diff options
| author | Linus Torvalds <torvalds@linux-foundation.org> | 2010-11-12 11:52:47 -0500 |
|---|---|---|
| committer | Linus Torvalds <torvalds@linux-foundation.org> | 2010-11-12 11:52:47 -0500 |
| commit | 8a9f772c14f85e2a580baadc50c194835da2d4e5 (patch) | |
| tree | 4ac04e465fa8295944f997fb517dc9904bb8e4f3 /fs | |
| parent | 25a34554d600b799cbf5159bef372b02d3b4e1c6 (diff) | |
| parent | cedb4a7d9f6aedb0dce94d6285b69dcb3c10fa05 (diff) | |
Merge branch 'for-linus' of git://git.kernel.dk/linux-2.6-block
* 'for-linus' of git://git.kernel.dk/linux-2.6-block: (27 commits)
block: remove unused copy_io_context()
Documentation: remove anticipatory scheduler info
block: remove REQ_HARDBARRIER
ioprio: rcu_read_lock/unlock protect find_task_by_vpid call (V2)
ioprio: fix RCU locking around task dereference
block: ioctl: fix information leak to userland
block: read i_size with i_size_read()
cciss: fix proc warning on attempt to remove non-existant directory
bio: take care not overflow page count when mapping/copying user data
block: limit vec count in bio_kmalloc() and bio_alloc_map_data()
block: take care not to overflow when calculating total iov length
block: check for proper length of iov entries in blk_rq_map_user_iov()
cciss: remove controllers supported by hpsa
cciss: use usleep_range not msleep for small sleeps
cciss: limit commands allocated on reset_devices
cciss: Use kernel provided PCI state save and restore functions
cciss: fix board status waiting code
drbd: Removed checks for REQ_HARDBARRIER on incomming BIOs
drbd: REQ_HARDBARRIER -> REQ_FUA transition for meta data accesses
drbd: Removed the BIO_RW_BARRIER support form the receiver/epoch code
...
Diffstat (limited to 'fs')
| -rw-r--r-- | fs/bio.c | 23 | ||||
| -rw-r--r-- | fs/ioprio.c | 18 |
2 files changed, 37 insertions, 4 deletions
| @@ -370,6 +370,9 @@ struct bio *bio_kmalloc(gfp_t gfp_mask, int nr_iovecs) | |||
| 370 | { | 370 | { |
| 371 | struct bio *bio; | 371 | struct bio *bio; |
| 372 | 372 | ||
| 373 | if (nr_iovecs > UIO_MAXIOV) | ||
| 374 | return NULL; | ||
| 375 | |||
| 373 | bio = kmalloc(sizeof(struct bio) + nr_iovecs * sizeof(struct bio_vec), | 376 | bio = kmalloc(sizeof(struct bio) + nr_iovecs * sizeof(struct bio_vec), |
| 374 | gfp_mask); | 377 | gfp_mask); |
| 375 | if (unlikely(!bio)) | 378 | if (unlikely(!bio)) |
| @@ -697,8 +700,12 @@ static void bio_free_map_data(struct bio_map_data *bmd) | |||
| 697 | static struct bio_map_data *bio_alloc_map_data(int nr_segs, int iov_count, | 700 | static struct bio_map_data *bio_alloc_map_data(int nr_segs, int iov_count, |
| 698 | gfp_t gfp_mask) | 701 | gfp_t gfp_mask) |
| 699 | { | 702 | { |
| 700 | struct bio_map_data *bmd = kmalloc(sizeof(*bmd), gfp_mask); | 703 | struct bio_map_data *bmd; |
| 701 | 704 | ||
| 705 | if (iov_count > UIO_MAXIOV) | ||
| 706 | return NULL; | ||
| 707 | |||
| 708 | bmd = kmalloc(sizeof(*bmd), gfp_mask); | ||
| 702 | if (!bmd) | 709 | if (!bmd) |
| 703 | return NULL; | 710 | return NULL; |
| 704 | 711 | ||
| @@ -827,6 +834,12 @@ struct bio *bio_copy_user_iov(struct request_queue *q, | |||
| 827 | end = (uaddr + iov[i].iov_len + PAGE_SIZE - 1) >> PAGE_SHIFT; | 834 | end = (uaddr + iov[i].iov_len + PAGE_SIZE - 1) >> PAGE_SHIFT; |
| 828 | start = uaddr >> PAGE_SHIFT; | 835 | start = uaddr >> PAGE_SHIFT; |
| 829 | 836 | ||
| 837 | /* | ||
| 838 | * Overflow, abort | ||
| 839 | */ | ||
| 840 | if (end < start) | ||
| 841 | return ERR_PTR(-EINVAL); | ||
| 842 | |||
| 830 | nr_pages += end - start; | 843 | nr_pages += end - start; |
| 831 | len += iov[i].iov_len; | 844 | len += iov[i].iov_len; |
| 832 | } | 845 | } |
| @@ -955,6 +968,12 @@ static struct bio *__bio_map_user_iov(struct request_queue *q, | |||
| 955 | unsigned long end = (uaddr + len + PAGE_SIZE - 1) >> PAGE_SHIFT; | 968 | unsigned long end = (uaddr + len + PAGE_SIZE - 1) >> PAGE_SHIFT; |
| 956 | unsigned long start = uaddr >> PAGE_SHIFT; | 969 | unsigned long start = uaddr >> PAGE_SHIFT; |
