llseek, .read = usb_device_read, .poll = usb_device_poll, }; diff --git a/drivers/usb/core/devio.c b/drivers/usb/core/devio.c index 38ae877c..dbc3e14 100644 --- a/drivers/usb/core/devio.c +++ b/drivers/usb/core/devio.c @@ -157,30 +157,6 @@ static int connected(struct usb_dev_state *ps) ps->dev->state != USB_STATE_NOTATTACHED); } -static loff_t usbdev_lseek(struct file *file, loff_t offset, int orig) -{ - loff_t ret; - - mutex_lock(&file_inode(file)->i_mutex); - - switch (orig) { - case 0: - file->f_pos = offset; - ret = file->f_pos; - break; - case 1: - file->f_pos += offset; - ret = file->f_pos; - break; - case 2: - default: - ret = -EINVAL; - } - - mutex_unlock(&file_inode(file)->i_mutex); - return ret; -} - static ssize_t usbdev_read(struct file *file, char __user *buf, size_t nbytes, loff_t *ppos) { @@ -2366,7 +2342,7 @@ static unsigned int usbdev_poll(struct file *file, const struct file_operations usbdev_file_operations = { .owner = THIS_MODULE, - .llseek = usbdev_lseek, + .llseek = no_seek_end_llseek, .read = usbdev_read, .poll = usbdev_poll, .unlocked_ioctl = usbdev_ioctl, diff --git a/drivers/usb/host/uhci-debug.c b/drivers/usb/host/uhci-debug.c index 1b28a00..9c6635d 100644 --- a/drivers/usb/host/uhci-debug.c +++ b/drivers/usb/host/uhci-debug.c @@ -584,27 +584,8 @@ static int uhci_debug_open(struct inode *inode, struct file *file) static loff_t uhci_debug_lseek(struct file *file, loff_t off, int whence) { - struct uhci_debug *up; - loff_t new = -1; - - up = file->private_data; - - /* - * XXX: atomic 64bit seek access, but that needs to be fixed in the VFS - */ - switch (whence) { - case 0: - new = off; - break; - case 1: - new = file->f_pos + off; - break; - } - - if (new < 0 || new > up->size) - return -EINVAL; - - return (file->f_pos = new); + struct uhci_debug *up = file->private_data; + return no_seek_end_llseek_size(file, off, whence, up->size); } static ssize_t uhci_debug_read(struct file *file, char __user *buf, diff --git a/drivers/usb/misc/sisusbvga/sisusb.c b/drivers/usb/misc/sisusbvga/sisusb.c index 306d685..8efbaba 100644 --- a/drivers/usb/misc/sisusbvga/sisusb.c +++ b/drivers/usb/misc/sisusbvga/sisusb.c @@ -2825,21 +2825,7 @@ sisusb_lseek(struct file *file, loff_t offset, int orig) return -ENODEV; } - switch (orig) { - case 0: - file->f_pos = offset; - ret = file->f_pos; - /* never negative, no force_successful_syscall needed */ - break; - case 1: - file->f_pos += offset; - ret = file->f_pos; - /* never negative, no force_successful_syscall needed */ - break; - default: - /* seeking relative to "end of file" is not supported */ - ret = -EINVAL; - } + ret = no_seek_end_llseek(file, offset, orig); mutex_unlock(&sisusb->lock); return ret; diff --git a/fs/read_write.c b/fs/read_write.c index 819ef3f..acb1713 100644 --- a/fs/read_write.c +++ b/fs/read_write.c @@ -171,6 +171,45 @@ loff_t fixed_size_llseek(struct file *file, loff_t offset, int whence, loff_t si EXPORT_SYMBOL(fixed_size_llseek); /** + * no_seek_end_llseek - llseek implementation for fixed-sized devices + * @file: file structure to seek on + * @offset: file offset to seek to + * @whence: type of seek + * + */ +loff_t no_seek_end_llseek(struct file *file, loff_t offset, int whence) +{ + switch (whence) { + case SEEK_SET: case SEEK_CUR: + return generic_file_llseek_size(file, offset, whence, + ~0ULL, 0); + default: + return -EINVAL; + } +} +EXPORT_SYMBOL(no_seek_end_llseek); + +/** + * no_seek_end_llseek_size - llseek implementation for fixed-sized devices + * @file: file structure to seek on + * @offset: file offset to seek to + * @whence: type of seek + * @size: maximal offset allowed + * + */ +loff_t no_seek_end_llseek_size(struct file *file, loff_t offset, int whence, loff_t size) +{ + switch (whence) { + case SEEK_SET: case SEEK_CUR: + return generic_file_llseek_size(file, offset, whence, + size, 0); + default: + return -EINVAL; + } +} +EXPORT_SYMBOL(no_seek_end_llseek_size); + +/** * noop_llseek - No Operation Performed llseek implementation * @file: file structure to seek on * @offset: file offset to seek to diff --git a/include/linux/fs.h b/include/linux/fs.h index bd14476..fb0fa22 100644 --- a/include/linux/fs.h +++ b/include/linux/fs.h @@ -2660,6 +2660,8 @@ extern loff_t generic_file_llseek_size(struct file *file, loff_t offset, int whence, loff_t maxsize, loff_t eof); extern loff_t fixed_size_llseek(struct file *file, loff_t offset, int whence, loff_t size); +extern loff_t no_seek_end_llseek_size(struct file *, loff_t, int, loff_t); +extern loff_t no_seek_end_llseek(struct file *, loff_t, int); extern int generic_file_open(struct inode * inode, struct file * filp); extern int nonseekable_open(struct inode * inode, struct file * filp); -- cgit v0.10.2 From c62432b40b5e03c25faf2c8f8547bba4908b8945 Mon Sep 17 00:00:00 2001 From: Al Viro Date: Sun, 6 Dec 2015 12:18:55 -0500 Subject: [mips] switch pvc_proc_cleanup() to remove_proc_subtree() Signed-off-by: Al Viro diff --git a/arch/mips/lasat/picvue_proc.c b/arch/mips/lasat/picvue_proc.c index 2bcd839..b420958 100644 --- a/arch/mips/lasat/picvue_proc.c +++ b/arch/mips/lasat/picvue_proc.c @@ -22,7 +22,6 @@ static DEFINE_MUTEX(pvc_mutex); static char pvc_lines[PVC_NLINES][PVC_LINELEN+1]; static int pvc_linedata[PVC_NLINES]; -static struct proc_dir_entry *pvc_display_dir; static char *pvc_linename[PVC_NLINES] = {"line1", "line2"}; #define DISPLAY_DIR_NAME "display" static int scroll_dir, scroll_interval; @@ -169,22 +168,17 @@ void pvc_proc_timerfunc(unsigned long data) static void pvc_proc_cleanup(void) { - int i; - for (i = 0; i < PVC_NLINES; i++) - remove_proc_entry(pvc_linename[i], pvc_display_dir); - remove_proc_entry("scroll", pvc_display_dir); - remove_proc_entry(DISPLAY_DIR_NAME, NULL); - + remove_proc_subtree(DISPLAY_DIR_NAME, NULL); del_timer_sync(&timer); } static int __init pvc_proc_init(void) { - struct proc_dir_entry *proc_entry; + struct proc_dir_entry *dir, *proc_entry; int i; - pvc_display_dir = proc_mkdir(DISPLAY_DIR_NAME, NULL); - if (pvc_display_dir == NULL) + dir = proc_mkdir(DISPLAY_DIR_NAME, NULL); + if (dir == NULL) goto error; for (i = 0; i < PVC_NLINES; i++) { @@ -192,12 +186,12 @@ static int __init pvc_proc_init(void) pvc_linedata[i] = i; } for (i = 0; i < PVC_NLINES; i++) { - proc_entry = proc_create_data(pvc_linename[i], 0644, pvc_display_dir, + proc_entry = proc_create_data(pvc_linename[i], 0644, dir, &pvc_line_proc_fops, &pvc_linedata[i]); if (proc_entry == NULL) goto error; } - proc_entry = proc_create("scroll", 0644, pvc_display_dir, + proc_entry = proc_create("scroll", 0644, dir, &pvc_scroll_proc_fops); if (proc_entry == NULL) goto error; -- cgit v0.10.2 From e9d408e107db9a554b36c3a79f67b37dd3e16da0 Mon Sep 17 00:00:00 2001 From: Al Viro Date: Thu, 24 Dec 2015 00:06:05 -0500 Subject: new helper: memdup_user_nul() Similar to memdup_user(), except that allocated buffer is one byte longer and '\0' is stored after the copied data. Signed-off-by: Al Viro diff --git a/include/linux/string.h b/include/linux/string.h index 9ef7795..9eebc66 100644 --- a/include/linux/string.h +++ b/include/linux/string.h @@ -10,6 +10,7 @@ extern char *strndup_user(const char __user *, long); extern void *memdup_user(const void __user *, size_t); +extern void *memdup_user_nul(const void __user *, size_t); /* * Include machine specific inline routines diff --git a/mm/util.c b/mm/util.c index 9af1c12..2d28f79 100644 --- a/mm/util.c +++ b/mm/util.c @@ -176,6 +176,37 @@ char *strndup_user(const char __user *s, long n) } EXPORT_SYMBOL(strndup_user); +/** + * memdup_user_nul - duplicate memory region from user space and NUL-terminate + * + * @src: source address in user space + * @len: number of bytes to copy + * + * Returns an ERR_PTR() on failure. + */ +void *memdup_user_nul(const void __user *src, size_t len) +{ + char *p; + + /* + * Always use GFP_KERNEL, since copy_from_user() can sleep and + * cause pagefault, which makes it pointless to use GFP_NOFS + * or GFP_ATOMIC. + */ + p = kmalloc_track_caller(len + 1, GFP_KERNEL); + if (!p) + return ERR_PTR(-ENOMEM); + + if (copy_from_user(p, src, len)) { + kfree(p); + return ERR_PTR(-EFAULT); + } + p[len] = '\0'; + + return p; +} +EXPORT_SYMBOL(memdup_user_nul); + void __vma_link_list(struct mm_struct *mm, struct vm_area_struct *vma, struct vm_area_struct *prev, struct rb_node *rb_parent) { -- cgit v0.10.2 From 16e5c1fc36040e592128a164499bc25eb138a80f Mon Sep 17 00:00:00 2001 From: Al Viro Date: Thu, 24 Dec 2015 00:06:05 -0500 Subject: convert a bunch of open-coded instances of memdup_user_nul() A _lot_ of ->write() instances were open-coding it; some are converted to memdup_user_nul(), a lot more remain... Signed-off-by: Al Viro diff --git a/arch/xtensa/platforms/iss/simdisk.c b/arch/xtensa/platforms/iss/simdisk.c index 3c3ace2..f58a4e6 100644 --- a/arch/xtensa/platforms/iss/simdisk.c +++ b/arch/xtensa/platforms/iss/simdisk.c @@ -227,16 +227,12 @@ static ssize_t proc_read_simdisk(struct file *file, char __user *buf, static ssize_t proc_write_simdisk(struct file *file, const char __user *buf, size_t count, loff_t *ppos) { - char *tmp = kmalloc(count + 1, GFP_KERNEL); + char *tmp = memdup_user_nul(buf, count); struct simdisk *dev = PDE_DATA(file_inode(file)); int err; - if (tmp == NULL) - return -ENOMEM; - if (copy_from_user(tmp, buf, count)) { - err = -EFAULT; - goto out_free; - } + if (IS_ERR(tmp)) + return PTR_ERR(tmp); err = simdisk_detach(dev); if (err != 0) @@ -244,8 +240,6 @@ static ssize_t proc_write_simdisk(struct file *file, const char __user *buf, if (count > 0 && tmp[count - 1] == '\n') tmp[count - 1] = 0; - else - tmp[count] = 0; if (tmp[0]) err = simdisk_attach(dev, tmp); diff --git a/drivers/net/wireless/ath/wil6210/debugfs.c b/drivers/net/wireless/ath/wil6210/debugfs.c index 97bc186..a1d10b8 100644 --- a/drivers/net/wireless/ath/wil6210/debugfs.c +++ b/drivers/net/wireless/ath/wil6210/debugfs.c @@ -580,16 +580,10 @@ static ssize_t wil_write_file_rxon(struct file *file, const char __user *buf, long channel; bool on; - char *kbuf = kmalloc(len + 1, GFP_KERNEL); - - if (!kbuf) - return -ENOMEM; - if (copy_from_user(kbuf, buf, len)) { - kfree(kbuf); - return -EIO; - } + char *kbuf = memdup_user_nul(buf, len); - kbuf[len] = '\0'; + if (IS_ERR(kbuf)) + return PTR_ERR(kbuf); rc = kstrtol(kbuf, 0, &channel); kfree(kbuf); if (rc) diff --git a/drivers/s390/char/vmcp.c b/drivers/s390/char/vmcp.c index 0fdedad..2a67b49 100644 --- a/drivers/s390/char/vmcp.c +++ b/drivers/s390/char/vmcp.c @@ -88,14 +88,9 @@ vmcp_write(struct file *file, const char __user *buff, size_t count, if (count > 240) return -EINVAL; - cmd = kmalloc(count + 1, GFP_KERNEL); - if (!cmd) - return -ENOMEM; - if (copy_from_user(cmd, buff, count)) { - kfree(cmd); - return -EFAULT; - } - cmd[count] = '\0'; + cmd = memdup_user_nul(buff, count); + if (IS_ERR(cmd)) + return PTR_ERR(cmd); session = file->private_data; if (mutex_lock_interruptible(&session->mutex)) { kfree(cmd); diff --git a/drivers/sbus/char/openprom.c b/drivers/sbus/char/openprom.c index 5843288..e077ebd 100644 --- a/drivers/sbus/char/openprom.c +++ b/drivers/sbus/char/openprom.c @@ -390,16 +390,9 @@ static int copyin_string(char __user *user, size_t len, char **ptr) if ((ssize_t)len < 0 || (ssize_t)(len + 1) < 0) return -EINVAL; - tmp = kmalloc(len + 1, GFP_KERNEL); - if (!tmp) - return -ENOMEM; - - if (copy_from_user(tmp, user, len)) { - kfree(tmp); - return -EFAULT; - } - - tmp[len] = '\0'; + tmp = memdup_user_nul(user, len); + if (IS_ERR(tmp)) + return PTR_ERR(tmp); *ptr = tmp; diff --git a/fs/afs/proc.c b/fs/afs/proc.c index 24a905b..2853b40 100644 --- a/fs/afs/proc.c +++ b/fs/afs/proc.c @@ -230,14 +230,9 @@ static ssize_t afs_proc_cells_write(struct file *file, const char __user *buf, if (size <= 1 || size >= PAGE_SIZE) return -EINVAL; - kbuf = kmalloc(size + 1, GFP_KERNEL); - if (!kbuf) - return -ENOMEM; - - ret = -EFAULT; - if (copy_from_user(kbuf, buf, size) != 0) - goto done; - kbuf[size] = 0; + kbuf = memdup_user_nul(buf, size); + if (IS_ERR(kbuf)) + return PTR_ERR(kbuf); /* trim to first NL */ name = memchr(kbuf, '\n', size); @@ -315,15 +310,9 @@ static ssize_t afs_proc_rootcell_write(struct file *file, if (size <= 1 || size >= PAGE_SIZE) return -EINVAL; - ret = -ENOMEM; - kbuf = kmalloc(size + 1, GFP_KERNEL); - if (!kbuf) - goto nomem; - - ret = -EFAULT; - if (copy_from_user(kbuf, buf, size) != 0) - goto infault; - kbuf[size] = 0; + kbuf = memdup_user_nul(buf, size); + if (IS_ERR(kbuf)) + return PTR_ERR(kbuf); /* trim to first NL */ s = memchr(kbuf, '\n', size); @@ -337,9 +326,7 @@ static ssize_t afs_proc_rootcell_write(struct file *file, if (ret >= 0) ret = size; /* consume everything, always */ -infault: kfree(kbuf); -nomem: _leave(" = %d", ret); return ret; } diff --git a/fs/cachefiles/daemon.c b/fs/cachefiles/daemon.c index f601def..452e98d 100644 --- a/fs/cachefiles/daemon.c +++ b/fs/cachefiles/daemon.c @@ -226,15 +226,9 @@ static ssize_t cachefiles_daemon_write(struct file *file, return -EOPNOTSUPP; /* drag the command string into the kernel so we can parse it */ - data = kmalloc(datalen + 1, GFP_KERNEL); - if (!data) - return -ENOMEM; - - ret = -EFAULT; - if (copy_from_user(data, _data, datalen) != 0) - goto error; - - data[datalen] = '\0'; + data = memdup_user_nul(_data, datalen); + if (IS_ERR(data)) + return PTR_ERR(data); ret = -EINVAL; if (memchr(data, '\0', datalen)) diff --git a/fs/dlm/user.c b/fs/dlm/user.c index 173b387..1925d6d 100644 --- a/fs/dlm/user.c +++ b/fs/dlm/user.c @@ -515,14 +515,9 @@ static ssize_t device_write(struct file *file, const char __user *buf, if (count > sizeof(struct dlm_write_request) + DLM_RESNAME_MAXLEN) return -EINVAL; - kbuf = kzalloc(count + 1, GFP_NOFS); - if (!kbuf) - return -ENOMEM; - - if (copy_from_user(kbuf, buf, count)) { - error = -EFAULT; - goto out_free; - } + kbuf = memdup_user_nul(buf, count); + if (!IS_ERR(kbuf)) + return PTR_ERR(kbuf); if (check_version(kbuf)) { error = -EBADE; diff --git a/kernel/trace/blktrace.c b/kernel/trace/blktrace.c index a990824..2aeb6ff 100644 --- a/kernel/trace/blktrace.c +++ b/kernel/trace/blktrace.c @@ -349,16 +349,10 @@ static ssize_t blk_msg_write(struct file *filp, const char __user *buffer, if (count >= BLK_TN_MAX_MSG) return -EINVAL; - msg = kmalloc(count + 1, GFP_KERNEL); - if (msg == NULL) - return -ENOMEM; - - if (copy_from_user(msg, buffer, count)) { - kfree(msg); - return -EFAULT; - } + msg = memdup_user_nul(buffer, count); + if (IS_ERR(msg)) + return PTR_ERR(msg); - msg[count] = '\0'; bt = filp->private_data; __trace_note_message(bt, "%s", msg); kfree(msg); diff --git a/lib/dynamic_debug.c b/lib/dynamic_debug.c index e3952e9..fe42b6e 100644 --- a/lib/dynamic_debug.c +++ b/lib/dynamic_debug.c @@ -657,14 +657,9 @@ static ssize_t ddebug_proc_write(struct file *file, const char __user *ubuf, pr_warn("expected <%d bytes into control\n", USER_BUF_PAGE); return -E2BIG; } - tmpbuf = kmalloc(len + 1, GFP_KERNEL); - if (!tmpbuf) - return -ENOMEM; - if (copy_from_user(tmpbuf, ubuf, len)) { - kfree(tmpbuf); - return -EFAULT; - } - tmpbuf[len] = '\0'; + tmpbuf = memdup_user_nul(ubuf, len); + if (IS_ERR(tmpbuf)) + return PTR_ERR(tmpbuf); vpr_info("read %d bytes from userspace\n", (int)len); ret = ddebug_exec_queries(tmpbuf, NULL); diff --git a/net/rxrpc/ar-key.c b/net/rxrpc/ar-key.c index da3cc09..3f65716 100644 --- a/net/rxrpc/ar-key.c +++ b/net/rxrpc/ar-key.c @@ -896,15 +896,9 @@ int rxrpc_request_key(struct rxrpc_sock *rx, char __user *optval, int optlen) if (optlen <= 0 || optlen > PAGE_SIZE - 1) return -EINVAL; - description = kmalloc(optlen + 1, GFP_KERNEL); - if (!description) - return -ENOMEM; - - if (copy_from_user(description, optval, optlen)) { - kfree(description); - return -EFAULT; - } - description[optlen] = 0; + description = memdup_user_nul(optval, optlen); + if (IS_ERR(description)) + return PTR_ERR(description); key = request_key(&key_type_rxrpc, description, NULL); if (IS_ERR(key)) { @@ -933,15 +927,9 @@ int rxrpc_server_keyring(struct rxrpc_sock *rx, char __user *optval, if (optlen <= 0 || optlen > PAGE_SIZE - 1) return -EINVAL; - description = kmalloc(optlen + 1, GFP_KERNEL); - if (!description) - return -ENOMEM; - - if (copy_from_user(description, optval, optlen)) { - kfree(description); - return -EFAULT; - } - description[optlen] = 0; + description = memdup_user_nul(optval, optlen); + if (IS_ERR(description)) + return PTR_ERR(description); key = request_key(&key_type_keyring, description, NULL); if (IS_ERR(key)) { diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c index 94bd9e4..e249a66 100644 --- a/security/smack/smackfs.c +++ b/security/smack/smackfs.c @@ -497,14 +497,9 @@ static ssize_t smk_write_rules_list(struct file *file, const char __user *buf, } } - data = kmalloc(count + 1, GFP_KERNEL); - if (data == NULL) - return -ENOMEM; - - if (copy_from_user(data, buf, count) != 0) { - rc = -EFAULT; - goto out; - } + data = memdup_user_nul(buf, count); + if (IS_ERR(data)) + return PTR_ERR(data); /* * In case of parsing only part of user buf, @@ -884,16 +879,10 @@ static ssize_t smk_set_cipso(struct file *file, const char __user *buf, (count < SMK_CIPSOMIN || count > SMK_CIPSOMAX)) return -EINVAL; - data = kzalloc(count + 1, GFP_KERNEL); - if (data == NULL) - return -ENOMEM; - - if (copy_from_user(data, buf, count) != 0) { - rc = -EFAULT; - goto unlockedout; - } + data = memdup_user_nul(buf, count); + if (IS_ERR(data)) + return PTR_ERR(data); - data[count] = '\0'; rule = data; /* * Only allow one writer at a time. Writes should be @@ -946,7 +935,6 @@ static ssize_t smk_set_cipso(struct file *file, const char __user *buf, out: mutex_unlock(&smack_cipso_lock); -unlockedout: kfree(data); return rc; } @@ -1187,14 +1175,9 @@ static ssize_t smk_write_net4addr(struct file *file, const char __user *buf, if (count < SMK_NETLBLADDRMIN) return -EINVAL; - data = kzalloc(count + 1, GFP_KERNEL); - if (data == NULL) - return -ENOMEM; - - if (copy_from_user(data, buf, count) != 0) { - rc = -EFAULT; - goto free_data_out; - } + data = memdup_user_nul(buf, count); + if (IS_ERR(data)) + return PTR_ERR(data); smack = kzalloc(count + 1, GFP_KERNEL); if (smack == NULL) { @@ -1202,8 +1185,6 @@ static ssize_t smk_write_net4addr(struct file *file, const char __user *buf, goto free_data_out; } - data[count] = '\0'; - rc = sscanf(data, "%hhd.