[Devel] [PATCH rh7 04/30] kill generic_segment_checks()

Kirill Tkhai ktkhai at virtuozzo.com
Wed May 20 19:03:21 MSK 2020


From: Al Viro <viro at zeniv.linux.org.uk>

ms commit cb66a7a1f149

all callers of ->aio_read() and ->aio_write() have iov/nr_segs already
checked - generic_segment_checks() done after that is just an odd way
to spell iov_length().

Signed-off-by: Al Viro <viro at zeniv.linux.org.uk>

1)generic_segment_checks() is called from ->aio_read() and ->aio_write()
  callbacks;
2)in all callers of ->aio_read() and ->aio_write() we check
  for user iovec via access_ok() and overflows.

Signed-off-by: Kirill Tkhai <ktkhai at virtuozzo.com>
---
 fs/btrfs/file.c    |    7 +-----
 fs/ceph/file.c     |   13 +++--------
 fs/ext4/file.c     |   12 ++---------
 fs/fuse/file.c     |    7 +-----
 fs/gfs2/file.c     |    5 +---
 fs/ntfs/file.c     |    5 +---
 fs/ocfs2/file.c    |    7 +-----
 fs/xfs/xfs_file.c  |   20 ++++--------------
 include/linux/fs.h |    2 --
 mm/filemap.c       |   59 +++-------------------------------------------------
 mm/shmem.c         |    7 +-----
 11 files changed, 18 insertions(+), 126 deletions(-)

diff --git a/fs/btrfs/file.c b/fs/btrfs/file.c
index 44daeffd851e..e14f2e592028 100644
--- a/fs/btrfs/file.c
+++ b/fs/btrfs/file.c
@@ -1821,12 +1821,7 @@ static ssize_t btrfs_file_aio_write(struct kiocb *iocb,
 
 	mutex_lock(&inode->i_mutex);
 
-	err = generic_segment_checks(iov, &nr_segs, &ocount, VERIFY_READ);
-	if (err) {
-		mutex_unlock(&inode->i_mutex);
-		goto out;
-	}
-	count = ocount;
+	count = ocount = iov_length(iov, nr_segs);
 
 	current->backing_dev_info = inode->i_mapping->backing_dev_info;
 	err = generic_write_checks(file, &pos, &count, S_ISBLK(inode->i_mode));
diff --git a/fs/ceph/file.c b/fs/ceph/file.c
index 829f3261ef00..4302940a8a6c 100644
--- a/fs/ceph/file.c
+++ b/fs/ceph/file.c
@@ -1296,12 +1296,8 @@ static ssize_t ceph_aio_read(struct kiocb *iocb, const struct iovec *iov,
 		     inode, ceph_vinop(inode), iocb->ki_pos, (unsigned)len,
 		     ceph_cap_string(got));
 
-		if (!read) {
-			ret = generic_segment_checks(iov, &nr_segs,
-							&len, VERIFY_WRITE);
-			if (ret)
-				goto out;
-		}
+		if (!read)
+			len = iov_length(iov, nr_segs);
 
 		iov_iter_init(&i, iov, nr_segs, len, read);
 
@@ -1336,7 +1332,6 @@ static ssize_t ceph_aio_read(struct kiocb *iocb, const struct iovec *iov,
 		ret = generic_file_aio_read(iocb, iov, nr_segs, pos);
 		ceph_del_rw_context(fi, &rw_ctx);
 	}
-out:
 	dout("aio_read %p %llx.%llx dropping cap refs on %s = %d\n",
 	     inode, ceph_vinop(inode), ceph_cap_string(got), (int)ret);
 	if (pinned_page) {
@@ -1426,9 +1421,7 @@ static ssize_t ceph_aio_write(struct kiocb *iocb, const struct iovec *iov,
 retry_snap:
 	mutex_lock(&inode->i_mutex);
 
-	err = generic_segment_checks(iov, &nr_segs, &count, VERIFY_READ);
-	if (err)
-		goto out;
+	count = iov_length(iov, nr_segs);
 