| 957 | 970 | ||
| 971 | /* | ||
| 972 | * Overflow, abort | ||
| 973 | */ | ||
| 974 | if (end < start) | ||
| 975 | return ERR_PTR(-EINVAL); | ||
| 976 | |||
| 958 | nr_pages += end - start; | 977 | nr_pages += end - start; |
| 959 | /* | 978 | /* |
| 960 | * buffer must be aligned to at least hardsector size for now | 979 | * buffer must be aligned to at least hardsector size for now |
| @@ -982,7 +1001,7 @@ static struct bio *__bio_map_user_iov(struct request_queue *q, | |||
| 982 | unsigned long start = uaddr >> PAGE_SHIFT; | 1001 | unsigned long start = uaddr >> PAGE_SHIFT; |
| 983 | const int local_nr_pages = end - start; | 1002 | const int local_nr_pages = end - start; |
| 984 | const int page_limit = cur_page + local_nr_pages; | 1003 | const int page_limit = cur_page + local_nr_pages; |
| 985 | 1004 | ||
| 986 | ret = get_user_pages_fast(uaddr, local_nr_pages, | 1005 | ret = get_user_pages_fast(uaddr, local_nr_pages, |
| 987 | write_to_vm, &pages[cur_page]); | 1006 | write_to_vm, &pages[cur_page]); |
| 988 | if (ret < local_nr_pages) { | 1007 | if (ret < local_nr_pages) { |
diff --git a/fs/ioprio.c b/fs/ioprio.c index 748cfb92dcc6..2f7d05c89922 100644 --- a/fs/ioprio.c +++ b/fs/ioprio.c | |||
| @@ -111,12 +111,14 @@ SYSCALL_DEFINE3(ioprio_set, int, which, int, who, int, ioprio) | |||
| 111 | read_lock(&tasklist_lock); | 111 | read_lock(&tasklist_lock); |
| 112 | switch (which) { | 112 | switch (which) { |
| 113 | case IOPRIO_WHO_PROCESS: | 113 | case IOPRIO_WHO_PROCESS: |
| 114 | rcu_read_lock(); | ||
| 114 | if (!who) | 115 | if (!who) |
| 115 | p = current; | 116 | p = current; |
| 116 | else | 117 | else |
| 117 | p = find_task_by_vpid(who); | 118 | p = find_task_by_vpid(who); |
| 118 | if (p) | 119 | if (p) |
| 119 | ret = set_task_ioprio(p, ioprio); | 120 | ret = set_task_ioprio(p, ioprio); |
| 121 | rcu_read_unlock(); | ||
| 120 | break; | 122 | break; |
| 121 | case IOPRIO_WHO_PGRP: | 123 | case IOPRIO_WHO_PGRP: |
| 122 | if (!who) | 124 | if (!who) |
| @@ -139,7 +141,12 @@ SYSCALL_DEFINE3(ioprio_set, int, which, int, who, int, ioprio) | |||
| 139 | break; | 141 | break; |
| 140 | 142 | ||
| 141 | do_each_thread(g, p) { | 143 | do_each_thread(g, p) { |
| 142 | if (__task_cred(p)->uid != who) | 144 | int match; |
| 145 | |||
| 146 | rcu_read_lock(); | ||
| 147 | match = __task_cred(p)->uid == who; | ||
| 148 | rcu_read_unlock(); | ||
| 149 | if (!match) | ||
| 143 | continue; | 150 | continue; |
| 144 | ret = set_task_ioprio(p, ioprio); | 151 | ret = set_task_ioprio(p, ioprio); |
| 145 | if (ret) | 152 | if (ret) |
| @@ -200,12 +207,14 @@ SYSCALL_DEFINE2(ioprio_get, int, which, int, who) | |||
| 200 | read_lock(&tasklist_lock); | 207 | read_lock(&tasklist_lock); |
| 201 | switch (which) { | 208 | switch (which) { |
| 202 | case IOPRIO_WHO_PROCESS: | 209 | case IOPRIO_WHO_PROCESS: |
| 210 | rcu_read_lock(); | ||
| 203 | if (!who) | 211 | if (!who) |
| 204 | p = current; | 212 | p = current; |
| 205 | else | 213 | else |
| 206 | p = find_task_by_vpid(who); | 214 | p = find_task_by_vpid(who); |
| 207 | if (p) | 215 | if (p) |
| 208 | ret = get_task_ioprio(p); | 216 | ret = get_task_ioprio(p); |
| 217 | rcu_read_unlock(); | ||
| 209 | break; | 218 | break; |
| 210 | case IOPRIO_WHO_PGRP: | 219 | case IOPRIO_WHO_PGRP: |
| 211 | if (!who) | 220 | if (!who) |
| @@ -232,7 +241,12 @@ SYSCALL_DEFINE2(ioprio_get, int, which, int, who) | |||
| 232 | break; | 241 | break; |
| 233 | 242 | ||
| 234 | do_each_thread(g, p) { | 243 | do_each_thread(g, p) { |
| 235 | if (__task_cred(p)->uid != user->uid) | 244 | int match; |
| 245 | |||
| 246 | rcu_read_lock(); | ||
| 247 | match = __task_cred(p)->uid == user->uid; | ||
| 248 | rcu_read_unlock(); | ||
| 249 | if (!match) | ||
| 236 | continue; | 250 | continue; |
| 237 | tmpio = get_task_ioprio(p); | 251 | tmpio = get_task_ioprio(p); |
| 238 | if (tmpio < 0) | 252 | if (tmpio < 0) |