1 /*
2 * linux/fs/read_write.c
3 *
4 * Copyright (C) 1991, 1992 Linus Torvalds
5 */
6
7 #include <linux/slab.h>
8 #include <linux/stat.h>
9 #include <linux/fcntl.h>
10 #include <linux/file.h>
11 #include <linux/uio.h>
12 #include <linux/fsnotify.h>
13 #include <linux/security.h>
14 #include <linux/export.h>
15 #include <linux/syscalls.h>
16 #include <linux/pagemap.h>
17 #include <linux/splice.h>
18 #include <linux/compat.h>
19 #include "internal.h"
20
21 #include <asm/uaccess.h>
22 #include <asm/unistd.h>
23
24 typedef ssize_t (*io_fn_t)(struct file *, char __user *, size_t, loff_t *);
25 typedef ssize_t (*iter_fn_t)(struct kiocb *, struct iov_iter *);
26
27 const struct file_operations generic_ro_fops = {
28 .llseek = generic_file_llseek,
29 .read_iter = generic_file_read_iter,
30 .mmap = generic_file_readonly_mmap,
31 .splice_read = generic_file_splice_read,
32 };
33
34 EXPORT_SYMBOL(generic_ro_fops);
35
unsigned_offsets(struct file * file)36 static inline int unsigned_offsets(struct file *file)
37 {
38 return file->f_mode & FMODE_UNSIGNED_OFFSET;
39 }
40
41 /**
42 * vfs_setpos - update the file offset for lseek
43 * @file: file structure in question
44 * @offset: file offset to seek to
45 * @maxsize: maximum file size
46 *
47 * This is a low-level filesystem helper for updating the file offset to
48 * the value specified by @offset if the given offset is valid and it is
49 * not equal to the current file offset.
50 *
51 * Return the specified offset on success and -EINVAL on invalid offset.
52 */
vfs_setpos(struct file * file,loff_t offset,loff_t maxsize)53 loff_t vfs_setpos(struct file *file, loff_t offset, loff_t maxsize)
54 {
55 if (offset < 0 && !unsigned_offsets(file))
56 return -EINVAL;
57 if (offset > maxsize)
58 return -EINVAL;
59
60 if (offset != file->f_pos) {
61 file->f_pos = offset;
62 file->f_version = 0;
63 }
64 return offset;
65 }
66 EXPORT_SYMBOL(vfs_setpos);
67
68 /**
69 * generic_file_llseek_size - generic llseek implementation for regular files
70 * @file: file structure to seek on
71 * @offset: file offset to seek to
72 * @whence: type of seek
73 * @size: max size of this file in file system
74 * @eof: offset used for SEEK_END position
75 *
76 * This is a variant of generic_file_llseek that allows passing in a custom
77 * maximum file size and a custom EOF position, for e.g. hashed directories
78 *
79 * Synchronization:
80 * SEEK_SET and SEEK_END are unsynchronized (but atomic on 64bit platforms)
81 * SEEK_CUR is synchronized against other SEEK_CURs, but not read/writes.
82 * read/writes behave like SEEK_SET against seeks.
83 */
84 loff_t
generic_file_llseek_size(struct file * file,loff_t offset,int whence,loff_t maxsize,loff_t eof)85 generic_file_llseek_size(struct file *file, loff_t offset, int whence,
86 loff_t maxsize, loff_t eof)
87 {
88 switch (whence) {
89 case SEEK_END:
90 offset += eof;
91 break;
92 case SEEK_CUR:
93 /*
94 * Here we special-case the lseek(fd, 0, SEEK_CUR)
95 * position-querying operation. Avoid rewriting the "same"
96 * f_pos value back to the file because a concurrent read(),
97 * write() or lseek() might have altered it
98 */
99 if (offset == 0)
100 return file->f_pos;
101 /*
102 * f_lock protects against read/modify/write race with other
103 * SEEK_CURs. Note that parallel writes and reads behave
104 * like SEEK_SET.
105 */
106 spin_lock(&file->f_lock);
107 offset = vfs_setpos(file, file->f_pos + offset, maxsize);
108 spin_unlock(&file->f_lock);
109 return offset;
110 case SEEK_DATA:
111 /*
112 * In the generic case the entire file is data, so as long as
113 * offset isn't at the end of the file then the offset is data.