 	/* We can write back this queue in page reclaim */
 	current->backing_dev_info = file->f_mapping->backing_dev_info;
diff --git a/fs/ext4/file.c b/fs/ext4/file.c
index 970cfe6794e8..fefcbb809bf3 100644
--- a/fs/ext4/file.c
+++ b/fs/ext4/file.c
@@ -221,12 +221,9 @@ ext4_file_dax_write(
 {
 	struct inode *inode = file_inode(iocb->ki_filp);
 	ssize_t			ret;
-	size_t			size = 0;
+	size_t			size = iov_length(iovp, nr_segs);
 
 	inode_lock(inode);
-	ret = generic_segment_checks(iovp, &nr_segs, &size, VERIFY_WRITE);
-	if (ret < 0)
-		return ret;
 	ret = ext4_write_checks(iocb, iovp, nr_segs, &pos);
 	if (ret < 0)
 		goto out;
@@ -514,14 +511,9 @@ ext4_file_dax_read(
 	unsigned long		nr_segs,
 	loff_t			pos)
 {
-	size_t			size = 0;
+	size_t			size = iov_length(iovp, nr_segs);
 	ssize_t			ret = 0;
 	struct inode *inode = file_inode(iocb->ki_filp);
-
-	ret = generic_segment_checks(iovp, &nr_segs, &size, VERIFY_WRITE);
-	if (ret < 0)
-		return ret;
-
 	if (!size)
 		return 0; /* skip atime */
 
diff --git a/fs/fuse/file.c b/fs/fuse/file.c
index 973f1513868a..258bd78a559c 100644
--- a/fs/fuse/file.c
+++ b/fs/fuse/file.c
@@ -1571,12 +1571,7 @@ static ssize_t fuse_file_aio_write(struct kiocb *iocb, const struct iovec *iov,
 
 	WARN_ON(iocb->ki_pos != pos);
 
-	ocount = 0;
-	err = generic_segment_checks(iov, &nr_segs, &ocount, VERIFY_READ);
-	if (err)
-		return err;
-
-	count = ocount;
+	count = ocount = iov_length(iov, nr_segs);
 	mutex_lock(&inode->i_mutex);
 
 	/* We can write back this queue in page reclaim */
diff --git a/fs/gfs2/file.c b/fs/gfs2/file.c
index 53a11f484fb4..553ef0bddc02 100644
--- a/fs/gfs2/file.c
+++ b/fs/gfs2/file.c
@@ -734,10 +734,7 @@ static ssize_t gfs2_file_aio_write(struct kiocb *iocb, const struct iovec *iov,
 	if (io_is_direct(file))
 		return generic_file_aio_write(iocb, iov, nr_segs, pos);
 
-	ocount = 0;
-	ret = generic_segment_checks(iov, &nr_segs, &ocount, VERIFY_READ);
-	if (ret)
-		return ret;
+	ocount = iov_length(iov, nr_segs);
 
 	count = ocount;
 
diff --git a/fs/ntfs/file.c b/fs/ntfs/file.c
index 81adff3fd865..fb72ec6e1a64 100644
--- a/fs/ntfs/file.c
+++ b/fs/ntfs/file.c
@@ -2091,10 +2091,7 @@ static ssize_t ntfs_file_aio_write_nolock(struct kiocb *iocb,
 	size_t count;		/* after file limit checks */
 	ssize_t written, err;
 
-	count = 0;
-	err = generic_segment_checks(iov, &nr_segs, &count, VERIFY_READ);
-	if (err)
-		return err;
+	count = iov_length(iov, nr_segs);
 	pos = *ppos;
 	/* We can write back this queue in page reclaim. */
 	current->backing_dev_info = mapping->backing_dev_info;
diff --git a/fs/ocfs2/file.c b/fs/ocfs2/file.c
index 60ea07def7e2..dfa86a02e160 100644
--- a/fs/ocfs2/file.c
+++ b/fs/ocfs2/file.c
@@ -2344,12 +2344,7 @@ static ssize_t ocfs2_file_aio_write(struct kiocb *iocb,
 	/* communicate with ocfs2_dio_end_io */
 	ocfs2_iocb_set_rw_locked(iocb, rw_level);
 
