diff options
| author | Miklos Szeredi <mszeredi@suse.cz> | 2014-09-24 11:09:11 -0400 |
|---|---|---|
| committer | Al Viro <viro@zeniv.linux.org.uk> | 2014-09-26 21:16:51 -0400 |
| commit | 2c80929c4c4d54e568b07ab85877d5fd38f4b02f (patch) | |
| tree | a43d1f9a9706d519a46c1b772b69c8996319961c | |
| parent | b928095b0a7cff7fb9fcf4c706348ceb8ab2c295 (diff) | |
fuse: honour max_read and max_write in direct_io mode
The third argument of fuse_get_user_pages() "nbytesp" refers to the number of
bytes a caller asked to pack into fuse request. This value may be lesser
than capacity of fuse request or iov_iter. So fuse_get_user_pages() must
ensure that *nbytesp won't grow.
Now, when helper iov_iter_get_pages() performs all hard work of extracting
pages from iov_iter, it can be done by passing properly calculated
"maxsize" to the helper.
The other caller of iov_iter_get_pages() (dio_refill_pages()) doesn't need
this capability, so pass LONG_MAX as the maxsize argument here.
Fixes: c9c37e2e6378 ("fuse: switch to iov_iter_get_pages()")
Reported-by: Werner Baumann <werner.baumann@onlinehome.de>
Tested-by: Maxim Patlasov <mpatlasov@parallels.com>
Signed-off-by: Miklos Szeredi <mszeredi@suse.cz>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
| -rw-r--r-- | fs/direct-io.c | 2 | ||||
| -rw-r--r-- | fs/fuse/file.c | 1 | ||||
| -rw-r--r-- | include/linux/uio.h | 2 | ||||
| -rw-r--r-- | mm/iov_iter.c | 14 |
4 files changed, 12 insertions, 7 deletions
diff --git a/fs/direct-io.c b/fs/direct-io.c index c3116404ab49..e181b6b2e297 100644 --- a/fs/direct-io.c +++ b/fs/direct-io.c | |||
| @@ -158,7 +158,7 @@ static inline int dio_refill_pages(struct dio *dio, struct dio_submit *sdio) | |||
| 158 | { | 158 | { |
| 159 | ssize_t ret; | 159 | ssize_t ret; |
| 160 | 160 | ||
| 161 | ret = iov_iter_get_pages(sdio->iter, dio->pages, DIO_PAGES, | 161 | ret = iov_iter_get_pages(sdio->iter, dio->pages, LONG_MAX, DIO_PAGES, |
| 162 | &sdio->from); | 162 | &sdio->from); |
| 163 | 163 | ||
| 164 | if (ret < 0 && sdio->blocks_available && (dio->rw & WRITE)) { | 164 | if (ret < 0 && sdio->blocks_available && (dio->rw & WRITE)) { |
diff --git a/fs/fuse/file.c b/fs/fuse/file.c index 912061ac4baf..caa8d95b24e8 100644 --- a/fs/fuse/file.c +++ b/fs/fuse/file.c | |||
| @@ -1305,6 +1305,7 @@ static int fuse_get_user_pages(struct fuse_req *req, struct iov_iter *ii, | |||
| 1305 | size_t start; | 1305 | size_t start; |
| 1306 | ssize_t ret = iov_iter_get_pages(ii, | 1306 | ssize_t ret = iov_iter_get_pages(ii, |
| 1307 | &req->pages[req->num_pages], | 1307 | &req->pages[req->num_pages], |
| 1308 | *nbytesp - nbytes, | ||
| 1308 | req->max_pages - req->num_pages, | 1309 | req->max_pages - req->num_pages, |
| 1309 | &start); | 1310 | &start); |
| 1310 | if (ret < 0) | 1311 | if (ret < 0) |
diff --git a/include/linux/uio.h b/include/linux/uio.h index 48d64e6ab292..290fbf0b6b8a 100644 --- a/include/linux/uio.h +++ b/include/linux/uio.h | |||
| @@ -84,7 +84,7 @@ unsigned long iov_iter_alignment(const struct iov_iter *i); | |||
| 84 | void iov_iter_init(struct iov_iter *i, int direction, const struct iovec *iov, | 84 | void iov_iter_init(struct iov_iter *i, int direction, const struct iovec *iov, |
| 85 | unsigned long nr_segs, size_t count); | 85 | unsigned long nr_segs, size_t count); |
| 86 | ssize_t iov_iter_get_pages(struct iov_iter *i, struct page **pages, | 86 | ssize_t iov_iter_get_pages(struct iov_iter *i, struct page **pages, |
| 87 | unsigned maxpages, size_t *start); | 87 | size_t maxsize, unsigned maxpages, size_t *start); |