114 */
115 if ((unsigned long long)offset >= eof)
116 return -ENXIO;
117 break;
118 case SEEK_HOLE:
119 /*
120 * There is a virtual hole at the end of the file, so as long as
121 * offset isn't i_size or larger, return i_size.
122 */
123 if ((unsigned long long)offset >= eof)
124 return -ENXIO;
125 offset = eof;
126 break;
127 }
128
129 return vfs_setpos(file, offset, maxsize);
130 }
131 EXPORT_SYMBOL(generic_file_llseek_size);
132
133 /**
134 * generic_file_llseek - generic llseek implementation for regular files
135 * @file: file structure to seek on
136 * @offset: file offset to seek to
137 * @whence: type of seek
138 *
139 * This is a generic implemenation of ->llseek useable for all normal local
140 * filesystems. It just updates the file offset to the value specified by
141 * @offset and @whence.
142 */
generic_file_llseek(struct file * file,loff_t offset,int whence)143 loff_t generic_file_llseek(struct file *file, loff_t offset, int whence)
144 {
145 struct inode *inode = file->f_mapping->host;
146
147 return generic_file_llseek_size(file, offset, whence,
148 inode->i_sb->s_maxbytes,
149 i_size_read(inode));
150 }
151 EXPORT_SYMBOL(generic_file_llseek);
152
153 /**
154 * fixed_size_llseek - llseek implementation for fixed-sized devices
155 * @file: file structure to seek on
156 * @offset: file offset to seek to
157 * @whence: type of seek
158 * @size: size of the file
159 *
160 */
fixed_size_llseek(struct file * file,loff_t offset,int whence,loff_t size)161 loff_t fixed_size_llseek(struct file *file, loff_t offset, int whence, loff_t size)
162 {
163 switch (whence) {
164 case SEEK_SET: case SEEK_CUR: case SEEK_END:
165 return generic_file_llseek_size(file, offset, whence,
166 size, size);
167 default:
168 return -EINVAL;
169 }
170 }
171 EXPORT_SYMBOL(fixed_size_llseek);
172
173 /**
174 * noop_llseek - No Operation Performed llseek implementation
175 * @file: file structure to seek on
176 * @offset: file offset to seek to
177 * @whence: type of seek
178 *
179 * This is an implementation of ->llseek useable for the rare special case when
180 * userspace expects the seek to succeed but the (device) file is actually not
181 * able to perform the seek. In this case you use noop_llseek() instead of
182 * falling back to the default implementation of ->llseek.
183 */
noop_llseek(struct file * file,loff_t offset,int whence)184 loff_t noop_llseek(struct file *file, loff_t offset, int whence)
185 {
186 return file->f_pos;
187 }
188 EXPORT_SYMBOL(noop_llseek);
189
no_llseek(struct file * file,loff_t offset,int whence)190 loff_t no_llseek(struct file *file, loff_t offset, int whence)
191 {
192 return -ESPIPE;
193 }
194 EXPORT_SYMBOL(no_llseek);
195
default_llseek(struct file * file,loff_t offset,int whence)196 loff_t default_llseek(struct file *file, loff_t offset, int whence)
197 {
198 struct inode *inode = file_inode(file);
199 loff_t retval;
200
201 mutex_lock(&inode->i_mutex);
202 switch (whence) {
203 case SEEK_END:
204 offset += i_size_read(inode);
205 break;
206 case SEEK_CUR:
207 if (offset == 0) {
208 retval = file->f_pos;
209 goto out;
210 }
211 offset += file->f_pos;
212 break;
213 case SEEK_DATA:
214 /*
215 * In the generic case the entire file is data, so as
216 * long as offset isn't at the end of the file then the
217 * offset is data.
218 */
219 if (offset >= inode->i_size) {
220 retval = -ENXIO;
221 goto out;
222 }
223 break;
224 case SEEK_HOLE:
225 /*
226 * There is a virtual hole at the end of the file, so
227 * as long as offset isn't i_size or larger, return
228 * i_size.