-	ret = generic_segment_checks(iov, &nr_segs, &ocount,
-				     VERIFY_READ);
-	if (ret)
-		goto out_dio;
-
-	count = ocount;
+	count = ocount = iov_length(iov, nr_segs);
 	ret = generic_write_checks(file, ppos, &count,
 				   S_ISBLK(inode->i_mode));
 	if (ret)
diff --git a/fs/xfs/xfs_file.c b/fs/xfs/xfs_file.c
index 0fe09671c6b8..5fb17574f0ce 100644
--- a/fs/xfs/xfs_file.c
+++ b/fs/xfs/xfs_file.c
@@ -255,10 +255,7 @@ xfs_file_dio_aio_read(
 	ssize_t			ret = 0;
 	loff_t			end;
 
-
-	ret = generic_segment_checks(iovp, &nr_segs, &size, VERIFY_WRITE);
-	if (ret < 0)
-		return ret;
+	size = iov_length(iovp, nr_segs);
 	end = iocb->ki_pos + size - 1;
 
 	trace_xfs_file_direct_read(ip, size, iocb->ki_pos);
@@ -318,9 +315,7 @@ xfs_file_dax_read(
 	size_t			size = 0;
 	ssize_t			ret = 0;
 
-	ret = generic_segment_checks(iovp, &nr_segs, &size, VERIFY_WRITE);
-	if (ret < 0)
-		return ret;
+	size = iov_length(iovp, nr_segs);
 
 	trace_xfs_file_dax_read(ip, size, iocb->ki_pos);
 
@@ -344,13 +339,9 @@ xfs_file_buffered_aio_read(
 	loff_t			pos)
 {
 	struct xfs_inode	*ip = XFS_I(file_inode(iocb->ki_filp));
-	size_t			size = 0;
+	size_t			size = iov_length(iovp, nr_segs);
 	ssize_t			ret;
 
-	ret = generic_segment_checks(iovp, &nr_segs, &size, VERIFY_WRITE);
-	if (ret < 0)
-		return ret;
-
 	trace_xfs_file_buffered_read(ip, size, iocb->ki_pos);
 	xfs_rw_ilock(ip, XFS_IOLOCK_SHARED);
 	ret = generic_file_aio_read(iocb, iovp, nr_segs, pos);
@@ -885,10 +876,7 @@ xfs_file_aio_write(
 
 	BUG_ON(iocb->ki_pos != pos);
 
-	ret = generic_segment_checks(iovp, &nr_segs, &ocount, VERIFY_READ);
-	if (ret)
-		return ret;
-
+	ocount = iov_length(iovp, nr_segs);
 	if (ocount == 0)
 		return 0;
 
diff --git a/include/linux/fs.h b/include/linux/fs.h
index f778fcc3bcc5..4992b89b3cba 100644
--- a/include/linux/fs.h
+++ b/include/linux/fs.h
@@ -3226,8 +3226,6 @@ extern ssize_t generic_file_buffered_write_iter(struct kiocb *, struct iov_iter
 		loff_t, loff_t *, ssize_t);
 extern ssize_t do_sync_read(struct file *filp, char __user *buf, size_t len, loff_t *ppos);
 extern ssize_t do_sync_write(struct file *filp, const char __user *buf, size_t len, loff_t *ppos);
-extern int generic_segment_checks(const struct iovec *iov,
-		unsigned long *nr_segs, size_t *count, int access_flags);
 
 /* fs/block_dev.c */
 extern ssize_t blkdev_aio_read(struct kiocb *, const struct iovec *,
diff --git a/mm/filemap.c b/mm/filemap.c
index d13bc7fef066..cd72517769f4 100644
--- a/mm/filemap.c
+++ b/mm/filemap.c
@@ -1987,45 +1987,6 @@ int file_read_actor(read_descriptor_t *desc, struct page *page,
 	return size;
 }
 