%hhd.%hhd.%hhd/%u %s", &host[0], &host[1], &host[2], &host[3], &masks, smack); if (rc != 6) { @@ -1454,14 +1435,9 @@ static ssize_t smk_write_net6addr(struct file *file, const char __user *buf, if (count < SMK_NETLBLADDRMIN) return -EINVAL; - data = kzalloc(count + 1, GFP_KERNEL); - if (data == NULL) - return -ENOMEM; - - if (copy_from_user(data, buf, count) != 0) { - rc = -EFAULT; - goto free_data_out; - } + data = memdup_user_nul(buf, count); + if (IS_ERR(data)) + return PTR_ERR(data); smack = kzalloc(count + 1, GFP_KERNEL); if (smack == NULL) { @@ -1469,8 +1445,6 @@ static ssize_t smk_write_net6addr(struct file *file, const char __user *buf, goto free_data_out; } - data[count] = '\0'; - i = sscanf(data, "%x:%x:%x:%x:%x:%x:%x:%x/%u %s", &scanned[0], &scanned[1], &scanned[2], &scanned[3], &scanned[4], &scanned[5], &scanned[6], &scanned[7], @@ -1865,14 +1839,9 @@ static ssize_t smk_write_ambient(struct file *file, const char __user *buf, if (!smack_privileged(CAP_MAC_ADMIN)) return -EPERM; - data = kzalloc(count + 1, GFP_KERNEL); - if (data == NULL) - return -ENOMEM; - - if (copy_from_user(data, buf, count) != 0) { - rc = -EFAULT; - goto out; - } + data = memdup_user_nul(buf, count); + if (IS_ERR(data)) + return PTR_ERR(data); skp = smk_import_entry(data, count); if (IS_ERR(skp)) { @@ -2041,14 +2010,9 @@ static ssize_t smk_write_onlycap(struct file *file, const char __user *buf, if (!smack_privileged(CAP_MAC_ADMIN)) return -EPERM; - data = kzalloc(count + 1, GFP_KERNEL); - if (data == NULL) - return -ENOMEM; - - if (copy_from_user(data, buf, count) != 0) { - kfree(data); - return -EFAULT; - } + data = memdup_user_nul(buf, count); + if (IS_ERR(data)) + return PTR_ERR(data); rc = smk_parse_label_list(data, &list_tmp); kfree(data); @@ -2133,14 +2097,9 @@ static ssize_t smk_write_unconfined(struct file *file, const char __user *buf, if (!smack_privileged(CAP_MAC_ADMIN)) return -EPERM; - data = kzalloc(count + 1, GFP_KERNEL); - if (data == NULL) - return -ENOMEM; - - if (copy_from_user(data, buf, count) != 0) { - rc = -EFAULT; - goto freeout; - } + data = memdup_user_nul(buf, count); + if (IS_ERR(data)) + return PTR_ERR(data); /* * Clear the smack_unconfined on invalid label errors. This means @@ -2696,19 +2655,15 @@ static ssize_t smk_write_syslog(struct file *file, const char __user *buf, if (!smack_privileged(CAP_MAC_ADMIN)) return -EPERM; - data = kzalloc(count + 1, GFP_KERNEL); - if (data == NULL) - return -ENOMEM; + data = memdup_user_nul(buf, count); + if (IS_ERR(data)) + return PTR_ERR(data); - if (copy_from_user(data, buf, count) != 0) - rc = -EFAULT; - else { - skp = smk_import_entry(data, count); - if (IS_ERR(skp)) - rc = PTR_ERR(skp); - else - smack_syslog_label = skp; - } + skp = smk_import_entry(data, count); + if (IS_ERR(skp)) + rc = PTR_ERR(skp); + else + smack_syslog_label = skp; kfree(data); return rc; @@ -2798,14 +2753,9 @@ static ssize_t smk_write_relabel_self(struct file *file, const char __user *buf, if (*ppos != 0) return -EINVAL; - data = kzalloc(count + 1, GFP_KERNEL); - if (data == NULL) - return -ENOMEM; - - if (copy_from_user(data, buf, count) != 0) { - kfree(data); - return -EFAULT; - } + data = memdup_user_nul(buf, count); + if (IS_ERR(data)) + return PTR_ERR(data); rc = smk_parse_label_list(data, &list_tmp); kfree(data); diff --git a/security/tomoyo/securityfs_if.c b/security/tomoyo/securityfs_if.c index 179a955..06ab41b1 100644 --- a/security/tomoyo/securityfs_if.c +++ b/security/tomoyo/securityfs_if.c @@ -43,13 +43,9 @@ static ssize_t tomoyo_write_self(struct file *file, const char __user *buf, int error; if (!count || count >= TOMOYO_EXEC_TMPSIZE - 10) return -ENOMEM; - data = kzalloc(count + 1, GFP_NOFS); - if (!data) - return -ENOMEM; - if (copy_from_user(data, buf, count)) { - error = -EFAULT; - goto out; - } + data = memdup_user_nul(buf, count); + if (IS_ERR(data)) + return PTR_ERR(data); tomoyo_normalize_line(data); if (tomoyo_correct_domain(data)) { const int idx = tomoyo_read_lock(); @@ -87,7 +83,6 @@ static ssize_t tomoyo_write_self(struct file *file, const char __user *buf, tomoyo_read_unlock(idx); } else error = -EINVAL; -out: kfree(data); return error ? error : count; } -- cgit v0.10.2 From 8365a71946bb1075f5e0e6357fe0f0b92404d966 Mon Sep 17 00:00:00 2001 From: Al Viro Date: Thu, 24 Dec 2015 00:08:06 -0500 Subject: selinuxfs: switch to memdup_user_nul() Nothing in there gives a damn about the buffer alignment - it just parses its contents. So the use of get_zeroed_page() doesn't buy us anything - might as well had been kmalloc(), which makes that code equivalent to open-coded memdup_user_nul() Signed-off-by: Al Viro diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c index c02da25..73c60ba 100644 --- a/security/selinux/selinuxfs.c +++ b/security/selinux/selinuxfs.c @@ -147,23 +147,16 @@ static ssize_t sel_write_enforce(struct file *file, const char __user *buf, ssize_t length; int new_value; - length = -ENOMEM; if (count >= PAGE_SIZE) - goto out; + return -ENOMEM; /* No partial writes. */ - length = -EINVAL; if (*ppos != 0) - goto out; - - length = -ENOMEM; - page = (char *)get_zeroed_page(GFP_KERNEL); - if (!page) - goto out; + return -EINVAL; - length = -EFAULT; - if (copy_from_user(page, buf, count)) - goto out; + page = memdup_user_nul(buf, count); + if (IS_ERR(page)) + return PTR_ERR(page); length = -EINVAL; if (sscanf(page, "%d", &new_value) != 1) @@ -186,7 +179,7 @@ static ssize_t sel_write_enforce(struct file *file, const char __user *buf, } length = count; out: - free_page((unsigned long) page); + kfree(page); return length; } #else @@ -275,27 +268,20 @@ static ssize_t sel_write_disable(struct file *file, const char __user *buf, size_t count, loff_t *ppos) { - char *page = NULL; + char *page; ssize_t length; int new_value; - length = -ENOMEM; if (count >= PAGE_SIZE) - goto out; + return -ENOMEM; /* No partial writes. */ - length = -EINVAL; if (*ppos != 0) - goto out; - - length = -ENOMEM; - page = (char *)get_zeroed_page(GFP_KERNEL); - if (!page) - goto out; + return -EINVAL; - length = -EFAULT; - if (copy_from_user(page, buf, count)) - goto out; + page = memdup_user_nul(buf, count); + if (IS_ERR(page)) + return PTR_ERR(page); length = -EINVAL; if (sscanf(page, "%d", &new_value) != 1) @@ -313,7 +299,7 @@ static ssize_t sel_write_disable(struct file *file, const char __user *buf, length = count; out: - free_page((unsigned long) page); + kfree(page); return length; } #else @@ -611,31 +597,24 @@ static ssize_t sel_read_checkreqprot(struct file *filp, char __user *buf, static ssize_t sel_write_checkreqprot(struct file *file, const char __user *buf, size_t count, loff_t *ppos) { - char *page = NULL; + char *page; ssize_t length; unsigned int new_value; length = task_has_security(current, SECURITY__SETCHECKREQPROT); if (length) - goto out; + return length; - length = -ENOMEM; if (count >= PAGE_SIZE) - goto out; + return -ENOMEM; /* No partial writes. */ - length = -EINVAL; if (*ppos != 0) - goto out; - - length = -ENOMEM; - page = (char *)get_zeroed_page(GFP_KERNEL); - if (!page) - goto out; + return -EINVAL; - length = -EFAULT; - if (copy_from_user(page, buf, count)) - goto out; + page = memdup_user_nul(buf, count); + if (IS_ERR(page)) + return PTR_ERR(page); length = -EINVAL; if (sscanf(page, "%u", &new_value) != 1) @@ -644,7 +623,7 @@ static ssize_t sel_write_checkreqprot(struct file *file, const char __user *buf, selinux_checkreqprot = new_value ? 1 : 0; length = count; out: - free_page((unsigned long) page); + kfree(page); return length; } static const struct file_operations sel_checkreqprot_ops = { @@ -1100,14 +1079,12 @@ static ssize_t sel_write_bool(struct file *filep, const char __user *buf, if (*ppos != 0) goto out; - length = -ENOMEM; - page = (char *)get_zeroed_page(GFP_KERNEL); - if (!page) - goto out; - - length = -EFAULT; - if (copy_from_user(page, buf, count)) + page = memdup_user_nul(buf, count); + if (IS_ERR(page)) { + length = PTR_ERR(page); + page = NULL; goto out; + } length = -EINVAL; if (sscanf(page, "%d", &new_value) != 1) @@ -1121,7 +1098,7 @@ static ssize_t sel_write_bool(struct file *filep, const char __user *buf, out: mutex_unlock(&sel_mutex); - free_page((unsigned long) page); + kfree(page); return length; } @@ -1154,14 +1131,12 @@ static ssize_t sel_commit_bools_write(struct file *filep, if (*ppos != 0) goto out; - length = -ENOMEM; - page = (char *)get_zeroed_page(GFP_KERNEL); - if (!page) - goto out; - - length = -EFAULT; - if (copy_from_user(page, buf, count)) + page = memdup_user_nul(buf, count); + if (IS_ERR(page)) { + length = PTR_ERR(page); + page = NULL; goto out; + } length = -EINVAL; if (sscanf(page, "%d", &new_value) != 1) @@ -1176,7 +1151,7 @@ static ssize_t sel_commit_bools_write(struct file *filep, out: mutex_unlock(&sel_mutex); - free_page((unsigned long) page); + kfree(page); return length; } @@ -1292,31 +1267,24 @@ static ssize_t sel_write_avc_cache_threshold(struct file *file, size_t count, loff_t *ppos) { - char *page = NULL; + char *page; ssize_t ret; int new_value; ret = task_has_security(current, SECURITY__SETSECPARAM); if (ret) - goto out; + return ret; - ret = -ENOMEM; if (count >= PAGE_SIZE) - goto out; + return -ENOMEM; /* No partial writes. */ - ret = -EINVAL; if (*ppos != 0) - goto out; - - ret = -ENOMEM; - page = (char *)get_zeroed_page(GFP_KERNEL); - if (!page) - goto out; + return -EINVAL; - ret = -EFAULT; - if (copy_from_user(page, buf, count)) - goto out; + page = memdup_user_nul(buf, count); + if (IS_ERR(page)) + return PTR_ERR(page); ret = -EINVAL; if (sscanf(page, "%u", &new_value) != 1) @@ -1326,7 +1294,7 @@ static ssize_t sel_write_avc_cache_threshold(struct file *file, ret = count; out: - free_page((unsigned long)page); + kfree(page); return ret; } -- cgit v0.10.2 From f0fc86966253ad244f53841e3d8db2cf9f862019 Mon Sep 17 00:00:00 2001 From: Al Viro Date: Thu, 24 Dec 2015 00:10:20 -0500 Subject: switch wireless debugfs ->write() instances to memdup_user_nul() again, it only parses the contents of the copied buffer, so get_zeroed_page() might as well had been kmalloc(), which makes it open-coded memdup_user_nul() Signed-off-by: Al Viro diff --git a/drivers/net/wireless/libertas/debugfs.c b/drivers/net/wireless/libertas/debugfs.c index 26cbf1d..faed182 100644 --- a/drivers/net/wireless/libertas/debugfs.c +++ b/drivers/net/wireless/libertas/debugfs.c @@ -56,19 +56,15 @@ static ssize_t lbs_sleepparams_write(struct file *file, loff_t *ppos) { struct lbs_private *priv = file->private_data; - ssize_t buf_size, ret; + ssize_t ret; struct sleep_params sp; int p1, p2, p3, p4, p5, p6; - unsigned long addr = get_zeroed_page(GFP_KERNEL); - char *buf = (char *)addr; - if (!buf) - return -ENOMEM; + char *buf; + + buf = memdup_user_nul(user_buf, min(count, len - 1)); + if (IS_ERR(buf)) + return PTR_ERR(buf); - buf_size = min(count, len - 1); - if (copy_from_user(buf, user_buf, buf_size)) { - ret = -EFAULT; - goto out_unlock; - } ret = sscanf(buf, "%d %d %d %d %d %d", &p1, &p2, &p3, &p4, &p5, &p6); if (ret != 6) { ret = -EINVAL; @@ -88,7 +84,7 @@ static ssize_t lbs_sleepparams_write(struct file *file, ret = -EINVAL; out_unlock: - free_page(addr); + kfree(buf); return ret; } @@ -125,18 +121,14 @@ static ssize_t lbs_host_sleep_write(struct file *file, loff_t *ppos) { struct lbs_private *priv = file->private_data; - ssize_t buf_size, ret; + ssize_t ret; int host_sleep; - unsigned long addr = get_zeroed_page(GFP_KERNEL); - char *buf = (char *)addr; - if (!buf) - return -ENOMEM; + char *buf; + + buf = memdup_user_nul(user_buf, min(count, len - 1)); + if (IS_ERR(buf)) + return PTR_ERR(buf); - buf_size = min(count, len - 1); - if (copy_from_user(buf, user_buf, buf_size)) { - ret = -EFAULT; - goto out_unlock; - } ret = sscanf(buf, "%d", &host_sleep); if (ret != 1) { ret = -EINVAL; @@ -162,7 +154,7 @@ static ssize_t lbs_host_sleep_write(struct file *file, ret = count; out_unlock: - free_page(addr); + kfree(buf); return ret; } @@ -281,21 +273,15 @@ static ssize_t lbs_threshold_write(uint16_t tlv_type, uint16_t event_mask, struct cmd_ds_802_11_subscribe_event *events; struct mrvl_ie_thresholds *tlv; struct lbs_private *priv = file->private_data; - ssize_t buf_size; int value, freq, new_mask; uint16_t curr_mask; char *buf; int ret; - buf = (char *)get_zeroed_page(GFP_KERNEL); - if (!buf) - return -ENOMEM; + buf = memdup_user_nul(userbuf, min(count, len - 1)); + if (IS_ERR(buf)) + return PTR_ERR(buf); - buf_size = min(count, len - 1); - if (copy_from_user(buf, userbuf, buf_size)) { - ret = -EFAULT; - goto out_page; - } ret = sscanf(buf, "%d %d %d", &value, &freq, &new_mask); if (ret != 3) { ret = -EINVAL; @@ -343,7 +329,7 @@ static ssize_t lbs_threshold_write(uint16_t tlv_type, uint16_t event_mask, out_events: kfree(events); out_page: - free_page((unsigned long)buf); + kfree(buf); return ret; } @@ -472,22 +458,15 @@ static ssize_t lbs_rdmac_write(struct file *file, size_t count, loff_t *ppos) { struct lbs_private *priv = file->private_data; - ssize_t res, buf_size; - unsigned long addr = get_zeroed_page(GFP_KERNEL); - char *buf = (char *)addr; - if (!buf) - return -ENOMEM; + char *buf; + + buf = memdup_user_nul(userbuf, min(count, len - 1)); + if (IS_ERR(buf)) + return PTR_ERR(buf); - buf_size = min(count, len - 1); - if (copy_from_user(buf, userbuf, buf_size)) { - res = -EFAULT; - goto out_unlock; - } priv->mac_offset = simple_strtoul(buf, NULL, 16); - res = count; -out_unlock: - free_page(addr); - return res; + kfree(buf); + return count; } static ssize_t lbs_wrmac_write(struct file *file, @@ -496,18 +475,14 @@ static ssize_t lbs_wrmac_write(struct file *file, { struct lbs_private *priv = file->private_data; - ssize_t res, buf_size; + ssize_t res; u32 offset, value; - unsigned long addr = get_zeroed_page(GFP_KERNEL); - char *buf = (char *)addr; - if (!buf) - return -ENOMEM; + char *buf; + + buf = memdup_user_nul(userbuf, min(count, len - 1)); + if (IS_ERR(buf)) + return PTR_ERR(buf); - buf_size = min(count, len - 1); - if (copy_from_user(buf, userbuf, buf_size)) { - res = -EFAULT; - goto out_unlock; - } res = sscanf(buf, "%x %x", &offset, &value); if (res != 2) { res = -EFAULT; @@ -520,7 +495,7 @@ static ssize_t lbs_wrmac_write(struct file *file, if (!res) res = count; out_unlock: - free_page(addr); + kfree(buf); return res; } @@ -554,22 +529,16 @@ static ssize_t lbs_rdbbp_write(struct file *file, size_t count, loff_t *ppos) { struct lbs_private *priv = file->private_data; - ssize_t res, buf_size; - unsigned long addr = get_zeroed_page(GFP_KERNEL); - char *buf = (char *)addr; - if (!buf) - return -ENOMEM; + char *buf; + + buf = memdup_user_nul(userbuf, min(count, len - 1)); + if (IS_ERR(buf)) + return PTR_ERR(buf); - buf_size = min(count, len - 1); - if (copy_from_user(buf, userbuf, buf_size)) { - res = -EFAULT; - goto out_unlock; - } priv->bbp_offset = simple_strtoul(buf, NULL, 16); - res = count; -out_unlock: - free_page(addr); - return res; + kfree(buf); + + return count; } static ssize_t lbs_wrbbp_write(struct file *file, @@ -578,18 +547,14 @@ static ssize_t lbs_wrbbp_write(struct file *file, { struct lbs_private *priv = file->private_data; - ssize_t res, buf_size; + ssize_t res; u32 offset, value; - unsigned long addr = get_zeroed_page(GFP_KERNEL); - char *buf = (char *)addr; - if (!buf) - return -ENOMEM; + char *buf; + + buf = memdup_user_nul(userbuf, min(count, len - 1)); + if (IS_ERR(buf)) + return PTR_ERR(buf); - buf_size = min(count, len - 1); - if (copy_from_user(buf, userbuf, buf_size)) { - res = -EFAULT; - goto out_unlock; - } res = sscanf(buf, "%x %x", &offset, &value); if (res != 2) { res = -EFAULT; @@ -602,7 +567,7 @@ static ssize_t lbs_wrbbp_write(struct file *file, if (!res) res = count; out_unlock: - free_page(addr); + kfree(buf); return res; } @@ -636,22 +601,15 @@ static ssize_t lbs_rdrf_write(struct file *file, size_t count, loff_t *ppos) { struct lbs_private *priv = file->private_data; - ssize_t res, buf_size; - unsigned long addr = get_zeroed_page(GFP_KERNEL); - char *buf = (char *)addr; - if (!buf) - return -ENOMEM; + char *buf; + + buf = memdup_user_nul(userbuf, min(count, len - 1)); + if (IS_ERR(buf)) + return PTR_ERR(buf); - buf_size = min(count, len - 1); - if (copy_from_user(buf, userbuf, buf_size)) { - res = -EFAULT; - goto out_unlock; - } priv->rf_offset = simple_strtoul(buf, NULL, 16); - res = count; -out_unlock: - free_page(addr); - return res; + kfree(buf); + return count; } static ssize_t lbs_wrrf_write(struct file *file, @@ -660,18 +618,14 @@ static ssize_t lbs_wrrf_write(struct file *file, { struct lbs_private *priv = file->private_data; - ssize_t res, buf_size; + ssize_t res; u32 offset, value; - unsigned long addr = get_zeroed_page(GFP_KERNEL); - char *buf = (char *)addr; - if (!buf) - return -ENOMEM; + char *buf; + + buf = memdup_user_nul(userbuf, min(count, len - 1)); + if (IS_ERR(buf)) + return PTR_ERR(buf); - buf_size = min(count, len - 1); - if (copy_from_user(buf, userbuf, buf_size)) { - res = -EFAULT; - goto out_unlock; - } res = sscanf(buf, "%x %x", &offset, &value); if (res != 2) { res = -EFAULT; @@ -684,7 +638,7 @@ static ssize_t lbs_wrrf_write(struct file *file, if (!res) res = count; out_unlock: - free_page(addr); + kfree(buf); return res; } @@ -915,16 +869,9 @@ static ssize_t lbs_debugfs_write(struct file *f, const char __user *buf, if (cnt == 0) return 0; - pdata = kmalloc(cnt + 1, GFP_KERNEL); - if (pdata == NULL) - return 0; - - if (copy_from_user(pdata, buf, cnt)) { - lbs_deb_debugfs("Copy from user failed\n"); - kfree(pdata); - return 0; - } - pdata[cnt] = '\0'; + pdata = memdup_user_nul(buf, cnt); + if (IS_ERR(pdata)) + return PTR_ERR(pdata); p0 = pdata; for (i = 0; i < num_of_items; i++) { diff --git a/drivers/net/wireless/mwifiex/debugfs.c b/drivers/net/wireless/mwifiex/debugfs.c index 9824d8d..241e1c3 100644 --- a/drivers/net/wireless/mwifiex/debugfs.c +++ b/drivers/net/wireless/mwifiex/debugfs.c @@ -447,20 +447,13 @@ static ssize_t mwifiex_regrdwr_write(struct file *file, const char __user *ubuf, size_t count, loff_t *ppos) { - unsigned long addr = get_zeroed_page(GFP_KERNEL); - char *buf = (char *) addr; - size_t buf_size = min_t(size_t, count, PAGE_SIZE - 1); + char *buf; int ret; u32 reg_type = 0, reg_offset = 0, reg_value = UINT_MAX; - if (!buf) - return -ENOMEM; - - - if (copy_from_user(buf, ubuf, buf_size)) { - ret = -EFAULT; - goto done; - } + buf = memdup_user_nul(ubuf, min(count, (size_t)(PAGE_SIZE - 1))); + if (IS_ERR(buf)) + return PTR_ERR(buf); sscanf(buf, "%u %x %x", ®_type, ®_offset, ®_value); @@ -474,7 +467,7 @@ mwifiex_regrdwr_write(struct file *file, ret = count; } done: - free_page(addr); + kfree(buf); return ret; } @@ -572,17 +565,11 @@ mwifiex_debug_mask_write(struct file *file, const char __user *ubuf, int ret; unsigned long debug_mask; struct mwifiex_private *priv = (void *)file->private_data; - unsigned long addr = get_zeroed_page(GFP_KERNEL); - char *buf = (void *)addr; - size_t buf_size = min(count, (size_t)(PAGE_SIZE - 1)); + char *buf; - if (!buf) - return -ENOMEM; - - if (copy_from_user(buf, ubuf, buf_size)) { - ret = -EFAULT; - goto done; - } + buf = memdup_user_nul(ubuf, min(count, (size_t)(PAGE_SIZE - 1))); + if (IS_ERR(buf)) + return PTR_ERR(buf); if (kstrtoul(buf, 0, &debug_mask)) { ret = -EINVAL; @@ -592,7 +579,7 @@ mwifiex_debug_mask_write(struct file *file, const char __user *ubuf, priv->adapter->debug_mask = debug_mask; ret = count; done: - free_page(addr); + kfree(buf); return ret; } @@ -609,17 +596,11 @@ mwifiex_memrw_write(struct file *file, const char __user *ubuf, size_t count, struct mwifiex_ds_mem_rw mem_rw; u16 cmd_action; struct mwifiex_private *priv = (void *)file->private_data; - unsigned long addr = get_zeroed_page(GFP_KERNEL); - char *buf = (void *)addr; - size_t buf_size = min(count, (size_t)(PAGE_SIZE - 1)); - - if (!buf) - return -ENOMEM; + char *buf; - if (copy_from_user(buf, ubuf, buf_size)) { - ret = -EFAULT; - goto done; - } + buf = memdup_user_nul(ubuf, min(count, (size_t)(PAGE_SIZE - 1))); + if (IS_ERR(buf)) + return PTR_ERR(buf); ret = sscanf(buf, "%c %x %x", &cmd, &mem_rw.addr, &mem_rw.value); if (ret != 3) { @@ -645,7 +626,7 @@ mwifiex_memrw_write(struct file *file, const char __user *ubuf, size_t count, ret = count; done: - free_page(addr); + kfree(buf); return ret; } @@ -686,20 +667,13 @@ static ssize_t mwifiex_rdeeprom_write(struct file *file, const char __user *ubuf, size_t count, loff_t *ppos) { - unsigned long addr = get_zeroed_page(GFP_KERNEL); - char *buf = (char *) addr; - size_t buf_size = min_t(size_t, count, PAGE_SIZE - 1); + char *buf; int ret = 0; int offset = -1, bytes = -1; - if (!buf) - return -ENOMEM; - - - if (copy_from_user(buf, ubuf, buf_size)) { - ret = -EFAULT; - goto done; - } + buf = memdup_user_nul(ubuf, min(count, (size_t)(PAGE_SIZE - 1))); + if (IS_ERR(buf)) + return PTR_ERR(buf); sscanf(buf, "%d %d", &offset, &bytes); @@ -712,7 +686,7 @@ mwifiex_rdeeprom_write(struct file *file, ret = count; } done: - free_page(addr); + kfree(buf); return ret; } @@ -771,21 +745,15 @@ mwifiex_hscfg_write(struct file *file, const char __user *ubuf, size_t count, loff_t *ppos) { struct mwifiex_private *priv = (void *)file->private_data; - unsigned long addr = get_zeroed_page(GFP_KERNEL); - char *buf = (char *)addr; - size_t buf_size = min_t(size_t, count, PAGE_SIZE - 1); + char *buf; int ret, arg_num; struct mwifiex_ds_hs_cfg hscfg; int conditions = HS_CFG_COND_DEF; u32 gpio = HS_CFG_GPIO_DEF, gap = HS_CFG_GAP_DEF; - if (!buf) - return -ENOMEM; - - if (copy_from_user(buf, ubuf, buf_size)) { - ret = -EFAULT; - goto done; - } + buf = memdup_user_nul(ubuf, min(count, (size_t)(PAGE_SIZE - 1))); + if (IS_ERR(buf)) + return PTR_ERR(buf); arg_num = sscanf(buf, "%d %x %x", &conditions, &gpio, &gap); @@ -823,7 +791,7 @@ mwifiex_hscfg_write(struct file *file, const char __user *ubuf, priv->adapter->hs_enabling = false; ret = count; done: - free_page(addr); + kfree(buf); return ret; } -- cgit v0.10.2 From e4e85bb091d13afef7b1a10b4bd209b442be8863 Mon Sep 17 00:00:00 2001 From: Al Viro Date: Thu, 24 Dec 2015 00:12:09 -0500 Subject: cciss: switch to memdup_user_nul() all we do to buffer is strncmp()... Signed-off-by: Al Viro diff --git a/drivers/block/cciss.c b/drivers/block/cciss.c index 0422c47..b38bd06 100644 --- a/drivers/block/cciss.c +++ b/drivers/block/cciss.c @@ -514,14 +514,9 @@ cciss_proc_write(struct file *file, const char __user *buf, if (!buf || length > PAGE_SIZE - 1) return -EINVAL; - buffer = (char *)__get_free_page(GFP_KERNEL); - if (!buffer) - return -ENOMEM; - - err = -EFAULT; - if (copy_from_user(buffer, buf, length)) - goto out; - buffer[length] = '\0'; + buffer = memdup_user_nul(buf, length); + if (IS_ERR(buffer)) + return PTR_ERR(buffer); #ifdef CONFIG_CISS_SCSI_TAPE if (strncmp(ENGAGE_SCSI, buffer, sizeof ENGAGE_SCSI - 1) == 0) { @@ -537,8 +532,7 @@ cciss_proc_write(struct file *file, const char __user *buf, /* might be nice to have "disengage" too, but it's not safely possible. (only 1 module use count, lock issues.) */ -out: - free_page((unsigned long)buffer); + kfree(buffer); return err; } -- cgit v0.10.2 From 70f6cbb6f9c95535acd327d1ac1ce5fd078cff1e Mon Sep 17 00:00:00 2001 From: Al Viro Date: Thu, 24 Dec 2015 00:13:10 -0500 Subject: kernel/*: switch to memdup_user_nul() Signed-off-by: Al Viro diff --git a/kernel/sysctl.c b/kernel/sysctl.c index dc6858d..5faf89a 100644 --- a/kernel/sysctl.c +++ b/kernel/sysctl.c @@ -2047,9 +2047,8 @@ static int __do_proc_dointvec(void *tbl_data, struct ctl_table *table, void *data) { int *i, vleft, first = 1, err = 0; - unsigned long page = 0; size_t left; - char *kbuf; + char *kbuf = NULL, *p; if (!tbl_data || !table->maxlen || !*lenp || (*ppos && !write)) { *lenp = 0; @@ -2078,15 +2077,9 @@ static int __do_proc_dointvec(void *tbl_data, struct ctl_table *table, if (left > PAGE_SIZE - 1) left = PAGE_SIZE - 1; - page = __get_free_page(GFP_TEMPORARY); - kbuf = (char *) page; - if (!kbuf) - return -ENOMEM; - if (copy_from_user(kbuf, buffer, left)) { - err = -EFAULT; - goto free; - } - kbuf[left] = 0; + p = kbuf = memdup_user_nul(buffer, left); + if (IS_ERR(kbuf)) + return PTR_ERR(kbuf); } for (; left && vleft--; i++, first=0) { @@ -2094,11 +2087,11 @@ static int __do_proc_dointvec(void *tbl_data, struct ctl_table *table, bool neg; if (write) { - left -= proc_skip_spaces(&kbuf); + left -= proc_skip_spaces(&p); if (!left) break; - err = proc_get_long(&kbuf, &left, &lval, &neg, + err = proc_get_long(&p, &left, &lval, &neg, proc_wspace_sep, sizeof(proc_wspace_sep), NULL); if (err) @@ -2125,10 +2118,9 @@ static int __do_proc_dointvec(void *tbl_data, struct ctl_table *table, if (!write && !first && left && !err) err = proc_put_char(&buffer, &left, '\n'); if (write && !err && left) - left -= proc_skip_spaces(&kbuf); -free: + left -= proc_skip_spaces(&p); if (write) { - free_page(page); + kfree(kbuf); if (first) return err ? : -EINVAL; } @@ -2310,9 +2302,8 @@ static int __do_proc_doulongvec_minmax(void *data, struct ctl_table *table, int { unsigned long *i, *min, *max; int vleft, first = 1, err = 0; - unsigned long page = 0; size_t left; - char *kbuf; + char *kbuf = NULL, *p; if (!data || !table->maxlen || !*lenp || (*ppos && !write)) { *lenp = 0; @@ -2340,15 +2331,9 @@ static int __do_proc_doulongvec_minmax(void *data, struct ctl_table *table, int if (left > PAGE_SIZE - 1) left = PAGE_SIZE - 1; - page = __get_free_page(GFP_TEMPORARY); - kbuf = (char *) page; - if (!kbuf) - return -ENOMEM; - if (copy_from_user(kbuf, buffer, left)) { - err = -EFAULT; - goto free; - } - kbuf[left] = 0; + p = kbuf = memdup_user_nul(buffer, left); + if (IS_ERR(kbuf)) + return PTR_ERR(kbuf); } for (; left && vleft--; i++, first = 0) { @@ -2357,9 +2342,9 @@ static int __do_proc_doulongvec_minmax(void *data, struct ctl_table *table, int if (write) { bool neg; - left -= proc_skip_spaces(&kbuf); + left -= proc_skip_spaces(&p); - err = proc_get_long(&kbuf, &left, &val, &neg, + err = proc_get_long(&p, &left, &val, &neg, proc_wspace_sep, sizeof(proc_wspace_sep), NULL); if (err) @@ -2385,10 +2370,9 @@ static int __do_proc_doulongvec_minmax(void *data, struct ctl_table *table, int if (!write && !first && left && !err) err = proc_put_char(&buffer, &left, '\n'); if (write && !err) - left -= proc_skip_spaces(&kbuf); -free: + left -= proc_skip_spaces(&p); if (write) { - free_page(page); + kfree(kbuf); if (first) return err ? : -EINVAL; } @@ -2650,34 +2634,27 @@ int proc_do_large_bitmap(struct ctl_table *table, int write, } if (write) { - unsigned long page = 0; - char *kbuf; + char *kbuf, *p; if (left > PAGE_SIZE - 1) left = PAGE_SIZE - 1; - page = __get_free_page(GFP_TEMPORARY); - kbuf = (char *) page; - if (!kbuf) - return -ENOMEM; - if (copy_from_user(kbuf, buffer, left)) { - free_page(page); - return -EFAULT; - } - kbuf[left] = 0; + p = kbuf = memdup_user_nul(buffer, left); + if (IS_ERR(kbuf)) + return PTR_ERR(kbuf); tmp_bitmap = kzalloc(BITS_TO_LONGS(bitmap_len) * sizeof(unsigned long), GFP_KERNEL); if (!tmp_bitmap) { - free_page(page); + kfree(kbuf); return -ENOMEM; } - proc_skip_char(&kbuf, &left, '\n'); + proc_skip_char(&p, &left, '\n'); while (!err && left) { unsigned long val_a, val_b; bool neg; - err = proc_get_long(&kbuf, &left, &val_a, &neg, tr_a, + err = proc_get_long(&p, &left, &val_a, &neg, tr_a, sizeof(tr_a), &c); if (err) break; @@ -2688,12 +2665,12 @@ int proc_do_large_bitmap(struct ctl_table *table, int write, val_b = val_a; if (left) { - kbuf++; + p++; left--; } if (c == '-') { - err = proc_get_long(&kbuf, &left, &val_b, + err = proc_get_long(&p, &left, &val_b, &neg, tr_b, sizeof(tr_b), &c); if (err) @@ -2704,16 +2681,16 @@ int proc_do_large_bitmap(struct ctl_table *table, int write, break; } if (left) { - kbuf++; + p++; left--; } } bitmap_set(tmp_bitmap, val_a, val_b - val_a + 1); first = 0; - proc_skip_char(&kbuf, &left, '\n'); + proc_skip_char(&p, &left, '\n'); } - free_page(page); + kfree(kbuf); } else { unsigned long bit_a, bit_b = 0; diff --git a/kernel/trace/trace_events.c b/kernel/trace/trace_events.c index 4f6ef69..f333e57 100644 --- a/kernel/trace/trace_events.c +++ b/kernel/trace/trace_events.c @@ -1340,15 +1340,9 @@ event_filter_write(struct file *filp, const char __user *ubuf, size_t cnt, if (cnt >= PAGE_SIZE) return -EINVAL; - buf = (char *)__get_free_page(GFP_TEMPORARY); - if (!buf) - return -ENOMEM; - - if (copy_from_user(buf, ubuf, cnt)) { - free_page((unsigned long) buf); - return -EFAULT; - } - buf[cnt] = '\0'; + buf = memdup_user_nul(ubuf, cnt); + if (IS_ERR(buf)) + return PTR_ERR(buf); mutex_lock(&event_mutex); file = event_file_data(filp); @@ -1356,7 +1350,7 @@ event_filter_write(struct file *filp, const char __user *ubuf, size_t cnt, err = apply_event_filter(file, buf); mutex_unlock(&event_mutex); - free_page((unsigned long) buf); + kfree(buf); if (err < 0) return err; @@ -1507,18 +1501,12 @@ subsystem_filter_write(struct file *filp, const char __user *ubuf, size_t cnt, if (cnt >= PAGE_SIZE) return -EINVAL; - buf = (char *)__get_free_page(GFP_TEMPORARY); - if (!buf) - return -ENOMEM; - - if (copy_from_user(buf, ubuf, cnt)) { - free_page((unsigned long) buf); - return -EFAULT; - } - buf[cnt] = '\0'; + buf = memdup_user_nul(ubuf, cnt); + if (IS_ERR(buf)) + return PTR_ERR(buf); err = apply_subsystem_event_filter(dir, buf); - free_page((unsigned long) buf); + kfree(buf); if (err < 0) return err; diff --git a/kernel/trace/trace_events_trigger.c b/kernel/trace/trace_events_trigger.c index 42a4009..4b5e8ed6 100644 --- a/kernel/trace/trace_events_trigger.c +++ b/kernel/trace/trace_events_trigger.c @@ -237,28 +237,23 @@ static ssize_t event_trigger_regex_write(struct file *file, if (cnt >= PAGE_SIZE) return -EINVAL; - buf = (char *)__get_free_page(GFP_TEMPORARY); - if (!buf) - return -ENOMEM; + buf = memdup_user_nul(ubuf, cnt); + if (IS_ERR(buf)) + return PTR_ERR(buf); - if (copy_from_user(buf, ubuf, cnt)) { - free_page((unsigned