| 88 | ssize_t iov_iter_get_pages_alloc(struct iov_iter *i, struct page ***pages, | 88 | ssize_t iov_iter_get_pages_alloc(struct iov_iter *i, struct page ***pages, |
| 89 | size_t maxsize, size_t *start); | 89 | size_t maxsize, size_t *start); |
| 90 | int iov_iter_npages(const struct iov_iter *i, int maxpages); | 90 | int iov_iter_npages(const struct iov_iter *i, int maxpages); |
diff --git a/mm/iov_iter.c b/mm/iov_iter.c index ab88dc0ea1d3..9a09f2034fcc 100644 --- a/mm/iov_iter.c +++ b/mm/iov_iter.c | |||
| @@ -310,7 +310,7 @@ void iov_iter_init(struct iov_iter *i, int direction, | |||
| 310 | EXPORT_SYMBOL(iov_iter_init); | 310 | EXPORT_SYMBOL(iov_iter_init); |
| 311 | 311 | ||
| 312 | static ssize_t get_pages_iovec(struct iov_iter *i, | 312 | static ssize_t get_pages_iovec(struct iov_iter *i, |
| 313 | struct page **pages, unsigned maxpages, | 313 | struct page **pages, size_t maxsize, unsigned maxpages, |
| 314 | size_t *start) | 314 | size_t *start) |
| 315 | { | 315 | { |
| 316 | size_t offset = i->iov_offset; | 316 | size_t offset = i->iov_offset; |
| @@ -323,6 +323,8 @@ static ssize_t get_pages_iovec(struct iov_iter *i, | |||
| 323 | len = iov->iov_len - offset; | 323 | len = iov->iov_len - offset; |
| 324 | if (len > i->count) | 324 | if (len > i->count) |
| 325 | len = i->count; | 325 | len = i->count; |
| 326 | if (len > maxsize) | ||
| 327 | len = maxsize; | ||
| 326 | addr = (unsigned long)iov->iov_base + offset; | 328 | addr = (unsigned long)iov->iov_base + offset; |
| 327 | len += *start = addr & (PAGE_SIZE - 1); | 329 | len += *start = addr & (PAGE_SIZE - 1); |
| 328 | if (len > maxpages * PAGE_SIZE) | 330 | if (len > maxpages * PAGE_SIZE) |
| @@ -588,13 +590,15 @@ static unsigned long alignment_bvec(const struct iov_iter *i) | |||
| 588 | } | 590 | } |
| 589 | 591 | ||
| 590 | static ssize_t get_pages_bvec(struct iov_iter *i, | 592 | static ssize_t get_pages_bvec(struct iov_iter *i, |
| 591 | struct page **pages, unsigned maxpages, | 593 | struct page **pages, size_t maxsize, unsigned maxpages, |
| 592 | size_t *start) | 594 | size_t *start) |
| 593 | { | 595 | { |
| 594 | const struct bio_vec *bvec = i->bvec; | 596 | const struct bio_vec *bvec = i->bvec; |
| 595 | size_t len = bvec->bv_len - i->iov_offset; | 597 | size_t len = bvec->bv_len - i->iov_offset; |
| 596 | if (len > i->count) | 598 | if (len > i->count) |
| 597 | len = i->count; | 599 | len = i->count; |
| 600 | if (len > maxsize) | ||
| 601 | len = maxsize; | ||
| 598 | /* can't be more than PAGE_SIZE */ | 602 | /* can't be more than PAGE_SIZE */ |
| 599 | *start = bvec->bv_offset + i->iov_offset; | 603 | *start = bvec->bv_offset + i->iov_offset; |
| 600 | 604 | ||
| @@ -711,13 +715,13 @@ unsigned long iov_iter_alignment(const struct iov_iter *i) | |||
| 711 | EXPORT_SYMBOL(iov_iter_alignment); | 715 | EXPORT_SYMBOL(iov_iter_alignment); |
| 712 | 716 | ||
| 713 | ssize_t iov_iter_get_pages(struct iov_iter *i, | 717 | ssize_t iov_iter_get_pages(struct iov_iter *i, |
| 714 | struct page **pages, unsigned maxpages, | 718 | struct page **pages, size_t maxsize, unsigned maxpages, |
| 715 | size_t *start) | 719 | size_t *start) |
| 716 | { | 720 | { |
| 717 | if (i->type & ITER_BVEC) | 721 | if (i->type & ITER_BVEC) |
| 718 | return get_pages_bvec(i, pages, maxpages, start); | 722 | return get_pages_bvec(i, pages, maxsize, maxpages, start); |
| 719 | else | 723 | else |
| 720 | return get_pages_iovec(i, pages, maxpages, start); | 724 | return get_pages_iovec(i, pages, maxsize, maxpages, start); |
| 721 | } | 725 | } |
| 722 | EXPORT_SYMBOL(iov_iter_get_pages); | 726 | EXPORT_SYMBOL(iov_iter_get_pages); |
| 723 | 727 | ||