-/*
- * Performs necessary checks before doing a write
- * @iov:	io vector request
- * @nr_segs:	number of segments in the iovec
- * @count:	number of bytes to write
- * @access_flags: type of access: %VERIFY_READ or %VERIFY_WRITE
- *
- * Adjust number of segments and amount of bytes to write (nr_segs should be
- * properly initialized first). Returns appropriate error code that caller
- * should return or zero in case that write should be allowed.
- */
-int generic_segment_checks(const struct iovec *iov,
-			unsigned long *nr_segs, size_t *count, int access_flags)
-{
-	unsigned long   seg;
-	size_t cnt = 0;
-	for (seg = 0; seg < *nr_segs; seg++) {
-		const struct iovec *iv = &iov[seg];
-
-		/*
-		 * If any segment has a negative length, or the cumulative
-		 * length ever wraps negative then return -EINVAL.
-		 */
-		cnt += iv->iov_len;
-		if (unlikely((ssize_t)(cnt|iv->iov_len) < 0))
-			return -EINVAL;
-		if (access_ok(access_flags, iv->iov_base, iv->iov_len))
-			continue;
-		if (seg == 0)
-			return -EFAULT;
-		*nr_segs = seg;
-		cnt -= iv->iov_len;	/* This segment is no good */
-		break;
-	}
-	*count = cnt;
-	return 0;
-}
-EXPORT_SYMBOL(generic_segment_checks);
-
 static ssize_t mapping_direct_IO(struct address_space *mapping, int rw,
 			         struct kiocb *iocb, struct iov_iter *iter,
 			         loff_t pos)
@@ -2155,13 +2116,7 @@ generic_file_aio_read(struct kiocb *iocb, const struct iovec *iov,
 		unsigned long nr_segs, loff_t pos)
 {
 	struct iov_iter iter;
-	int ret;
-	size_t count;
-
-	count = 0;
-	ret = generic_segment_checks(iov, &nr_segs, &count, VERIFY_WRITE);
-	if (ret)
-		return ret;
+	size_t count = iov_length(iov, nr_segs);
 
 	iov_iter_init(&iter, iov, nr_segs, count, 0);
 
@@ -3191,19 +3146,11 @@ __generic_file_aio_write(struct kiocb *iocb, const struct iovec *iov,
 			 unsigned long nr_segs, loff_t *ppos)
 {
 	struct iov_iter iter;
-	size_t count;
-	int ret;
-
-	count = 0;
-	ret = generic_segment_checks(iov, &nr_segs, &count, VERIFY_READ);
-	if (ret)
-		goto out;
+	size_t count = iov_length(iov, nr_segs);
 
 	iov_iter_init(&iter, iov, nr_segs, count, 0);
 
-	ret = __generic_file_write_iter(iocb, &iter, ppos);
-out:
-	return ret;
+	return __generic_file_write_iter(iocb, &iter, ppos);
 }
 EXPORT_SYMBOL(__generic_file_aio_write);
 
diff --git a/mm/shmem.c b/mm/shmem.c
index 12cab4a18bc3..a9e0877c4bb3 100644
--- a/mm/shmem.c
+++ b/mm/shmem.c
@@ -1953,15 +1953,10 @@ static ssize_t shmem_file_aio_read(struct kiocb *iocb,
 		const struct iovec *iov, unsigned long nr_segs, loff_t pos)
 {
 	struct file *filp = iocb->ki_filp;
-	ssize_t retval;
+	ssize_t retval = 0;
 	unsigned long seg;
-	size_t count;
 	loff_t *ppos = &iocb->ki_pos;
 
-	retval = generic_segment_checks(iov, &nr_segs, &count, VERIFY_WRITE);
-	if (retval)
-		return retval;
-
 	for (seg = 0; seg < nr_segs; seg++) {
 		read_descriptor_t desc;
 




More information about the Devel mailing list