long)buf); - return -EFAULT; - } - buf[cnt] = '\0'; strim(buf); mutex_lock(&event_mutex); event_file = event_file_data(file); if (unlikely(!event_file)) { mutex_unlock(&event_mutex); - free_page((unsigned long)buf); + kfree(buf); return -ENODEV; } ret = trigger_process_regex(event_file, buf); mutex_unlock(&event_mutex); - free_page((unsigned long)buf); + kfree(buf); if (ret < 0) goto out; diff --git a/kernel/user_namespace.c b/kernel/user_namespace.c index 88fefa6..9bafc21 100644 --- a/kernel/user_namespace.c +++ b/kernel/user_namespace.c @@ -602,8 +602,7 @@ static ssize_t map_write(struct file *file, const char __user *buf, struct uid_gid_map new_map; unsigned idx; struct uid_gid_extent *extent = NULL; - unsigned long page = 0; - char *kbuf, *pos, *next_line; + char *kbuf = NULL, *pos, *next_line; ssize_t ret = -EINVAL; /* @@ -638,23 +637,18 @@ static ssize_t map_write(struct file *file, const char __user *buf, if (cap_valid(cap_setid) && !file_ns_capable(file, ns, CAP_SYS_ADMIN)) goto out; - /* Get a buffer */ - ret = -ENOMEM; - page = __get_free_page(GFP_TEMPORARY); - kbuf = (char *) page; - if (!page) - goto out; - /* Only allow < page size writes at the beginning of the file */ ret = -EINVAL; if ((*ppos != 0) || (count >= PAGE_SIZE)) goto out; /* Slurp in the user data */ - ret = -EFAULT; - if (copy_from_user(kbuf, buf, count)) + kbuf = memdup_user_nul(buf, count); + if (IS_ERR(kbuf)) { + ret = PTR_ERR(kbuf); + kbuf = NULL; goto out; - kbuf[count] = '\0'; + } /* Parse the user data */ ret = -EINVAL; @@ -756,8 +750,7 @@ static ssize_t map_write(struct file *file, const char __user *buf, ret = count; out: mutex_unlock(&userns_state_mutex); - if (page) - free_page(page); + kfree(kbuf); return ret; } -- cgit v0.10.2 From bb646cdb12e75d82258c2f2e7746d5952d3e321a Mon Sep 17 00:00:00 2001 From: Al Viro Date: Thu, 24 Dec 2015 00:16:30 -0500 Subject: proc_pid_attr_write(): switch to memdup_user() Signed-off-by: Al Viro diff --git a/fs/proc/base.c b/fs/proc/base.c index 4bd5d31..1b0f470 100644 --- a/fs/proc/base.c +++ b/fs/proc/base.c @@ -2359,7 +2359,7 @@ static ssize_t proc_pid_attr_write(struct file * file, const char __user * buf, size_t count, loff_t *ppos) { struct inode * inode = file_inode(file); - char *page; + void *page; ssize_t length; struct task_struct *task = get_proc_task(inode); @@ -2374,14 +2374,11 @@ static ssize_t proc_pid_attr_write(struct file * file, const char __user * buf, if (*ppos != 0) goto out; - length = -ENOMEM; - page = (char*)__get_free_page(GFP_TEMPORARY); - if (!page) + page = memdup_user(buf, count); + if (IS_ERR(page)) { + length = PTR_ERR(page); goto out; - - length = -EFAULT; - if (copy_from_user(page, buf, count)) - goto out_free; + } /* Guard against adverse ptrace interaction */ length = mutex_lock_interruptible(&task->signal->cred_guard_mutex); @@ -2390,10 +2387,10 @@ static ssize_t proc_pid_attr_write(struct file * file, const char __user * buf, length = security_setprocattr(task, (char*)file->f_path.dentry->d_name.name, - (void*)page, count); + page, count); mutex_unlock(&task->signal->cred_guard_mutex); out_free: - free_page((unsigned long) page); + kfree(page); out: put_task_struct(task); out_no_task: -- cgit v0.10.2 From f5e6634ec04b6ed55be4e124277acde240323f2d Mon Sep 17 00:00:00 2001 From: Al Viro Date: Fri, 25 Dec 2015 10:04:47 -0500 Subject: put the remnants of ..._user_ret() to rest they hadn't been used in last 15 years... Signed-off-by: Al Viro diff --git a/arch/blackfin/include/asm/uaccess.h b/arch/blackfin/include/asm/uaccess.h index 90612a7..12f5d68 100644 --- a/arch/blackfin/include/asm/uaccess.h +++ b/arch/blackfin/include/asm/uaccess.h @@ -168,12 +168,6 @@ static inline int bad_user_access_length(void) #define __copy_to_user_inatomic __copy_to_user #define __copy_from_user_inatomic __copy_from_user -#define copy_to_user_ret(to, from, n, retval) ({ if (copy_to_user(to, from, n))\ - return retval; }) - -#define copy_from_user_ret(to, from, n, retval) ({ if (copy_from_user(to, from, n))\ - return retval; }) - static inline unsigned long __must_check copy_from_user(void *to, const void __user *from, unsigned long n) { diff --git a/arch/m68k/include/asm/uaccess_no.h b/arch/m68k/include/asm/uaccess_no.h index 68bbe9b..1bdf152 100644 --- a/arch/m68k/include/asm/uaccess_no.h +++ b/arch/m68k/include/asm/uaccess_no.h @@ -135,10 +135,6 @@ extern int __get_user_bad(void); #define __copy_to_user_inatomic __copy_to_user #define __copy_from_user_inatomic __copy_from_user -#define copy_to_user_ret(to,from,n,retval) ({ if (copy_to_user(to,from,n)) return retval; }) - -#define copy_from_user_ret(to,from,n,retval) ({ if (copy_from_user(to,from,n)) return retval; }) - /* * Copy a null terminated string from userspace. */ diff --git a/arch/mn10300/include/asm/uaccess.h b/arch/mn10300/include/asm/uaccess.h index 5372787..20f7bf6 100644 --- a/arch/mn10300/include/asm/uaccess.h +++ b/arch/mn10300/include/asm/uaccess.h @@ -110,21 +110,6 @@ extern int fixup_exception(struct pt_regs *regs); #define __put_user(x, ptr) __put_user_nocheck((x), (ptr), sizeof(*(ptr))) #define __get_user(x, ptr) __get_user_nocheck((x), (ptr), sizeof(*(ptr))) -/* - * The "xxx_ret" versions return constant specified in third argument, if - * something bad happens. These macros can be optimized for the - * case of just returning from the function xxx_ret is used. - */ - -#define put_user_ret(x, ptr, ret) \ - ({ if (put_user((x), (ptr))) return (ret); }) -#define get_user_ret(x, ptr, ret) \ - ({ if (get_user((x), (ptr))) return (ret); }) -#define __put_user_ret(x, ptr, ret) \ - ({ if (__put_user((x), (ptr))) return (ret); }) -#define __get_user_ret(x, ptr, ret) \ - ({ if (__get_user((x), (ptr))) return (ret); }) - struct __large_struct { unsigned long buf[100]; }; #define __m(x) (*(struct __large_struct *)(x)) diff --git a/arch/sparc/include/asm/uaccess_32.h b/arch/sparc/include/asm/uaccess_32.h index 64ee103..57aca27 100644 --- a/arch/sparc/include/asm/uaccess_32.h +++ b/arch/sparc/include/asm/uaccess_32.h @@ -205,31 +205,6 @@ int __put_user_bad(void); __gu_ret; \ }) -#define __get_user_check_ret(x, addr, size, type, retval) ({ \ - register unsigned long __gu_val __asm__ ("l1"); \ - if (__access_ok(addr, size)) { \ - switch (size) { \ - case 1: \ - __get_user_asm_ret(__gu_val, ub, addr, retval); \ - break; \ - case 2: \ - __get_user_asm_ret(__gu_val, uh, addr, retval); \ - break; \ - case 4: \ - __get_user_asm_ret(__gu_val, , addr, retval); \ - break; \ - case 8: \ - __get_user_asm_ret(__gu_val, d, addr, retval); \ - break; \ - default: \ - if (__get_user_bad()) \ - return retval; \ - } \ - x = (__force type) __gu_val; \ - } else \ - return retval; \ -}) - #define __get_user_nocheck(x, addr, size, type) ({ \ register int __gu_ret; \ register unsigned long __gu_val; \ @@ -247,20 +222,6 @@ int __put_user_bad(void); __gu_ret; \ }) -#define __get_user_nocheck_ret(x, addr, size, type, retval) ({ \ - register unsigned long __gu_val __asm__ ("l1"); \ - switch (size) { \ - case 1: __get_user_asm_ret(__gu_val, ub, addr, retval); break; \ - case 2: __get_user_asm_ret(__gu_val, uh, addr, retval); break; \ - case 4: __get_user_asm_ret(__gu_val, , addr, retval); break; \ - case 8: __get_user_asm_ret(__gu_val, d, addr, retval); break; \ - default: \ - if (__get_user_bad()) \ - return retval; \ - } \ - x = (__force type) __gu_val; \ -}) - #define __get_user_asm(x, size, addr, ret) \ __asm__ __volatile__( \ "/* Get user asm, inline. */\n" \ @@ -281,32 +242,6 @@ __asm__ __volatile__( \ : "=&r" (ret), "=&r" (x) : "m" (*__m(addr)), \ "i" (-EFAULT)) -#define __get_user_asm_ret(x, size, addr, retval) \ -if (__builtin_constant_p(retval) && retval == -EFAULT) \ - __asm__ __volatile__( \ - "/* Get user asm ret, inline. */\n" \ - "1:\t" "ld"#size " %1, %0\n\n\t" \ - ".section __ex_table,#alloc\n\t" \ - ".align 4\n\t" \ - ".word 1b,__ret_efault\n\n\t" \ - ".previous\n\t" \ - : "=&r" (x) : "m" (*__m(addr))); \ -else \ - __asm__ __volatile__( \ - "/* Get user asm ret, inline. */\n" \ - "1:\t" "ld"#size " %1, %0\n\n\t" \ - ".section .fixup,#alloc,#execinstr\n\t" \ - ".align 4\n" \ - "3:\n\t" \ - "ret\n\t" \ - " restore %%g0, %2, %%o0\n\n\t" \ - ".previous\n\t" \ - ".section __ex_table,#alloc\n\t" \ - ".align 4\n\t" \ - ".word 1b, 3b\n\n\t" \ - ".previous\n\t" \ - : "=&r" (x) : "m" (*__m(addr)), "i" (retval)) - int __get_user_bad(void); unsigned long __copy_user(void __user *to, const void __user *from, unsigned long size); diff --git a/arch/sparc/include/asm/uaccess_64.h b/arch/sparc/include/asm/uaccess_64.h index ea6e9a2..e9a51d6 100644 --- a/arch/sparc/include/asm/uaccess_64.h +++ b/arch/sparc/include/asm/uaccess_64.h @@ -179,20 +179,6 @@ int __put_user_bad(void); __gu_ret; \ }) -#define __get_user_nocheck_ret(data, addr, size, type, retval) ({ \ - register unsigned long __gu_val __asm__ ("l1"); \ - switch (size) { \ - case 1: __get_user_asm_ret(__gu_val, ub, addr, retval); break; \ - case 2: __get_user_asm_ret(__gu_val, uh, addr, retval); break; \ - case 4: __get_user_asm_ret(__gu_val, uw, addr, retval); break; \ - case 8: __get_user_asm_ret(__gu_val, x, addr, retval); break; \ - default: \ - if (__get_user_bad()) \ - return retval; \ - } \ - data = (__force type) __gu_val; \ -}) - #define __get_user_asm(x, size, addr, ret) \ __asm__ __volatile__( \ "/* Get user asm, inline. */\n" \ @@ -214,32 +200,6 @@ __asm__ __volatile__( \ : "=r" (ret), "=r" (x) : "r" (__m(addr)), \ "i" (-EFAULT)) -#define __get_user_asm_ret(x, size, addr, retval) \ -if (__builtin_constant_p(retval) && retval == -EFAULT) \ - __asm__ __volatile__( \ - "/* Get user asm ret, inline. */\n" \ - "1:\t" "ld"#size "a [%1] %%asi, %0\n\n\t" \ - ".section __ex_table,\"a\"\n\t" \ - ".align 4\n\t" \ - ".word 1b,__ret_efault\n\n\t" \ - ".previous\n\t" \ - : "=r" (x) : "r" (__m(addr))); \ -else \ - __asm__ __volatile__( \ - "/* Get user asm ret, inline. */\n" \ - "1:\t" "ld"#size "a [%1] %%asi, %0\n\n\t" \ - ".section .fixup,#alloc,#execinstr\n\t" \ - ".align 4\n" \ - "3:\n\t" \ - "ret\n\t" \ - " restore %%g0, %2, %%o0\n\n\t" \ - ".previous\n\t" \ - ".section __ex_table,\"a\"\n\t" \ - ".align 4\n\t" \ - ".word 1b, 3b\n\n\t" \ - ".previous\n\t" \ - : "=r" (x) : "r" (__m(addr)), "i" (retval)) - int __get_user_bad(void); unsigned long __must_check ___copy_from_user(void *to, -- cgit v0.10.2 From 7812bf173a0a65a1227fe207ba8683c0afecb5e8 Mon Sep 17 00:00:00 2001 From: Al Viro Date: Fri, 25 Dec 2015 12:33:26 -0500 Subject: ppc: get rid of the remnants of __get_user64() When __get_user64() had been removed, its helper (__get_user64_nocheck) got missed. Signed-off-by: Al Viro diff --git a/arch/powerpc/include/asm/uaccess.h b/arch/powerpc/include/asm/uaccess.h index 2a8ebae..b7c20f0 100644 --- a/arch/powerpc/include/asm/uaccess.h +++ b/arch/powerpc/include/asm/uaccess.h @@ -274,21 +274,6 @@ do { \ __gu_err; \ }) -#ifndef __powerpc64__ -#define __get_user64_nocheck(x, ptr, size) \ -({ \ - long __gu_err; \ - long long __gu_val; \ - __typeof__(*(ptr)) __user *__gu_addr = (ptr); \ - __chk_user_ptr(ptr); \ - if (!is_kernel_addr((unsigned long)__gu_addr)) \ - might_fault(); \ - __get_user_size(__gu_val, __gu_addr, (size), __gu_err); \ - (x) = (__force __typeof__(*(ptr)))__gu_val; \ - __gu_err; \ -}) -#endif /* __powerpc64__ */ - #define __get_user_check(x, ptr, size) \ ({ \ long __gu_err = -EFAULT; \ -- cgit v0.10.2 From cc4e719e83cd4149bc96b7e1d1a73fe61797df6e Mon Sep 17 00:00:00 2001 From: Al Viro Date: Fri, 25 Dec 2015 17:59:12 -0500 Subject: fix the leak in integrity_read_file() Signed-off-by: Al Viro diff --git a/security/integrity/iint.c b/security/integrity/iint.c index 3d2f5b4..c2e3ccd 100644 --- a/security/integrity/iint.c +++ b/security/integrity/iint.c @@ -234,12 +234,13 @@ int __init integrity_read_file(const char *path, char **data) } rc = integrity_kernel_read(file, 0, buf, size); - if (rc < 0) - kfree(buf); - else if (rc != size) - rc = -EIO; - else + if (rc == size) { *data = buf; + } else { + kfree(buf); + if (rc >= 0) + rc = -EIO; + } out: fput(file); return rc; -- cgit v0.10.2 From b40ef8696fbbb1107fbe5f4afc21c357f16e5ffc Mon Sep 17 00:00:00 2001 From: Al Viro Date: Mon, 14 Dec 2015 18:44:44 -0500 Subject: saner calling conventions for copy_mount_options() let it just return NULL, pointer to kernel copy or ERR_PTR(). Signed-off-by: Al Viro diff --git a/fs/compat.c b/fs/compat.c index 6fd272d..a71936a 100644 --- a/fs/compat.c +++ b/fs/compat.c @@ -792,7 +792,7 @@ COMPAT_SYSCALL_DEFINE5(mount, const char __user *, dev_name, const void __user *, data) { char *kernel_type; - unsigned long data_page; + void *options; char *kernel_dev; int retval; @@ -806,26 +806,25 @@ COMPAT_SYSCALL_DEFINE5(mount, const char __user *, dev_name, if (IS_ERR(kernel_dev)) goto out1; - retval = copy_mount_options(data, &data_page); - if (retval < 0) + options = copy_mount_options(data); + retval = PTR_ERR(options); + if (IS_ERR(options)) goto out2; - retval = -EINVAL; - - if (kernel_type && data_page) { + if (kernel_type && options) { if (!strcmp(kernel_type, NCPFS_NAME)) { - do_ncp_super_data_conv((void *)data_page); + do_ncp_super_data_conv(options); } else if (!strcmp(kernel_type, NFS4_NAME)) { - if (do_nfs4_super_data_conv((void *) data_page)) + retval = -EINVAL; + if (do_nfs4_super_data_conv(options)) goto out3; } } - retval = do_mount(kernel_dev, dir_name, kernel_type, - flags, (void*)data_page); + retval = do_mount(kernel_dev, dir_name, kernel_type, flags, options); out3: - free_page(data_page); + kfree(options); out2: kfree(kernel_dev); out1: diff --git a/fs/internal.h b/fs/internal.h index 71859c4d..aa81316 100644 --- a/fs/internal.h +++ b/fs/internal.h @@ -55,7 +55,7 @@ extern int vfs_path_lookup(struct dentry *, struct vfsmount *, /* * namespace.c */ -extern int copy_mount_options(const void __user *, unsigned long *); +extern void *copy_mount_options(const void __user *); extern char *copy_mount_string(const void __user *); extern struct vfsmount *lookup_mnt(struct path *); diff --git a/fs/namespace.c b/fs/namespace.c index b27156f..33a75c8 100644 --- a/fs/namespace.c +++ b/fs/namespace.c @@ -2601,18 +2601,18 @@ static long exact_copy_from_user(void *to, const void __user * from, return n; } -int copy_mount_options(const void __user * data, unsigned long *where) +void *copy_mount_options(const void __user * data) { int i; - unsigned long page; unsigned long size; + char *copy; - *where = 0; if (!data) - return 0; + return NULL; - if (!(page = __get_free_page(GFP_KERNEL))) - return -ENOMEM; + copy = kmalloc(PAGE_SIZE, GFP_KERNEL); + if (!copy) + return ERR_PTR(-ENOMEM); /* We only care that *some* data at the address the user * gave us is valid. Just in case, we'll zero @@ -2623,15 +2623,14 @@ int copy_mount_options(const void __user * data, unsigned long *where) if (size > PAGE_SIZE) size = PAGE_SIZE; - i = size - exact_copy_from_user((void *)page, data, size); + i = size - exact_copy_from_user(copy, data, size); if (!i) { - free_page(page); - return -EFAULT; + kfree(copy); + return ERR_PTR(-EFAULT); } if (i != PAGE_SIZE) - memset((char *)page + i, 0, PAGE_SIZE - i); - *where = page; - return 0; + memset(copy + i, 0, PAGE_SIZE - i); + return copy; } char *copy_mount_string(const void __user *data) @@ -2896,7 +2895,7 @@ SYSCALL_DEFINE5(mount, char __user *, dev_name, char __user *, dir_name, int ret; char *kernel_type; char *kernel_dev; - unsigned long data_page; + void *options; kernel_type = copy_mount_string(type); ret = PTR_ERR(kernel_type); @@ -2908,14 +2907,14 @@ SYSCALL_DEFINE5(mount, char __user *, dev_name, char __user *, dir_name, if (IS_ERR(kernel_dev)) goto out_dev; - ret = copy_mount_options(data, &data_page); - if (ret < 0) + options = copy_mount_options(data); + ret = PTR_ERR(options); + if (IS_ERR(options)) goto out_data; - ret = do_mount(kernel_dev, dir_name, kernel_type, flags, - (void *) data_page); + ret = do_mount(kernel_dev, dir_name, kernel_type, flags, options); - free_page(data_page); + kfree(options); out_data: kfree(kernel_dev); out_dev: -- cgit v0.10.2 From 62fb4a155f745285d9b1640c3ef53bf90c12f17c Mon Sep 17 00:00:00 2001 From: Al Viro Date: Sat, 26 Dec 2015 22:33:24 -0500 Subject: don't carry MAY_OPEN in op->acc_mode Signed-off-by: Al Viro diff --git a/fs/exec.c b/fs/exec.c index b06623a..828ec5f 100644 --- a/fs/exec.c +++ b/fs/exec.c @@ -119,7 +119,7 @@ SYSCALL_DEFINE1(uselib, const char __user *, library) int error = PTR_ERR(tmp); static const struct open_flags uselib_flags = { .open_flag = O_LARGEFILE | O_RDONLY | __FMODE_EXEC, - .acc_mode = MAY_READ | MAY_EXEC | MAY_OPEN, + .acc_mode = MAY_READ | MAY_EXEC, .intent = LOOKUP_OPEN, .lookup_flags = LOOKUP_FOLLOW, }; @@ -763,7 +763,7 @@ static struct file *do_open_execat(int fd, struct filename *name, int flags) int err; struct open_flags open_exec_flags = { .open_flag = O_LARGEFILE | O_RDONLY | __FMODE_EXEC, - .acc_mode = MAY_EXEC | MAY_OPEN, + .acc_mode = MAY_EXEC, .intent = LOOKUP_OPEN, .lookup_flags = LOOKUP_FOLLOW, }; diff --git a/fs/namei.c b/fs/namei.c index 9e102ac..45c702e 100644 --- a/fs/namei.c +++ b/fs/namei.c @@ -2663,10 +2663,6 @@ static int may_open(struct path *path, int acc_mode, int flag) struct inode *inode = dentry->d_inode; int error; - /* O_PATH? */ - if (!acc_mode) - return 0; - if (!inode) return -ENOENT; @@ -2688,7 +2684,7 @@ static int may_open(struct path *path, int acc_mode, int flag) break; } - error = inode_permission(inode, acc_mode); + error = inode_permission(inode, MAY_OPEN | acc_mode); if (error) return error; @@ -2880,7 +2876,7 @@ static int atomic_open(struct nameidata *nd, struct dentry *dentry, if (*opened & FILE_CREATED) { WARN_ON(!(open_flag & O_CREAT)); fsnotify_create(dir, dentry); - acc_mode = MAY_OPEN; + acc_mode = 0; } error = may_open(&file->f_path, acc_mode, open_flag); if (error) @@ -3093,7 +3089,7 @@ retry_lookup: /* Don't check for write permission, don't truncate */ open_flag &= ~O_TRUNC; will_truncate = false; - acc_mode = MAY_OPEN; + acc_mode = 0; path_to_nameidata(&path, nd); goto finish_open_created; } @@ -3177,10 +3173,11 @@ finish_open: got_write = true; } finish_open_created: - error = may_open(&nd->path, acc_mode, open_flag); - if (error) - goto out; - + if (likely(!(open_flag & O_PATH))) { + error = may_open(&nd->path, acc_mode, open_flag); + if (error) + goto out; + } BUG_ON(*opened & FILE_OPENED); /* once it's opened, it's opened */ error = vfs_open(&nd->path, file, current_cred()); if (!error) { @@ -3267,7 +3264,7 @@ static int do_tmpfile(struct nameidata *nd, unsigned flags, goto out2; audit_inode(nd->name, child, 0); /* Don't check for other permissions, the inode was just created */ - error = may_open(&path, MAY_OPEN, op->open_flag); + error = may_open(&path, 0, op->open_flag); if (error) goto out2; file->f_path.mnt = path.mnt; diff --git a/fs/open.c b/fs/open.c index b6f1e96..b25b154 100644 --- a/fs/open.c +++ b/fs/open.c @@ -887,7 +887,7 @@ EXPORT_SYMBOL(dentry_open); static inline int build_open_flags(int flags, umode_t mode, struct open_flags *op) { int lookup_flags = 0; - int acc_mode; + int acc_mode = ACC_MODE(flags); if (flags & (O_CREAT | __O_TMPFILE)) op->mode = (mode & S_IALLUGO) | S_IFREG; @@ -909,7 +909,6 @@ static inline int build_open_flags(int flags, umode_t mode, struct open_flags *o if (flags & __O_TMPFILE) { if ((flags & O_TMPFILE_MASK) != O_TMPFILE) return -EINVAL; - acc_mode = MAY_OPEN | ACC_MODE(flags); if (!(acc_mode & MAY_WRITE)) return -EINVAL; } else if (flags & O_PATH) { @@ -919,8 +918,6 @@ static inline int build_open_flags(int flags, umode_t mode, struct open_flags *o */ flags &= O_DIRECTORY | O_NOFOLLOW | O_PATH; acc_mode = 0; - } else { - acc_mode = MAY_OPEN | ACC_MODE(flags); } op->open_flag = flags; -- cgit v0.10.2 From 4802c5919a70661d5022710d88e311c3880cd0fd Mon Sep 17 00:00:00 2001 From: Al Viro Date: Tue, 29 Dec 2015 14:55:33 -0500 Subject: drivers/mtd/maps/pcmciamtd.c: __iomem annotations Signed-off-by: Al Viro diff --git a/drivers/mtd/maps/pcmciamtd.c b/drivers/mtd/maps/pcmciamtd.c index 3dad211..70bb403 100644 --- a/drivers/mtd/maps/pcmciamtd.c +++ b/drivers/mtd/maps/pcmciamtd.c @@ -30,7 +30,7 @@ struct pcmciamtd_dev { struct pcmcia_device *p_dev; - caddr_t win_base; /* ioremapped address of PCMCIA window */ + void __iomem *win_base; /* ioremapped address of PCMCIA window */ unsigned int win_size; /* size of window */ unsigned int offset; /* offset into card the window currently points at */ struct map_info pcmcia_map; @@ -80,7 +80,7 @@ MODULE_PARM_DESC(mem_type, "Set Memory type (0=Flash, 1=RAM, 2=ROM, default=0)") /* read/write{8,16} copy_{from,to} routines with window remapping * to access whole card */ -static caddr_t remap_window(struct map_info *map, unsigned long to) +static void __iomem *remap_window(struct map_info *map, unsigned long to) { struct pcmciamtd_dev *dev = (struct pcmciamtd_dev *)map->map_priv_1; struct resource *win = (struct resource *) map->map_priv_2; @@ -107,7 +107,7 @@ static caddr_t remap_window(struct map_info *map, unsigned long to) static map_word pcmcia_read8_remap(struct map_info *map, unsigned long ofs) { - caddr_t addr; + void __iomem *addr; map_word d = {{0}}; addr = remap_window(map, ofs); @@ -122,7 +122,7 @@ static map_word pcmcia_read8_remap(struct map_info *map, unsigned long ofs) static map_word pcmcia_read16_remap(struct map_info *map, unsigned long ofs) { - caddr_t addr; + void __iomem *addr; map_word d = {{0}}; addr = remap_window(map, ofs); @@ -143,7 +143,7 @@ static void pcmcia_copy_from_remap(struct map_info *map, void *to, unsigned long pr_debug("to = %p from = %lu len = %zd\n", to, from, len); while(len) { int toread = win_size - (from & (win_size-1)); - caddr_t addr; + void __iomem *addr; if(toread > len) toread = len; @@ -163,7 +163,7 @@ static void pcmcia_copy_from_remap(struct map_info *map, void *to, unsigned long static void pcmcia_write8_remap(struct map_info *map, map_word d, unsigned long adr) { - caddr_t addr = remap_window(map, adr); + void __iomem *addr = remap_window(map, adr); if(!addr) return; @@ -175,7 +175,7 @@ static void pcmcia_write8_remap(struct map_info *map, map_word d, unsigned long static void pcmcia_write16_remap(struct map_info *map, map_word d, unsigned long adr) { - caddr_t addr = remap_window(map, adr); + void __iomem *addr = remap_window(map, adr); if(!addr) return; @@ -192,7 +192,7 @@ static void pcmcia_copy_to_remap(struct map_info *map, unsigned long to, const v pr_debug("to = %lu from = %p len = %zd\n", to, from, len); while(len) { int towrite = win_size - (to & (win_size-1)); - caddr_t addr; + void __iomem *addr; if(towrite > len) towrite = len; @@ -216,7 +216,7 @@ static void pcmcia_copy_to_remap(struct map_info *map, unsigned long to, const v static map_word pcmcia_read8(struct map_info *map, unsigned long ofs) { - caddr_t win_base = (caddr_t)map->map_priv_2; + void __iomem *win_base = (void __iomem *)map->map_priv_2; map_word d = {{0}}; if(DEV_REMOVED(map)) @@ -231,7 +231,7 @@ static map_word pcmcia_read8(struct map_info *map, unsigned long ofs) static map_word pcmcia_read16(struct map_info *map, unsigned long ofs) { - caddr_t win_base = (caddr_t)map->map_priv_2; + void __iomem *win_base = (void __iomem *)map->map_priv_2; map_word d = {{0}}; if(DEV_REMOVED(map)) @@ -246,7 +246,7 @@ static map_word pcmcia_read16(struct map_info *map, unsigned long ofs) static void pcmcia_copy_from(struct map_info *map, void *to, unsigned long from, ssize_t len) { - caddr_t win_base = (caddr_t)map->map_priv_2; + void __iomem *win_base = (void __iomem *)map->map_priv_2; if(DEV_REMOVED(map)) return; @@ -258,7 +258,7 @@ static void pcmcia_copy_from(struct map_info *map, void *to, unsigned long from, static void pcmcia_write8(struct map_info *map, map_word d, unsigned long adr) { - caddr_t win_base = (caddr_t)map->map_priv_2; + void __iomem *win_base = (void __iomem *)map->map_priv_2; if(DEV_REMOVED(map)) return; @@ -271,7 +271,7 @@ static void pcmcia_write8(struct map_info *map, map_word d, unsigned long adr) static void pcmcia_write16(struct map_info *map, map_word d, unsigned long adr) { - caddr_t win_base = (caddr_t)map->map_priv_2; + void __iomem *win_base = (void __iomem *)map->map_priv_2; if(DEV_REMOVED(map)) return; @@ -284,7 +284,7 @@ static void pcmcia_write16(struct map_info *map, map_word d, unsigned long adr) static void pcmcia_copy_to(struct map_info *map, unsigned long to, const void *from, ssize_t len) { - caddr_t win_base = (caddr_t)map->map_priv_2; + void __iomem *win_base = (void __iomem *)map->map_priv_2; if(DEV_REMOVED(map)) return; -- cgit v0.10.2 From 4e728cf8ffa2891913dd48e179c132fb9fa07e0e Mon Sep 17 00:00:00 2001 From: Al Viro Date: Tue, 29 Dec 2015 15:38:25 -0500 Subject: hpfs: missing endianness annotation Signed-off-by: Al Viro diff --git a/fs/hpfs/map.c b/fs/hpfs/map.c index a69bbc1..a136929 100644 --- a/fs/hpfs/map.c +++ b/fs/hpfs/map.c @@ -133,7 +133,7 @@ __le32 *hpfs_load_bitmap_directory(struct super_block *s, secno bmp) void hpfs_load_hotfix_map(struct super_block *s, struct hpfs_spare_block *spareblock) { struct quad_buffer_head qbh; - u32 *directory; + __le32 *directory; u32 n_hotfixes, n_used_hotfixes; unsigned i; -- cgit v0.10.2 From 756d097b959aefe69a081496f84cfc14b1397a15 Mon Sep 17 00:00:00 2001 From: Al Viro Date: Sat, 2 Jan 2016 12:45:27 -0500 Subject: dm-bufio: virt_to_phys() doesn't change remainder modulo PAGE_SIZE ... so virt_to_phys(p) & (PAGE_SIZE - 1) is a very odd way to spell offset_in_page(p). Signed-off-by: Al Viro diff --git a/drivers/md/dm-bufio.c b/drivers/md/dm-bufio.c index 2dd3308..adeb8d0 100644 --- a/drivers/md/dm-bufio.c +++ b/drivers/md/dm-bufio.c @@ -630,7 +630,7 @@ static void use_inline_bio(struct dm_buffer *b, int rw, sector_t block, do { if (!bio_add_page(&b->bio, virt_to_page(ptr), len < PAGE_SIZE ? len : PAGE_SIZE, - virt_to_phys(ptr) & (PAGE_SIZE - 1))) { + offset_in_page(ptr))) { BUG_ON(b->c->block_size <= PAGE_SIZE); use_dmio(b, rw, block, end_io); return; -- cgit v0.10.2 From 93bbf5831dd1742a98c57b6415ee84ce35425067 Mon Sep 17 00:00:00 2001 From: Al Viro Date: Sat, 2 Jan 2016 13:30:54 -0500 Subject: md: more open-coded offset_in_page() Signed-off-by: Al Viro diff --git a/drivers/md/bcache/util.c b/drivers/md/bcache/util.c index db3ae4c..dde6172 100644 --- a/drivers/md/bcache/util.c +++ b/drivers/md/bcache/util.c @@ -230,7 +230,7 @@ void bch_bio_map(struct bio *bio, void *base) BUG_ON(!bio->bi_iter.bi_size); BUG_ON(bio->bi_vcnt); - bv->bv_offset = base ? ((unsigned long) base) % PAGE_SIZE : 0; + bv->bv_offset = base ? offset_in_page(base) : 0; goto start; for (; size; bio->bi_vcnt++, bv++) { diff --git a/drivers/md/dm-io.c b/drivers/md/dm-io.c index 81c5e1a..06d426e 100644 --- a/drivers/md/dm-io.c +++ b/drivers/md/dm-io.c @@ -246,7 +246,7 @@ static void vm_dp_init(struct dpages *dp, void *data) { dp->get_page = vm_get_page; dp->next_page = vm_next_page; - dp->context_u = ((unsigned long) data) & (PAGE_SIZE - 1); + dp->context_u = offset_in_page(data); dp->context_ptr = data; } @@ -271,7 +271,7 @@ static void km_dp_init(struct dpages *dp, void *data) { dp->get_page = km_get_page; dp->next_page = km_next_page; - dp->context_u = ((unsigned long) data) & (PAGE_SIZE - 1); + dp->context_u = offset_in_page(data); dp->context_ptr = data; } -- cgit v0.10.2 From 222e4adec52418dc1c80a30eff80b33ec954745e Mon Sep 17 00:00:00 2001 From: Al Viro Date: Sat, 2 Jan 2016 13:31:21 -0500 Subject: ... and a couple in net/9p Signed-off-by: Al Viro diff --git a/net/9p/trans_virtio.c b/net/9p/trans_virtio.c index 9fc6a56..199bc76 100644 --- a/net/9p/trans_virtio.c +++ b/net/9p/trans_virtio.c @@ -105,7 +105,7 @@ static struct list_head virtio_chan_list; /* How many bytes left in this page. */ static unsigned int rest_of_page(void *data) { - return PAGE_SIZE - ((unsigned long)data % PAGE_SIZE); + return PAGE_SIZE - offset_in_page(data); } /** @@ -365,7 +365,7 @@ static int p9_get_mapped_pages(struct virtio_chan *chan, return -ENOMEM; *need_drop = 0; - p -= (*offs = (unsigned long)p % PAGE_SIZE); + p -= (*offs = offset_in_page(p)); for (index = 0; index < nr_pages; index++) { if (is_vmalloc_addr(p)) (*pages)[index] = vmalloc_to_page(p); -- cgit v0.10.2 From 76e8d7cb71d415581402dbc5c5bbbbcc28ca0e47 Mon Sep 17 00:00:00 2001 From: Al Viro Date: Sat, 2 Jan 2016 14:22:04 -0500 Subject: jfs: microoptimize get_zeroed_page / virt_to_page get_zeroed_page does alloc_page and returns page_address of the result; subsequent virt_to_page will recover the page, but since the caller needs both page and its page_address() anyway, why bother going through that wrapper at all? Signed-off-by: Al Viro diff --git a/fs/jfs/jfs_logmgr.c b/fs/jfs/jfs_logmgr.c index a69bdf2..a270cb7 100644 --- a/fs/jfs/jfs_logmgr.c +++ b/fs/jfs/jfs_logmgr.c @@ -1835,17 +1835,16 @@ static int lbmLogInit(struct jfs_log * log) for (i = 0; i < LOGPAGES;) { char *buffer; uint offset; - struct page *page; + struct page *page = alloc_page(GFP_KERNEL | __GFP_ZERO); - buffer = (char *) get_zeroed_page(GFP_KERNEL); - if (buffer == NULL) + if (!page) goto error; - page = virt_to_page(buffer); + buffer = page_address(page); for (offset = 0; offset < PAGE_SIZE; offset += LOGPSIZE) { lbuf = kmalloc(sizeof(struct lbuf), GFP_KERNEL); if (lbuf == NULL) { if (offset == 0) - free_page((unsigned long) buffer); + __free_page(page); goto error; } if (offset) /* we already have one reference */ -- cgit v0.10.2 From 80f8dccf95147f9668eee021425ecf3ff6432c51 Mon Sep 17 00:00:00 2001 From: Al Viro Date: Sat, 2 Jan 2016 14:29:23 -0500 Subject: HFS wants 8Kb per-superblock allocation; just use kmalloc() ... rather than play with __get_free_pages() (and figuring out the allocation order, etc.) Signed-off-by: Al Viro diff --git a/fs/hfs/mdb.c b/fs/hfs/mdb.c index aa3f0d6..a3ec3ae 100644 --- a/fs/hfs/mdb.c +++ b/fs/hfs/mdb.c @@ -166,7 +166,7 @@ int hfs_mdb_get(struct super_block *sb) pr_warn("continuing without an alternate MDB\n"); } - HFS_SB(sb)->bitmap = (__be32 *)__get_free_pages(GFP_KERNEL, PAGE_SIZE < 8192 ? 1 : 0); + HFS_SB(sb)->bitmap = kmalloc(8192, GFP_KERNEL); if (!HFS_SB(sb)->bitmap) goto out; @@ -360,7 +360,7 @@ void hfs_mdb_put(struct super_block *sb) unload_nls(HFS_SB(sb)->nls_io); unload_nls(HFS_SB(sb)->nls_disk); - free_pages((unsigned long)HFS_SB(sb)->bitmap, PAGE_SIZE < 8192 ? 1 : 0); + kfree(HFS_SB(sb)->bitmap); kfree(HFS_SB(sb)); sb->s_fs_info = NULL; } -- cgit v0.10.2 From 1ceb36285c256347ffa062b7b1b593f801b6697b Mon Sep 17 00:00:00 2001 From: Al Viro Date: Sat, 2 Jan 2016 14:50:51 -0500 Subject: [um] hostaudio: don't open-code memdup_user() Signed-off-by: Al Viro diff --git a/arch/um/drivers/hostaudio_kern.c b/arch/um/drivers/hostaudio_kern.c index f6b911c..3a4b587 100644 --- a/arch/um/drivers/hostaudio_kern.c +++ b/arch/um/drivers/hostaudio_kern.c @@ -105,13 +105,9 @@ static ssize_t hostaudio_write(struct file *file, const char __user *buffer, printk(KERN_DEBUG "hostaudio: write called, count = %d\n", count); #endif - kbuf = kmalloc(count, GFP_KERNEL); - if (kbuf == NULL) - return -ENOMEM; - - err = -EFAULT; - if (copy_from_user(kbuf, buffer, count)) - goto out; + kbuf = memdup_user(buffer, count); + if (IS_ERR(kbuf)) + return PTR_ERR(kbuf); err = os_write_file(state->fd, kbuf, count); if (err < 0) -- cgit v0.10.2 From 793b796ebfcb3157fe80056a719096a550f0c7d0 Mon Sep 17 00:00:00 2001 From: Al Viro Date: Sat, 2 Jan 2016 14:53:28 -0500 Subject: [um] mconsole: don't open-code memdup_user_nul() Signed-off-by: Al Viro diff --git a/arch/um/drivers/mconsole_kern.c b/arch/um/drivers/mconsole_kern.c index 29880c9..b821b13 100644 --- a/arch/um/drivers/mconsole_kern.c +++ b/arch/um/drivers/mconsole_kern.c @@ -748,19 +748,11 @@ static ssize_t mconsole_proc_write(struct file *file, { char *buf; - buf = kmalloc(count + 1, GFP_KERNEL); - if (buf == NULL) - return -ENOMEM; - - if (copy_from_user(buf, buffer, count)) { - count = -EFAULT; - goto out; - } - - buf[count] = '\0'; + buf = memdup_user_nul(buffer, count); + if (IS_ERR(buf)) + return PTR_ERR(buf); mconsole_notify(notify_socket, MCONSOLE_USER_NOTIFY, buf, count); - out: kfree(buf); return count; } -- cgit v0.10.2 From 8ed6010d50ee010961ccecb4507470b244928603 Mon Sep 17 00:00:00 2001 From: Al Viro Date: Sat, 2 Jan 2016 14:56:33 -0500 Subject: mtip32xx: don't open-code memdup_user() [folded a fix by Dan Carpenter] Signed-off-by: Al Viro diff --git a/drivers/block/mtip32xx/mtip32xx.c b/drivers/block/mtip32xx/mtip32xx.c index 3457ac8..34997d8 100644 --- a/drivers/block/mtip32xx/mtip32xx.c +++ b/drivers/block/mtip32xx/mtip32xx.c @@ -2029,13 +2029,10 @@ static int exec_drive_taskfile(struct driver_data *dd, } if (taskout) { - outbuf = kzalloc(taskout, GFP_KERNEL); - if (outbuf == NULL) { - err = -ENOMEM; - goto abort; - } - if (copy_from_user(outbuf, buf + outtotal, taskout)) { - err = -EFAULT; + outbuf = memdup_user(buf + outtotal, taskout); + if (IS_ERR(outbuf)) { + err = PTR_ERR(outbuf); + outbuf = NULL; goto abort; } outbuf_dma = pci_map_single(dd->pdev, @@ -2050,14 +2047,10 @@ static int exec_drive_taskfile(struct driver_data *dd, } if (taskin) { - inbuf = kzalloc(taskin, GFP_KERNEL); - if (inbuf == NULL) { - err = -ENOMEM; - goto abort; - } - - if (copy_from_user(inbuf, buf + intotal, taskin)) { - err = -EFAULT; + inbuf = memdup_user(buf + intotal, taskin); + if (IS_ERR(inbuf)) { + err = PTR_ERR(inbuf); + inbuf = NULL; goto abort; } inbuf_dma = pci_map_single(dd->pdev, -- cgit v0.10.2 From 820351f05be93623c6e71b5d618f90f0deebc134 Mon Sep 17 00:00:00 2001 From: Al Viro Date: Sat, 2 Jan 2016 14:58:07 -0500 Subject: rsxx: don't open-code memdup_user() Signed-off-by: Al Viro diff --git a/drivers/block/rsxx/core.c b/drivers/block/rsxx/core.c index d8b2488..34997df 100644 --- a/drivers/block/rsxx/core.c +++ b/drivers/block/rsxx/core.c @@ -203,14 +203,11 @@ static ssize_t rsxx_cram_write(struct file *fp, const char __user *ubuf, char *buf; ssize_t st; - buf = kzalloc(cnt, GFP_KERNEL); - if (!buf) - return -ENOMEM; + buf = memdup_user(ubuf, cnt); + if (IS_ERR(buf)) + return PTR_ERR(buf); - st = copy_from_user(buf, ubuf, cnt); - if (!st) - st = rsxx_creg_write(card, CREG_ADD_CRAM + (u32)*ppos, cnt, - buf, 1); + st = rsxx_creg_write(card, CREG_ADD_CRAM + (u32)*ppos, cnt, buf, 1); kfree(buf); if (st) return st; -- cgit v0.10.2 From abb0f6a79fe8eba7982b73313b8623259d78c3f6 Mon Sep 17 00:00:00 2001 From: Al Viro Date: Sat, 2 Jan 2016 14:59:38 -0500 Subject: cdrom: don't open-code memdup_user() Signed-off-by: Al Viro diff --git a/drivers/cdrom/cdrom.c b/drivers/cdrom/cdrom.c index c206ccd..1b257ea 100644 --- a/drivers/cdrom/cdrom.c +++ b/drivers/cdrom/cdrom.c @@ -3186,15 +3186,11 @@ static noinline int mmc_ioctl_dvd_read_struct(struct cdrom_device_info *cdi, if (!CDROM_CAN(CDC_DVD)) return -ENOSYS; - s = kmalloc(size, GFP_KERNEL); - if (!s) - return -ENOMEM; + s = memdup_user(arg, size); + if (IS_ERR(s)) + return PTR_ERR(s); cd_dbg(CD_DO_IOCTL, "entering DVD_READ_STRUCT\n"); - if (copy_from_user(s, arg, size)) { - kfree(s); - return -EFAULT; - } ret = dvd_read_struct(cdi, s, cgc); if (ret) -- cgit v0.10.2 From 8f1d57c172482c9a1568ec647fc5c2e64c6c6a57 Mon Sep 17 00:00:00 2001 From: Al Viro Date: Sat, 2 Jan 2016 15:06:19 -0500 Subject: amdkfd: don't open-code memdup_user() Signed-off-by: Al Viro diff --git a/drivers/gpu/drm/amd/amdkfd/kfd_chardev.c b/drivers/gpu/drm/amd/amdkfd/kfd_chardev.c index c6a1b4c..d321222 100644 --- a/drivers/gpu/drm/amd/amdkfd/kfd_chardev.c +++ b/drivers/gpu/drm/amd/amdkfd/kfd_chardev.c @@ -559,19 +559,10 @@ static int kfd_ioctl_dbg_address_watch(struct file *filep, /* this is the actual buffer to work with */ - args_buff = kmalloc(args->buf_size_in_bytes - - sizeof(*args), GFP_KERNEL); - if (args_buff == NULL) - return -ENOMEM; - - status = copy_from_user(args_buff, cmd_from_user, + args_buff = memdup_user(args_buff, args->buf_size_in_bytes - sizeof(*args)); - - if (status != 0) { - pr_debug("Failed to copy address watch user data\n"); - kfree(args_buff); - return -EINVAL; - } + if (IS_ERR(args_buff)) + return PTR_ERR(args_buff); aw_info.process = p; @@ -677,22 +668,12 @@ static int kfd_ioctl_dbg_wave_control(struct file *filep, if (cmd_from_user == NULL) return -EINVAL; - /* this is the actual buffer to work with */ + /* copy the entire buffer from user */ - args_buff = kmalloc(args->buf_size_in_bytes - sizeof(*args), - GFP_KERNEL); - - if (args_buff == NULL) - return -ENOMEM; - - /* Now copy the entire buffer from user */ - status = copy_from_user(args_buff, cmd_from_user, + args_buff = memdup_user(cmd_from_user, args->buf_size_in_bytes - sizeof(*args)); - if (status != 0) { - pr_debug("Failed to copy wave control user data\n"); - kfree(args_buff); - return -EINVAL; - } + if (IS_ERR(args_buff)) + return PTR_ERR(args_buff); /* move ptr to the start of the "pay-load" area */ wac_info.process = p; -- cgit v0.10.2 From ccec5ee302d5cbd0273eb1c79bc935a8e3f873c6 Mon Sep 17 00:00:00 2001 From: Mateusz Guzik Date: Wed, 6 Jan 2016 06:41:53 +0100 Subject: poll: plug an unused argument to do_poll Number of fds is already known based on passed list. No functional changes. Signed-off-by: Mateusz Guzik Signed-off-by: Al Viro diff --git a/fs/select.c b/fs/select.c index 0155473..79d0d49 100644 --- a/fs/select.c +++ b/fs/select.c @@ -778,8 +778,8 @@ static inline unsigned int do_pollfd(struct pollfd *pollfd, poll_table *pwait, return mask; } -static int do_poll(unsigned int nfds, struct poll_list *list, - struct poll_wqueues *wait, struct timespec *end_time) +static int do_poll(struct poll_list *list, struct poll_wqueues *wait, + struct timespec *end_time) { poll_table* pt = &wait->pt; ktime_t expire, *to = NULL; @@ -908,7 +908,7 @@ int do_sys_poll(struct pollfd __user *ufds, unsigned int nfds, } poll_initwait(&table); - fdcount = do_poll(nfds, head, &table, end_time); + fdcount = do_poll(head, &table, end_time); poll_freewait(&table); for (walk = head; walk; walk = walk->next) { -- cgit v0.10.2 From 424081f3c881ca3aef50cfa571e91863c10d952a Mon Sep 17 00:00:00 2001 From: Dmitry Monakhov Date: Mon, 13 Apr 2015 16:31:34 +0400 Subject: fs: use gendisk->disk_name where possible gendisk with part==0 is obviously gendisk->disk_name. Signed-off-by: Dmitry Monakhov Signed-off-by: Al Viro diff --git a/fs/block_dev.c b/fs/block_dev.c index 44d4a1e..01b8e0d 100644 --- a/fs/block_dev.c +++ b/fs/block_dev.c @@ -1042,12 +1042,9 @@ EXPORT_SYMBOL_GPL(bd_unlink_disk_holder); static void flush_disk(struct block_device *bdev, bool kill_dirty) { if (__invalidate_device(bdev, kill_dirty)) { - char name[BDEVNAME_SIZE] = ""; - - if (bdev->bd_disk) - disk_name(bdev->bd_disk, 0, name); printk(KERN_WARNING "VFS: busy inodes on changed media or " - "resized disk %s\n", name); + "resized disk %s\n", + bdev->bd_disk ? bdev->bd_disk->disk_name : ""); } if (!bdev->bd_disk) @@ -1071,12 +1068,9 @@ void check_disk_size_change(struct gendisk *disk, struct block_device *bdev) disk_size = (loff_t)get_capacity(disk) << 9; bdev_size = i_size_read(bdev->bd_inode); if (disk_size != bdev_size) { - char name[BDEVNAME_SIZE]; - - disk_name(disk, 0, name); printk(KERN_INFO "%s: detected capacity change from %lld to %lld\n", - name, bdev_size, disk_size); + disk->disk_name, bdev_size, disk_size); i_size_write(bdev->bd_inode, disk_size); flush_disk(bdev, false); } -- cgit v0.10.2 From 1031bc589228ca35b3b6fb3dfe4656c0da5fbeb4 Mon Sep 17 00:00:00 2001 From: Dmitry Monakhov Date: Mon, 13 Apr 2015 16:31:35 +0400 Subject: lib/vsprintf: add %*pg format specifier This allow to directly print block_device name. Currently one should use bdevname() with temporal char buffer. This is very ineffective because bloat stack usage for deep IO call-traces Example: %pg -> sda, sda1 or loop0p1 [AV: fixed a minor braino - position updates should not be dependent upon having reached the of buffer] Signed-off-by: Dmitry Monakhov Signed-off-by: Al Viro diff --git a/Documentation/printk-formats.txt b/Documentation/printk-formats.txt index b784c27..6389551 100644 --- a/Documentation/printk-formats.txt +++ b/Documentation/printk-formats.txt @@ -250,6 +250,12 @@ dentry names: Passed by reference. +block_device names: + + %pg sda, sda1 or loop0p1 + + For printing name of block_device pointers. + struct va_format: %pV diff --git a/lib/vsprintf.c b/lib/vsprintf.c index f9cee8e..ac3f947 100644 --- a/lib/vsprintf.c +++ b/lib/vsprintf.c @@ -31,6 +31,9 @@ #include #include #include +#ifdef CONFIG_BLOCK +#include +#endif #include /* for PAGE_SIZE */ #include /* for dereference_function_descriptor() */ @@ -613,6 +616,26 @@ char *dentry_name(char *buf, char *end, const struct dentry *d, struct printf_sp return buf; } +#ifdef CONFIG_BLOCK +static noinline_for_stack +char *bdev_name(char *buf, char *end, struct block_device *bdev, + struct printf_spec spec, const char *fmt) +{ + struct gendisk *hd = bdev->bd_disk; + + buf = string(buf, end, hd->disk_name, spec); + if (bdev->bd_part->partno) { + if (isdigit(hd->disk_name[strlen(hd->disk_name)-1])) { + if (buf < end) + *buf = 'p'; + buf++; + } + buf = number(buf, end, bdev->bd_part->partno, spec); + } + return buf; +} +#endif + static noinline_for_stack char *symbol_string(char *buf, char *end, void *ptr, struct printf_spec spec, const char *fmt) @@ -1443,6 +1466,7 @@ int kptr_restrict __read_mostly; * (default assumed to be phys_addr_t, passed by reference) * - 'd[234]' For a dentry name (optionally 2-4 last components) * - 'D[234]' Same as 'd' but for a struct file + * - 'g' For block_device name (gendisk + partition number) * - 'C' For a clock, it prints the name (Common Clock Framework) or address * (legacy clock framework) of the clock * - 'Cn' For a clock, it prints the name (Common Clock Framework) or address @@ -1600,6 +1624,11 @@ char *pointer(const char *fmt, char *buf, char *end, void *ptr, return dentry_name(buf, end, ((const struct file *)ptr)->f_path.dentry, spec, fmt); +#ifdef CONFIG_BLOCK + case 'g': + return bdev_name(buf, end, ptr, spec, fmt); +#endif + } spec.flags |= SMALL; if (spec.field_width == -1) { -- cgit v0.10.2 From a1c6f05733c27ba7067c06c095f49e8732a5ae17 Mon Sep 17 00:00:00 2001 From: Dmitry Monakhov Date: Mon, 13 Apr 2015 16:31:37 +0400 Subject: fs: use block_device name vsprintf helper Signed-off-by: Dmitry Monakhov Signed-off-by: Al Viro diff --git a/fs/btrfs/super.c b/fs/btrfs/super.c index 24154e4..a0434c17 100644 --- a/fs/btrfs/super.c +++ b/fs/btrfs/super.c @@ -1514,9 +1514,7 @@ static struct dentry *btrfs_mount(struct file_system_type *fs_type, int flags, if ((flags ^ s->s_flags) & MS_RDONLY) error = -EBUSY; } else { - char b[BDEVNAME_SIZE]; - - strlcpy(s->s_id, bdevname(bdev, b), sizeof(s->s_id)); + snprintf(s->s_id, sizeof(s->s_id), "%pg", bdev); btrfs_sb(s)->bdev_holder = fs_type; error = btrfs_fill_super(s, fs_devices, data, flags & MS_SILENT ? 1 : 0); diff --git a/fs/buffer.c b/fs/buffer.c index 4f4cd95..e1632ab 100644 --- a/fs/buffer.c +++ b/fs/buffer.c @@ -134,13 +134,10 @@ __clear_page_buffers(struct page *page) static void buffer_io_error(struct buffer_head *bh, char *msg) { - char b[BDEVNAME_SIZE]; - if (!test_bit(BH_Quiet, &bh->b_state)) printk_ratelimited(KERN_ERR - "Buffer I/O error on dev %s, logical block %llu%s\n", - bdevname(bh->b_bdev, b), - (unsigned long long)bh->b_blocknr, msg); + "Buffer I/O error on dev %pg, logical block %llu%s\n", + bh->b_bdev, (unsigned long long)bh->b_blocknr, msg); } /* @@ -237,15 +234,13 @@ __find_get_block_slow(struct block_device *bdev, sector_t block) * elsewhere, don't buffer_error if we had some unmapped buffers */ if (all_mapped) { - char b[BDEVNAME_SIZE]; - printk("__find_get_block_slow() failed. " "block=%llu, b_blocknr=%llu\n", (unsigned long long)block, (unsigned long long)bh->b_blocknr); printk("b_state=0x%08lx, b_size=%zu\n", bh->b_state, bh->b_size); - printk("device %s blocksize: %d\n", bdevname(bdev, b), + printk("device %pg blocksize: %d\n", bdev, 1 << bd_inode->i_blkbits); } out_unlock: @@ -531,10 +526,8 @@ repeat: static void do_thaw_one(struct super_block *sb, void *unused) { - char b[BDEVNAME_SIZE]; while (sb->s_bdev && !thaw_bdev(sb->s_bdev, sb)) - printk(KERN_WARNING "Emergency Thaw on %s\n", - bdevname(sb->s_bdev, b)); + printk(KERN_WARNING "Emergency Thaw on %pg\n", sb->s_bdev); } static void do_thaw_all(struct work_struct *work) @@ -1074,12 +1067,10 @@ grow_buffers(struct block_device *bdev, sector_t block, int size, gfp_t gfp) * pagecache index. (this comparison is done using sector_t types). */ if (unlikely(index != block >> sizebits)) { - char b[BDEVNAME_SIZE]; - printk(KERN_ERR "%s: requested out-of-range block %llu for " - "device %s\n", + "device %pg\n", __func__, (unsigned long long)block, - bdevname(bdev, b)); + bdev); return -EIO; } diff --git a/fs/ext2/xattr.c b/fs/ext2/xattr.c index fa70848..a21c259 100644 --- a/fs/ext2/xattr.c +++ b/fs/ext2/xattr.c @@ -77,10 +77,8 @@ printk("\n"); \ } while (0) # define ea_bdebug(bh, f...) do { \ - char b[BDEVNAME_SIZE]; \ - printk(KERN_DEBUG "block %s:%lu: ", \ - bdevname(bh->b_bdev, b), \ - (unsigned long) bh->b_blocknr); \ + printk(KERN_DEBUG "block %pg:%lu: ", \ + bh->b_bdev, (unsigned long) bh->b_blocknr); \ printk(f); \ printk("\n"); \ } while (0) diff --git a/fs/ext4/page-io.c b/fs/ext4/page-io.c index 17fbe38..090b349 100644 --- a/fs/ext4/page-io.c +++ b/fs/ext4/page-io.c @@ -52,9 +52,8 @@ void ext4_exit_pageio(void) */ static void buffer_io_error(struct buffer_head *bh) { - char b[BDEVNAME_SIZE]; - printk_ratelimited(KERN_ERR "Buffer I/O error on device %s, logical block %llu\n", - bdevname(bh->b_bdev, b), + printk_ratelimited(KERN_ERR "Buffer I/O error on device %pg, logical block %llu\n", + bh->b_bdev, (unsigned long long)bh->b_blocknr); } diff --git a/fs/ext4/xattr.c b/fs/ext4/xattr.c index 6b6b3e7..ec4e50c 100644 --- a/fs/ext4/xattr.c +++ b/fs/ext4/xattr.c @@ -68,10 +68,8 @@ printk("\n"); \ } while (0) # define ea_bdebug(bh, f...) do { \ - char b[BDEVNAME_SIZE]; \ - printk(KERN_DEBUG "block %s:%lu: ", \ - bdevname(bh->b_bdev, b), \ - (unsigned long) bh->b_blocknr); \ + printk(KERN_DEBUG "block %pg:%lu: ", \ + bh->b_bdev, (unsigned long) bh->b_blocknr); \ printk(f); \ printk("\n"); \ } while (0) diff --git a/fs/f2fs/debug.c b/fs/f2fs/debug.c index 478e5d5..ad1b18a 100644 --- a/fs/f2fs/debug.c +++ b/fs/f2fs/debug.c @@ -211,12 +211,10 @@ static int stat_show(struct seq_file *s, void *v) mutex_lock(&f2fs_stat_mutex); list_for_each_entry(si, &f2fs_stat_list, stat_list) { - char devname[BDEVNAME_SIZE]; - update_general_status(si->sbi); - seq_printf(s, "\n=====[ partition info(%s). #%d ]=====\n", - bdevname(si->sbi->sb->s_bdev, devname), i++); + seq_printf(s, "\n=====[ partition info(%pg). #%d ]=====\n", + si->sbi->sb->s_bdev, i++); seq_printf(s, "[SB: 1] [CP: 2] [SIT: %d] [NAT: %d] ", si->sit_area_segs, si->nat_area_segs); seq_printf(s, "[SSA: %d] [MAIN: %d", diff --git a/fs/gfs2/ops_fstype.c b/fs/gfs2/ops_fstype.c index baab99b..001c666 100644 --- a/fs/gfs2/ops_fstype.c +++ b/fs/gfs2/ops_fstype.c @@ -1315,9 +1315,7 @@ static struct dentry *gfs2_mount(struct file_system_type *fs_type, int flags, if ((flags ^ s->s_flags) & MS_RDONLY) goto error_super; } else { - char b[BDEVNAME_SIZE]; - - strlcpy(s->s_id, bdevname(bdev, b), sizeof(s->s_id)); + snprintf(s->s_id, sizeof(s->s_id), "%pg", bdev); sb_set_blocksize(s, block_size(bdev)); error = fill_super(s, &args, flags & MS_SILENT ? 1 : 0); if (error) diff --git a/fs/jbd2/transaction.c b/fs/jbd2/transaction.c index ca181e8..081dff0 100644 --- a/fs/jbd2/transaction.c +++ b/fs/jbd2/transaction.c @@ -764,13 +764,11 @@ void jbd2_journal_unlock_updates (journal_t *journal) static void warn_dirty_buffer(struct buffer_head *bh) { - char b[BDEVNAME_SIZE]; - printk(KERN_WARNING - "JBD2: Spotted dirty metadata buffer (dev = %s, blocknr = %llu). " + "JBD2: Spotted dirty metadata buffer (dev = %pg, blocknr = %llu). " "There's a risk of filesystem corruption in case of system " "crash.\n", - bdevname(bh->b_bdev, b), (unsigned long long)bh->b_blocknr); + bh->b_bdev, (unsigned long long)bh->b_blocknr); } /* Call t_frozen trigger and copy buffer data into jh->b_frozen_data. */ diff --git a/fs/minix/itree_v1.c b/fs/minix/itree_v1.c index 282e15a..46ca39d 100644 --- a/fs/minix/itree_v1.c +++ b/fs/minix/itree_v1.c @@ -24,16 +24,15 @@ static inline block_t *i_data(struct inode *inode) static int block_to_path(struct inode * inode, long block, int offsets[DEPTH]) { int n = 0; - char b[BDEVNAME_SIZE]; if (block < 0) { - printk("MINIX-fs: block_to_path: block %ld < 0 on dev %s\n", - block, bdevname(inode->i_sb->s_bdev, b)); + printk("MINIX-fs: block_to_path: block %ld < 0 on dev %pg\n", + block, inode->i_sb->s_bdev); } else if (block >= (minix_sb(inode->i_sb)->s_max_size/BLOCK_SIZE)) { if (printk_ratelimit()) printk("MINIX-fs: block_to_path: " - "block %ld too big on dev %s\n", - block, bdevname(inode->i_sb->s_bdev, b)); + "block %ld too big on dev %pg\n", + block, inode->i_sb->s_bdev); } else if (block < 7) { offsets[n++] = block; } else if ((block -= 7) < 512) { diff --git a/fs/minix/itree_v2.c b/fs/minix/itree_v2.c index 78e2d93..1ee1013 100644 --- a/fs/minix/itree_v2.c +++ b/fs/minix/itree_v2.c @@ -26,18 +26,17 @@ static inline block_t *i_data(struct inode *inode) static int block_to_path(struct inode * inode, long block, int offsets[DEPTH]) { int n = 0; - char b[BDEVNAME_SIZE]; struct super_block *sb = inode->i_sb; if (block < 0) { - printk("MINIX-fs: block_to_path: block %ld < 0 on dev %s\n", - block, bdevname(sb->s_bdev, b)); + printk("MINIX-fs: block_to_path: block %ld < 0 on dev %pg\n", + block, sb->s_bdev); } else if ((u64)block * (u64)sb->s_blocksize >= minix_sb(sb)->s_max_size) { if (printk_ratelimit()) printk("MINIX-fs: block_to_path: " - "block %ld too big on dev %s\n", - block, bdevname(sb->s_bdev, b)); + "block %ld too big on dev %pg\n", + block, sb->s_bdev); } else if (block < DIRCOUNT) { offsets[n++] = block; } else if ((block -= DIRCOUNT) < INDIRCOUNT(sb)) { diff --git a/fs/nilfs2/super.c b/fs/nilfs2/super.c index 354013e..c734384 100644 --- a/fs/nilfs2/super.c +++ b/fs/nilfs2/super.c @@ -1316,13 +1316,11 @@ nilfs_mount(struct file_system_type *fs_type, int flags, } if (!s->s_root) { - char b[BDEVNAME_SIZE]; - - s_new = true; + s_new = true; /* New superblock instance created */ s->s_mode = mode; - strlcpy(s->s_id, bdevname(sd.bdev, b), sizeof(s->s_id)); + snprintf(s->s_id, sizeof(s->s_id), "%pg", sd.bdev); sb_set_blocksize(s, block_size(sd.bdev)); err = nilfs_fill_super(s, data, flags & MS_SILENT ? 1 : 0); diff --git a/fs/reiserfs/journal.c b/fs/reiserfs/journal.c index 9d6486d..44c2bdc 100644 --- a/fs/reiserfs/journal.c +++ b/fs/reiserfs/journal.c @@ -618,12 +618,10 @@ static void release_buffer_page(struct buffer_head *bh) static void reiserfs_end_buffer_io_sync(struct buffer_head *bh, int uptodate) { - char b[BDEVNAME_SIZE]; - if (buffer_journaled(bh)) { reiserfs_warning(NULL, "clm-2084", - "pinned buffer %lu:%s sent to disk", - bh->b_blocknr, bdevname(bh->b_bdev, b)); + "pinned buffer %lu:%pg sent to disk", + bh->b_blocknr, bh->b_bdev); } if (uptodate) set_buffer_uptodate(bh); @@ -2387,11 +2385,10 @@ static int journal_read(struct super_block *sb) int replay_count = 0; int continue_replay = 1; int ret; - char b[BDEVNAME_SIZE]; cur_dblock = SB_ONDISK_JOURNAL_1st_BLOCK(sb); - reiserfs_info(sb, "checking transaction log (%s)\n", - bdevname(journal->j_dev_bd, b)); + reiserfs_info(sb, "checking transaction log (%pg)\n", + journal->j_dev_bd); start = get_seconds(); /* @@ -2651,8 +2648,8 @@ static int journal_init_dev(struct super_block *super, set_blocksize(journal->j_dev_bd, super->s_blocksize); reiserfs_info(super, - "journal_init_dev: journal device: %s\n", - bdevname(journal->j_dev_bd, b)); + "journal_init_dev: journal device: %pg\n", + journal->j_dev_bd); return 0; } @@ -2724,7 +2721,6 @@ int journal_init(struct super_block *sb, const char *j_dev_name, struct reiserfs_journal_header *jh; struct reiserfs_journal *journal; struct reiserfs_journal_list *jl; - char b[BDEVNAME_SIZE]; int ret; journal = SB_JOURNAL(sb) = vzalloc(sizeof(struct reiserfs_journal)); @@ -2794,10 +2790,10 @@ int journal_init(struct super_block *sb, const char *j_dev_name, && (le32_to_cpu(jh->jh_journal.jp_journal_magic) != sb_jp_journal_magic(rs))) { reiserfs_warning(sb, "sh-460", - "journal header magic %x (device %s) does " + "journal header magic %x (device %pg) does " "not match to magic found in super block %x", jh->jh_journal.jp_journal_magic, - bdevname(journal->j_dev_bd, b), + journal->j_dev_bd, sb_jp_journal_magic(rs)); brelse(bhjh); goto free_and_return; @@ -2818,10 +2814,10 @@ int journal_init(struct super_block *sb, const char *j_dev_name, journal->j_max_trans_age = commit_max_age; } - reiserfs_info(sb, "journal params: device %s, size %u, " + reiserfs_info(sb, "journal params: device %pg, size %u, " "journal first block %u, max trans len %u, max batch %u, " "max commit age %u, max trans age %u\n", - bdevname(journal->j_dev_bd, b), + journal->j_dev_bd, SB_ONDISK_JOURNAL_SIZE(sb), SB_ONDISK_JOURNAL_1st_BLOCK(sb), journal->j_trans_max, diff --git a/fs/reiserfs/prints.c b/fs/reiserfs/prints.c index ae1dc84..4f3f928 100644 --- a/fs/reiserfs/prints.c +++ b/fs/reiserfs/prints.c @@ -139,11 +139,9 @@ static void sprintf_block_head(char *buf, struct buffer_head *bh) static void sprintf_buffer_head(char *buf, struct buffer_head *bh) { - char b[BDEVNAME_SIZE]; - sprintf(buf, - "dev %s, size %zd, blocknr %llu, count %d, state 0x%lx, page %p, (%s, %s, %s)", - bdevname(bh->b_bdev, b), bh->b_size, + "dev %pg, size %zd, blocknr %llu, count %d, state 0x%lx, page %p, (%s, %s, %s)", + bh->b_bdev, bh->b_size, (unsigned long long)bh->b_blocknr, atomic_read(&(bh->b_count)), bh->b_state, bh->b_page, buffer_uptodate(bh) ? "UPTODATE" : "!UPTODATE", @@ -530,7 +528,6 @@ static int print_super_block(struct buffer_head *bh) (struct reiserfs_super_block *)(bh->b_data); int skipped, data_blocks; char *version; - char b[BDEVNAME_SIZE]; if (is_reiserfs_3_5(rs)) { version = "3.5"; @@ -543,7 +540,7 @@ static int print_super_block(struct buffer_head *bh) return 1; } - printk("%s\'s super block is in block %llu\n", bdevname(bh->b_bdev, b), + printk("%pg\'s super block is in block %llu\n", bh->b_bdev, (unsigned long long)bh->b_blocknr); printk("Reiserfs version %s\n", version); printk("Block count %u\n", sb_block_count(rs)); diff --git a/fs/reiserfs/procfs.c b/fs/reiserfs/procfs.c index 621b9f3..fe99915 100644 --- a/fs/reiserfs/procfs.c +++ b/fs/reiserfs/procfs.c @@ -303,11 +303,10 @@ static int show_journal(struct seq_file *m, void *unused) struct reiserfs_sb_info *r = REISERFS_SB(sb); struct reiserfs_super_block *rs = r->s_rs; struct journal_params *jp = &rs->s_v1.s_journal; - char b[BDEVNAME_SIZE]; seq_printf(m, /* on-disk fields */ "jp_journal_1st_block: \t%i\n" - "jp_journal_dev: \t%s[%x]\n" + "jp_journal_dev: \t%pg[%x]\n" "jp_journal_size: \t%i\n" "jp_journal_trans_max: \t%i\n" "jp_journal_magic: \t%i\n" @@ -348,7 +347,7 @@ static int show_journal(struct seq_file *m, void *unused) "prepare: \t%12lu\n" "prepare_retry: \t%12lu\n", DJP(jp_journal_1st_block), - bdevname(SB_JOURNAL(sb)->j_dev_bd, b), + SB_JOURNAL(sb)->j_dev_bd, DJP(jp_journal_dev), DJP(jp_journal_size), DJP(jp_journal_trans_max), diff --git a/fs/squashfs/super.c b/fs/squashfs/super.c index 5056bab..dded920 100644 --- a/fs/squashfs/super.c +++ b/fs/squashfs/super.c @@ -80,7 +80,6 @@ static int squashfs_fill_super(struct super_block *sb, void *data, int silent) { struct squashfs_sb_info *msblk; struct squashfs_super_block *sblk = NULL; - char b[BDEVNAME_SIZE]; struct inode *root; long long root_inode; unsigned short flags; @@ -124,8 +123,8 @@ static int squashfs_fill_super(struct super_block *sb, void *data, int silent) sb->s_magic = le32_to_cpu(sblk->s_magic); if (sb->s_magic != SQUASHFS_MAGIC) { if (!silent) - ERROR("Can't find a SQUASHFS superblock on %s\n", - bdevname(sb->s_bdev, b)); + ERROR("Can't find a SQUASHFS superblock on %pg\n", + sb->s_bdev); goto failed_mount; } @@ -178,7 +177,7 @@ static int squashfs_fill_super(struct super_block *sb, void *data, int silent) msblk->inodes = le32_to_cpu(sblk->inodes); flags = le16_to_cpu(sblk->flags); - TRACE("Found valid superblock on %s\n", bdevname(sb->s_bdev, b)); + TRACE("Found valid superblock on %pg\n", sb->s_bdev); TRACE("Inodes are %scompressed\n", SQUASHFS_UNCOMPRESSED_INODES(flags) ? "un" : ""); TRACE("Data is %scompressed\n", SQUASHFS_UNCOMPRESSED_DATA(flags) diff --git a/fs/super.c b/fs/super.c index 954aeb8..cc658a2 100644 --- a/fs/super.c +++ b/fs/super.c @@ -1012,10 +1012,8 @@ struct dentry *mount_bdev(struct file_system_type *fs_type, blkdev_put(bdev, mode); down_write(&s->s_umount); } else { - char b[BDEVNAME_SIZE]; - s->s_mode = mode; - strlcpy(s->s_id, bdevname(bdev, b), sizeof(s->s_id)); + snprintf(s->s_id, sizeof(s->s_id), "%pg", bdev); sb_set_blocksize(s, block_size(bdev)); error = fill_super(s, data, flags & MS_SILENT ? 1 : 0); if (error) { diff --git a/fs/xfs/xfs_buf.c b/fs/xfs/xfs_buf.c index 3243cdf..ace91e7 100644 --- a/fs/xfs/xfs_buf.c +++ b/fs/xfs/xfs_buf.c @@ -1632,13 +1632,9 @@ xfs_setsize_buftarg( btp->bt_meta_sectormask = sectorsize - 1; if (set_blocksize(btp->bt_bdev, sectorsize)) { - char name[BDEVNAME_SIZE]; - - bdevname(btp->bt_bdev, name); - xfs_warn(btp->bt_mount, - "Cannot set_blocksize to %u on device %s", - sectorsize, name); + "Cannot set_blocksize to %u on device %pg", + sectorsize, btp->bt_bdev); return -EINVAL; } -- cgit v0.10.2 From 263a3df18fa2c078ab3e8b14fece6cfa6053e86a Mon Sep 17 00:00:00 2001 From: Al Viro Date: Thu, 7 Jan 2016 10:04:37 -0500 Subject: nbd: use ->compat_ioctl() Signed-off-by: Al Viro diff --git a/drivers/block/nbd.c b/drivers/block/nbd.c index 93b3f99..e4c5cc1 100644 --- a/drivers/block/nbd.c +++ b/drivers/block/nbd.c @@ -827,6 +827,7 @@ static const struct block_device_operations nbd_fops = { .owner = THIS_MODULE, .ioctl = nbd_ioctl, + .compat_ioctl = nbd_ioctl, }; #if IS_ENABLED(CONFIG_DEBUG_FS) diff --git a/fs/compat_ioctl.c b/fs/compat_ioctl.c index 9144b77..c9fca9c 100644 --- a/fs/compat_ioctl.c +++ b/fs/compat_ioctl.c @@ -1305,12 +1305,6 @@ COMPATIBLE_IOCTL(PCIIOC_CONTROLLER) COMPATIBLE_IOCTL(PCIIOC_MMAP_IS_IO) COMPATIBLE_IOCTL(PCIIOC_MMAP_IS_MEM) COMPATIBLE_IOCTL(PCIIOC_WRITE_COMBINE) -/* NBD */ -COMPATIBLE_IOCTL(NBD_DO_IT) -COMPATIBLE_IOCTL(NBD_CLEAR_SOCK) -COMPATIBLE_IOCTL(NBD_CLEAR_QUE) -COMPATIBLE_IOCTL(NBD_PRINT_DEBUG) -COMPATIBLE_IOCTL(NBD_DISCONNECT) /* i2c */ COMPATIBLE_IOCTL(I2C_SLAVE) COMPATIBLE_IOCTL(I2C_SLAVE_FORCE) @@ -1529,11 +1523,6 @@ static long do_ioctl_trans(unsigned int cmd, case KDSKBMETA: case KDSKBLED: case KDSETLED: - /* NBD */ - case NBD_SET_SOCK: - case NBD_SET_BLKSIZE: - case NBD_SET_SIZE: - case NBD_SET_SIZE_BLOCKS: return vfs_ioctl(file, cmd, arg); } -- cgit v0.10.2 From bdb97e91e0140230bda9a83f6dbaa29b0c2e0522 Mon Sep 17 00:00:00 2001 From: Al Viro Date: Sat, 9 Jan 2016 02:16:04 -0500 Subject: [s390] page_to_phys() always returns a multiple of PAGE_SIZE Acked-by: Martin Schwidefsky Signed-off-by: Al Viro diff --git a/arch/s390/pci/pci_dma.c b/arch/s390/pci/pci_dma.c index d348f2c..32da0a6 100644 --- a/arch/s390/pci/pci_dma.c +++ b/arch/s390/pci/pci_dma.c @@ -366,8 +366,7 @@ static void *s390_dma_alloc(struct device *dev, size_t size, pa = page_to_phys(page); memset((void *) pa, 0, size); - map = s390_dma_map_pages(dev, page, pa % PAGE_SIZE, - size, DMA_BIDIRECTIONAL, NULL); + map = s390_dma_map_pages(dev, page, 0, size, DMA_BIDIRECTIONAL, NULL); if (dma_mapping_error(dev, map)) { free_pages(pa, get_order(size)); return NULL; -- cgit v0.10.2 From 0b2a6f231dcbc7bd543a5aaa23b0ea76ce16e585 Mon Sep 17 00:00:00 2001 From: Richard Weinberger Date: Sat, 2 Jan 2016 23:09:47 +0100 Subject: fs: xattr: Use kvfree() ... instead of open coding it. Signed-off-by: Richard Weinberger Signed-off-by: Al Viro diff --git a/fs/xattr.c b/fs/xattr.c index 9b932b9..9e8a652 100644 --- a/fs/xattr.c +++ b/fs/xattr.c @@ -324,7 +324,6 @@ setxattr(struct dentry *d, const char __user *name, const void __user *value, { int error; void *kvalue = NULL; - void *vvalue = NULL; /* If non-NULL, we used vmalloc() */ char kname[XATTR_NAME_MAX + 1]; if (flags & ~(XATTR_CREATE|XATTR_REPLACE)) @@ -341,10 +340,9 @@ setxattr(struct dentry *d, const char __user *name, const void __user *value, return -E2BIG; kvalue = kmalloc(size, GFP_KERNEL | __GFP_NOWARN); if (!kvalue) { - vvalue = vmalloc(size); - if (!vvalue) + kvalue = vmalloc(size); + if (!kvalue) return -ENOMEM; - kvalue = vvalue; } if (copy_from_user(kvalue, value, size)) { error = -EFAULT; @@ -357,10 +355,8 @@ setxattr(struct dentry *d, const char __user *name, const void __user *value, error = vfs_setxattr(d, kname, kvalue, size, flags); out: - if (vvalue) - vfree(vvalue); - else - kfree(kvalue); + kvfree(kvalue); + return error; } @@ -428,7 +424,6 @@ getxattr(struct dentry *d, const char __user *name, void __user *value, { ssize_t error; void *kvalue = NULL; - void *vvalue = NULL; char kname[XATTR_NAME_MAX + 1]; error = strncpy_from_user(kname, name, sizeof(kname)); @@ -442,10 +437,9 @@ getxattr(struct dentry *d, const char __user *name, void __user *value, size = XATTR_SIZE_MAX; kvalue = kzalloc(size, GFP_KERNEL | __GFP_NOWARN); if (!kvalue) { - vvalue = vmalloc(size); - if (!vvalue) + kvalue = vmalloc(size); + if (!kvalue) return -ENOMEM; - kvalue = vvalue; } } @@ -461,10 +455,9 @@ getxattr(struct dentry *d, const char __user *name, void __user *value, than XATTR_SIZE_MAX bytes. Not possible. */ error = -E2BIG; } - if (vvalue) - vfree(vvalue); - else - kfree(kvalue); + + kvfree(kvalue); + return error; } @@ -521,17 +514,15 @@ listxattr(struct dentry *d, char __user *list, size_t size) { ssize_t error; char *klist = NULL; - char *vlist = NULL; /* If non-NULL, we used vmalloc() */ if (size) { if (size > XATTR_LIST_MAX) size = XATTR_LIST_MAX; klist = kmalloc(size, __GFP_NOWARN | GFP_KERNEL); if (!klist) { - vlist = vmalloc(size); - if (!vlist) + klist = vmalloc(size); + if (!klist) return -ENOMEM; - klist = vlist; } } @@ -544,10 +535,9 @@ listxattr(struct dentry *d, char __user *list, size_t size) than XATTR_LIST_MAX bytes. Not possible. */ error = -E2BIG; } - if (vlist) - vfree(vlist); - else - kfree(klist); + + kvfree(klist); + return error; } -- cgit v0.10.2 From 90330e689c32e5105265c461c54af6ecec3373fa Mon Sep 17 00:00:00 2001 From: Abhi Das Date: Fri, 18 Dec 2015 14:11:36 -0600 Subject: fs: __generic_file_splice_read retry lookup on AOP_TRUNCATED_PAGE During testing, I discovered that __generic_file_splice_read() returns 0 (EOF) when aops->readpage fails with AOP_TRUNCATED_PAGE on the first page of a single/multi-page splice read operation. This EOF return code causes the userspace test to (correctly) report a zero-length read error when it was expecting otherwise. The current strategy of returning a partial non-zero read when ->readpage returns AOP_TRUNCATED_PAGE works only when the failed page is not the first of the lot being processed. This patch attempts to retry lookup and call ->readpage again on pages that had previously failed with AOP_TRUNCATED_PAGE. With this patch, my tests pass and I haven't noticed any unwanted side effects. This version removes the thrice-retry loop and instead indefinitely retries lookups on AOP_TRUNCATED_PAGE errors from ->readpage. This behavior is now similar to do_generic_file_read(). Signed-off-by: Abhi Das Reviewed-by: Jan Kara Cc: Bob Peterson Cc: Al Viro Signed-off-by: Al Viro diff --git a/fs/splice.c b/fs/splice.c index 4cf700d..82bc0d6 100644 --- a/fs/splice.c +++ b/fs/splice.c @@ -415,6 +415,7 @@ __generic_file_splice_read(struct file *in, loff_t *ppos, */ if (!page->mapping) { unlock_page(page); +retry_lookup: page = find_or_create_page(mapping, index, mapping_gfp_mask(mapping)); @@ -439,13 +440,10 @@ __generic_file_splice_read(struct file *in, loff_t *ppos, error = mapping->a_ops->readpage(in, page); if (unlikely(error)) { /* - * We really should re-lookup the page here, - * but it complicates things a lot. Instead - * lets just do what we already stored, and - * we'll get it the next time we are called. + * Re-lookup the page */ if (error == AOP_TRUNCATED_PAGE) - error = 0; + goto retry_lookup; break; } -- cgit v0.10.2 From 0dbf5f20652108106cb822ad7662c786baaa03ff Mon Sep 17 00:00:00 2001 From: Stanislav Kinsburskiy Date: Tue, 15 Dec 2015 19:41:31 +0400 Subject: fcntl: allow to set O_DIRECT flag on pipe With packetized mode for pipes, it's not possible to set O_DIRECT on pipe file via sys_fcntl, because of unsupported sanity checks. Ability to set this flag will be used by CRIU to migrate packetized pipes. v2: Fixed typos and mode variable to check. Signed-off-by: Stanislav Kinsburskiy Signed-off-by: Al Viro diff --git a/fs/fcntl.c b/fs/fcntl.c index ee85cd4..350a2c8 100644 --- a/fs/fcntl.c +++ b/fs/fcntl.c @@ -51,7 +51,8 @@ static int setfl(int fd, struct file * filp, unsigned long arg) if (arg & O_NDELAY) arg |= O_NONBLOCK; - if (arg & O_DIRECT) { + /* Pipe packetized mode is controlled by O_DIRECT flag */ + if (!S_ISFIFO(filp->f_inode->i_mode) && (arg & O_DIRECT)) { if (!filp->f_mapping || !filp->f_mapping->a_ops || !filp->f_mapping->a_ops->direct_IO) return -EINVAL; -- cgit v0.10.2 From bc51b2a9193f917f2065313d9971d7d5e867bc81 Mon Sep 17 00:00:00 2001 From: Julia Lawall Date: Fri, 11 Dec 2015 17:03:26 +0100 Subject: logfs: constify logfs_block_ops structures The logfs_block_ops structures are never modified, so declare them as const. Done with the help of Coccinelle. Signed-off-by: Julia Lawall Signed-off-by: Al Viro diff --git a/fs/logfs/logfs.h b/fs/logfs/logfs.h index 5f09376..5731361 100644 --- a/fs/logfs/logfs.h +++ b/fs/logfs/logfs.h @@ -302,7 +302,7 @@ struct logfs_block { struct inode *inode; struct logfs_transaction *ta; unsigned long alias_map[LOGFS_BLOCK_FACTOR / BITS_PER_LONG]; - struct logfs_block_ops *ops; + const struct logfs_block_ops *ops; int full; int partial; int reserved_bytes; @@ -579,7 +579,7 @@ int logfs_exist_block(struct inode *inode, u64 bix); int get_page_reserve(struct inode *inode, struct page *page); void logfs_get_wblocks(struct super_block *sb, struct page *page, int lock); void logfs_put_wblocks(struct super_block *sb, struct page *page, int lock); -extern struct logfs_block_ops indirect_block_ops; +extern const struct logfs_block_ops indirect_block_ops; /* segment.c */ int logfs_erase_segment(struct super_block *sb, u32 ofs, int ensure_erase); diff --git a/fs/logfs/readwrite.c b/fs/logfs/readwrite.c index 380d86e..20973c9 100644 --- a/fs/logfs/readwrite.c +++ b/fs/logfs/readwrite.c @@ -569,13 +569,13 @@ static void indirect_free_block(struct super_block *sb, } -static struct logfs_block_ops inode_block_ops = { +static const struct logfs_block_ops inode_block_ops = { .write_block = inode_write_block, .free_block = inode_free_block, .write_alias = inode_write_alias, }; -struct logfs_block_ops indirect_block_ops = { +const struct logfs_block_ops indirect_block_ops = { .write_block = indirect_write_block, .free_block = indirect_free_block, .write_alias = indirect_write_alias, diff --git a/fs/logfs/segment.c b/fs/logfs/segment.c index 6de0fbf..d270e4b 100644 --- a/fs/logfs/segment.c +++ b/fs/logfs/segment.c @@ -197,7 +197,7 @@ static int btree_write_alias(struct super_block *sb, struct logfs_block *block, return 0; } -static struct logfs_block_ops btree_block_ops = { +static const struct logfs_block_ops btree_block_ops = { .write_block = btree_write_block, .free_block = __free_block, .write_alias = btree_write_alias, -- cgit v0.10.2 From 3cc4a84e026e8d61b7ffe4a7367ed09a555f2c5b Mon Sep 17 00:00:00 2001 From: Eric Dumazet Date: Thu, 3 Dec 2015 11:12:07 -0800 Subject: proc: add a reschedule point in proc_readfd_common() User can pass an arbitrary large buffer to getdents(). It is typically a 32KB buffer used by libc scandir() implementation. When scanning /proc/{pid}/fd, we can hold cpu way too long, so add a cond_resched() to be kind with other tasks. We've seen latencies of more than 50ms on real workloads. Signed-off-by: Eric Dumazet Cc: Alexander Viro Signed-off-by: Al Viro diff --git a/fs/proc/fd.c b/fs/proc/fd.c index 3c2a915..56afa5e 100644 --- a/fs/proc/fd.c +++ b/fs/proc/fd.c @@ -258,6 +258,7 @@ static int proc_readfd_common(struct file *file, struct dir_context *ctx, name, len, instantiate, p, (void *)(unsigned long)fd)) goto out_fd_loop; + cond_resched(); rcu_read_lock(); } rcu_read_unlock(); -- cgit v0.10.2 From 8f5fed1e917588f946ad8882bd47a4093db0ff4c Mon Sep 17 00:00:00 2001 From: Sasha Levin Date: Thu, 7 Jan 2016 17:49:51 -0500 Subject: fs/9p: use fscache mutex rather than spinlock We may sleep inside a the lock, so use a mutex rather than spinlock. Signed-off-by: Sasha Levin Signed-off-by: Al Viro diff --git a/fs/9p/cache.c b/fs/9p/cache.c index a69260f..103ca5e 100644 --- a/fs/9p/cache.c +++ b/fs/9p/cache.c @@ -243,14 +243,14 @@ void v9fs_cache_inode_set_cookie(struct inode *inode, struct file *filp) if (!v9inode->fscache) return; - spin_lock(&v9inode->fscache_lock); + mutex_lock(&v9inode->fscache_lock); if ((filp->f_flags & O_ACCMODE) != O_RDONLY) v9fs_cache_inode_flush_cookie(inode); else v9fs_cache_inode_get_cookie(inode); - spin_unlock(&v9inode->fscache_lock); + mutex_unlock(&v9inode->fscache_lock); } void v9fs_cache_inode_reset_cookie(struct inode *inode) @@ -264,7 +264,7 @@ void v9fs_cache_inode_reset_cookie(struct inode *inode) old = v9inode->fscache; - spin_lock(&v9inode->fscache_lock); + mutex_lock(&v9inode->fscache_lock); fscache_relinquish_cookie(v9inode->fscache, 1); v9ses = v9fs_inode2v9ses(inode); @@ -274,7 +274,7 @@ void v9fs_cache_inode_reset_cookie(struct inode *inode) p9_debug(P9_DEBUG_FSC, "inode %p revalidating cookie old %p new %p\n", inode, old, v9inode->fscache); - spin_unlock(&v9inode->fscache_lock); + mutex_unlock(&v9inode->fscache_lock); } int __v9fs_fscache_release_page(struct page *page, gfp_t gfp) diff --git a/fs/9p/v9fs.h b/fs/9p/v9fs.h index 0923f2c..6877050 100644 --- a/fs/9p/v9fs.h +++ b/fs/9p/v9fs.h @@ -123,7 +123,7 @@ struct v9fs_session_info { struct v9fs_inode { #ifdef CONFIG_9P_FSCACHE - spinlock_t fscache_lock; + struct mutex fscache_lock; struct fscache_cookie *fscache; #endif struct p9_qid qid; diff --git a/fs/9p/vfs_inode.c b/fs/9p/vfs_inode.c index 5110785..fbdb29b 100644 --- a/fs/9p/vfs_inode.c +++ b/fs/9p/vfs_inode.c @@ -244,7 +244,7 @@ struct inode *v9fs_alloc_inode(struct super_block *sb) return NULL; #ifdef CONFIG_9P_FSCACHE v9inode->fscache = NULL; - spin_lock_init(&v9inode->fscache_lock); + mutex_init(&v9inode->fscache_lock); #endif v9inode->writeback_fid = NULL; v9inode->cache_validity = 0; -- cgit v0.10.2 From db39c16724d019029d7533561754d92bef1b389a Mon Sep 17 00:00:00 2001 From: DengChao Date: Thu, 12 Nov 2015 21:40:41 +0800 Subject: fs:affs:Replace time_t with time64_t The affs code uses "time_t" and "get_seconds()". This will cause problems on 32-bit architectures in 2038 when time_t overflows. This patch replaces them with "time64_t" and "ktime_get_real_seconds()". This patch introduces expensive 64-bit divsion in "secs_to_datestamp()", considering this function is not called so often, the cost should be acceptable. Reviewed-by: Arnd Bergmann Signed-off-by: DengChao Signed-off-by: Al Viro diff --git a/fs/affs/affs.h b/fs/affs/affs.h index c69a87e..cc2b2ef 100644 --- a/fs/affs/affs.h +++ b/fs/affs/affs.h @@ -138,7 +138,7 @@ extern int affs_remove_hash(struct inode *dir, struct buffer_head *rem_bh); extern int affs_remove_header(struct dentry *dentry); extern u32 affs_checksum_block(struct super_block *sb, struct buffer_head *bh); extern void affs_fix_checksum(struct super_block *sb, struct buffer_head *bh); -extern void secs_to_datestamp(time_t secs, struct affs_date *ds); +extern void secs_to_datestamp(time64_t secs, struct affs_date *ds); extern umode_t prot_to_mode(u32 prot); extern void mode_to_prot(struct inode *inode); __printf(3, 4) diff --git a/fs/affs/amigaffs.c b/fs/affs/amigaffs.c index 5fa92bc..d6c7a51 100644 --- a/fs/affs/amigaffs.c +++ b/fs/affs/amigaffs.c @@ -8,6 +8,7 @@ * Please send bug reports to: hjw@zvw.de */ +#include #include "affs.h" /* @@ -366,22 +367,22 @@ affs_fix_checksum(struct super_block *sb, struct buffer_head *bh) } void -secs_to_datestamp(time_t secs, struct affs_date *ds) +secs_to_datestamp(time64_t secs, struct affs_date *ds) { u32 days; u32 minute; + s32 rem; secs -= sys_tz.tz_minuteswest * 60 + ((8 * 365 + 2) * 24 * 60 * 60); if (secs < 0) secs = 0; - days = secs / 86400; - secs -= days * 86400; - minute = secs / 60; - secs -= minute * 60; + days = div_s64_rem(secs, 86400, &rem); + minute = rem / 60; + rem -= minute * 60; ds->days = cpu_to_be32(days); ds->mins = cpu_to_be32(minute); - ds->ticks = cpu_to_be32(secs * 50); + ds->ticks = cpu_to_be32(rem * 50); } umode_t diff --git a/fs/affs/super.c b/fs/affs/super.c index 5b50c4c..8836df5 100644 --- a/fs/affs/super.c +++ b/fs/affs/super.c @@ -32,7 +32,7 @@ affs_commit_super(struct super_block *sb, int wait) struct affs_root_tail *tail = AFFS_ROOT_TAIL(sb, bh); lock_buffer(bh); - secs_to_datestamp(get_seconds(), &tail->disk_change); + secs_to_datestamp(ktime_get_real_seconds(), &tail->disk_change); affs_fix_checksum(sb, bh); unlock_buffer(bh); -- cgit v0.10.2 From bbddca8e8fac07ece3938e03526b5d00fa791a4c Mon Sep 17 00:00:00 2001 From: NeilBrown Date: Thu, 7 Jan 2016 16:08:20 -0500 Subject: nfsd: don't hold i_mutex over userspace upcalls We need information about exports when crossing mountpoints during lookup or NFSv4 readdir. If we don't already have that information cached, we may have to ask (and wait for) rpc.mountd. In both cases we currently hold the i_mutex on the parent of the directory we're asking rpc.mountd about. We've seen situations where rpc.mountd performs some operation on that directory that tries to take the i_mutex again, resulting in deadlock. With some care, we may be able to avoid that in rpc.mountd. But it seems better just to avoid holding a mutex while waiting on userspace. It appears that lookup_one_len is pretty much the only operation that needs the i_mutex. So we could just drop the i_mutex elsewhere and do something like mutex_lock() lookup_one_len() mutex_unlock() In many cases though the lookup would have been cached and not required the i_mutex, so it's more efficient to create a lookup_one_len() variant that only takes the i_mutex when necessary. Signed-off-by: NeilBrown Signed-off-by: J. Bruce Fields Signed-off-by: Al Viro diff --git a/fs/namei.c b/fs/namei.c index 45c702e..1067f7a 100644 --- a/fs/namei.c +++ b/fs/namei.c @@ -2272,6 +2272,8 @@ EXPORT_SYMBOL(vfs_path_lookup); * * Note that this routine is purely a helper for filesystem usage and should * not be called by generic code. + * + * The caller must hold base->i_mutex. */ struct dentry *lookup_one_len(const char *name, struct dentry *base, int len) { @@ -2315,6 +2317,75 @@ struct dentry *lookup_one_len(const char *name, struct dentry *base, int len) } EXPORT_SYMBOL(lookup_one_len); +/** + * lookup_one_len_unlocked - filesystem helper to lookup single pathname component + * @name: pathname component to lookup + * @base: base directory to lookup from + * @len: maximum length @len should be interpreted to + * + * Note that this routine is purely a helper for filesystem usage and should + * not be called by generic code. + * + * Unlike lookup_one_len, it should be called without the parent + * i_mutex held, and will take the i_mutex itself if necessary. + */ +struct dentry *lookup_one_len_unlocked(const char *name, + struct dentry *base, int len) +{ + struct qstr this; + unsigned int c; + int err; + struct dentry *ret; + + this.name = name; + this.len = len; + this.hash = full_name_hash(name, len); + if (!len) + return ERR_PTR(-EACCES); + + if (unlikely(name[0] == '.')) { + if (len < 2 || (len == 2 && name[1] == '.')) + return ERR_PTR(-EACCES); + } + + while (len--) { + c = *(const unsigned char *)name++; + if (c == '/' || c == '\0') + return ERR_PTR(-EACCES); + } + /* + * See if the low-level filesystem might want + * to use its own hash.. + */ + if (base->d_flags & DCACHE_OP_HASH) { + int err = base->d_op->d_hash(base, &this); + if (err < 0) + return ERR_PTR(err); + } + + err = inode_permission(base->d_inode, MAY_EXEC); + if (err) + return ERR_PTR(err); + + /* + * __d_lookup() is used to try to get a quick answer and avoid the + * mutex. A false-negative does no harm. + */ + ret = __d_lookup(base, &this); + if (ret && unlikely(ret->d_flags & DCACHE_OP_REVALIDATE)) { + dput(ret); + ret = NULL; + } + if (ret) + return ret; + + mutex_lock(&base->d_inode->i_mutex); + ret = __lookup_hash(&this, base, 0); + mutex_unlock(&base->d_inode->i_mutex); + return ret; +} +EXPORT_SYMBOL(lookup_one_len_unlocked); + int user_path_at_empty(int dfd, const char __user *name, unsigned flags, struct path *path, int *empty) { diff --git a/fs/nfsd/nfs3xdr.c b/fs/nfsd/nfs3xdr.c index 00575d7..2246454 100644 --- a/fs/nfsd/nfs3xdr.c +++ b/fs/nfsd/nfs3xdr.c @@ -823,7 +823,7 @@ compose_entry_fh(struct nfsd3_readdirres *cd, struct svc_fh *fhp, } else dchild = dget(dparent); } else - dchild = lookup_one_len(name, dparent, namlen); + dchild = lookup_one_len_unlocked(name, dparent, namlen); if (IS_ERR(dchild)) return rv; if (d_mountpoint(dchild)) diff --git a/fs/nfsd/nfs4xdr.c b/fs/nfsd/nfs4xdr.c index 51c9e9c..325521c 100644 --- a/fs/nfsd/nfs4xdr.c +++ b/fs/nfsd/nfs4xdr.c @@ -2838,14 +2838,14 @@ nfsd4_encode_dirent_fattr(struct xdr_stream *xdr, struct nfsd4_readdir *cd, __be32 nfserr; int ignore_crossmnt = 0; - dentry = lookup_one_len(name, cd->rd_fhp->fh_dentry, namlen); + dentry = lookup_one_len_unlocked(name, cd->rd_fhp->fh_dentry, namlen); if (IS_ERR(dentry)) return nfserrno(PTR_ERR(dentry)); if (d_really_is_negative(dentry)) { /* - * nfsd_buffered_readdir drops the i_mutex between - * readdir and calling this callback, leaving a window - * where this directory entry could have gone away. + * we're not holding the i_mutex here, so there's + * a window where this directory entry could have gone + * away. */ dput(dentry); return nfserr_noent; diff --git a/fs/nfsd/vfs.c b/fs/nfsd/vfs.c index 994d66f..4212aaa 100644 --- a/fs/nfsd/vfs.c +++ b/fs/nfsd/vfs.c @@ -217,10 +217,16 @@ nfsd_lookup_dentry(struct svc_rqst *rqstp, struct svc_fh *fhp, host_err = PTR_ERR(dentry); if (IS_ERR(dentry)) goto out_nfserr; - /* - * check if we have crossed a mount point ... - */ if (nfsd_mountpoint(dentry, exp)) { + /* + * We don't need the i_mutex after all. It's + * still possible we could open this (regular + * files can be mountpoints too), but the + * i_mutex is just there to prevent renames of + * something that we might be about to delegate, + * and a mountpoint won't be renamed: + */ + fh_unlock(fhp); if ((host_err = nfsd_cross_mnt(rqstp, &dentry, &exp))) { dput(dentry); goto out_nfserr; @@ -1809,7 +1815,6 @@ static __be32 nfsd_buffered_readdir(struct file *file, nfsd_filldir_t func, offset = *offsetp; while (1) { - struct inode *dir_inode = file_inode(file); unsigned int reclen; cdp->err = nfserr_eof; /* will be cleared on successful read */ @@ -1828,15 +1833,6 @@ static __be32 nfsd_buffered_readdir(struct file *file, nfsd_filldir_t func, if (!size) break; - /* - * Various filldir functions may end up calling back into - * lookup_one_len() and the file system's ->lookup() method. - * These expect i_mutex to be held, as it would within readdir. - */ - host_err = mutex_lock_killable(&dir_inode->i_mutex); - if (host_err) - break; - de = (struct buffered_dirent *)buf.dirent; while (size > 0) { offset = de->offset; @@ -1853,7 +1849,6 @@ static __be32 nfsd_buffered_readdir(struct file *file, nfsd_filldir_t func, size -= reclen; de = (struct buffered_dirent *)((char *)de + reclen); } - mutex_unlock(&dir_inode->i_mutex); if (size > 0) /* We bailed out early */ break; diff --git a/include/linux/namei.h b/include/linux/namei.h index d8c6334..d0f25d8 100644 --- a/include/linux/namei.h +++ b/include/linux/namei.h @@ -77,6 +77,7 @@ extern struct dentry *kern_path_locked(const char *, struct path *); extern int kern_path_mountpoint(int, const char *, struct path *, unsigned int); extern struct dentry *lookup_one_len(const char *, struct dentry *, int); +extern struct dentry *lookup_one_len_unlocked(const char *, struct dentry *, int); extern int follow_down_one(struct path *); extern int follow_down(struct path *); -- cgit v0.10.2