229 */
230 if (offset >= inode->i_size) {
231 retval = -ENXIO;
232 goto out;
233 }
234 offset = inode->i_size;
235 break;
236 }
237 retval = -EINVAL;
238 if (offset >= 0 || unsigned_offsets(file)) {
239 if (offset != file->f_pos) {
240 file->f_pos = offset;
241 file->f_version = 0;
242 }
243 retval = offset;
244 }
245 out:
246 mutex_unlock(&inode->i_mutex);
247 return retval;
248 }
249 EXPORT_SYMBOL(default_llseek);
250
vfs_llseek(struct file * file,loff_t offset,int whence)251 loff_t vfs_llseek(struct file *file, loff_t offset, int whence)
252 {
253 loff_t (*fn)(struct file *, loff_t, int);
254
255 fn = no_llseek;
256 if (file->f_mode & FMODE_LSEEK) {
257 if (file->f_op->llseek)
258 fn = file->f_op->llseek;
259 }
260 return fn(file, offset, whence);
261 }
262 EXPORT_SYMBOL(vfs_llseek);
263
fdget_pos(int fd)264 static inline struct fd fdget_pos(int fd)
265 {
266 return __to_fd(__fdget_pos(fd));
267 }
268
fdput_pos(struct fd f)269 static inline void fdput_pos(struct fd f)
270 {
271 if (f.flags & FDPUT_POS_UNLOCK)
272 mutex_unlock(&f.file->f_pos_lock);
273 fdput(f);
274 }
275
SYSCALL_DEFINE3(lseek,unsigned int,fd,off_t,offset,unsigned int,whence)276 SYSCALL_DEFINE3(lseek, unsigned int, fd, off_t, offset, unsigned int, whence)
277 {
278 off_t retval;
279 struct fd f = fdget_pos(fd);
280 if (!f.file)
281 return -EBADF;
282
283 retval = -EINVAL;
284 if (whence <= SEEK_MAX) {
285 loff_t res = vfs_llseek(f.file, offset, whence);
286 retval = res;
287 if (res != (loff_t)retval)
288 retval = -EOVERFLOW; /* LFS: should only happen on 32 bit platforms */
289 }
290 fdput_pos(f);
291 return retval;
292 }
293
294 #ifdef CONFIG_COMPAT
COMPAT_SYSCALL_DEFINE3(lseek,unsigned int,fd,compat_off_t,offset,unsigned int,whence)295 COMPAT_SYSCALL_DEFINE3(lseek, unsigned int, fd, compat_off_t, offset, unsigned int, whence)
296 {
297 return sys_lseek(fd, offset, whence);
298 }
299 #endif
300
301 #ifdef __ARCH_WANT_SYS_LLSEEK
SYSCALL_DEFINE5(llseek,unsigned int,fd,unsigned long,offset_high,unsigned long,offset_low,loff_t __user *,result,unsigned int,whence)302 SYSCALL_DEFINE5(llseek, unsigned int, fd, unsigned long, offset_high,
303 unsigned long, offset_low, loff_t __user *, result,
304 unsigned int, whence)
305 {
306 int retval;
307 struct fd f = fdget_pos(fd);
308 loff_t offset;
309
310 if (!f.file)
311 return -EBADF;
312
313 retval = -EINVAL;
314 if (whence > SEEK_MAX)
315 goto out_putf;
316
317 offset = vfs_llseek(f.file, ((loff_t) offset_high << 32) | offset_low,
318 whence);
319
320 retval = (int)offset;
321 if (offset >= 0) {
322 retval = -EFAULT;
323 if (!copy_to_user(result, &offset, sizeof(offset)))
324 retval = 0;
325 }
326 out_putf:
327 fdput_pos(f);
328 return retval;
329 }
330 #endif
331
vfs_iter_read(struct file * file,struct iov_iter * iter,loff_t * ppos)332 ssize_t vfs_iter_read(struct file *file, struct iov_iter *iter, loff_t *ppos)
333 {
334 struct kiocb kiocb;
335 ssize_t ret;
336
337 if (!file->f_op->read_iter)
338 return -EINVAL;
339
340 init_sync_kiocb(&kiocb, file);
341 kiocb.ki_pos = *ppos;
342
343 iter->type |= READ;
344 ret = file->f_op->read_iter(&kiocb, iter);
345 BUG_ON(ret == -EIOCBQUEUED);
346 if (ret > 0)
347 *ppos = kiocb.ki_pos;
348 return ret;
349 }
350 EXPORT_SYMBOL(vfs_iter_read);
351
vfs_iter_write(struct file * file,struct iov_iter * iter,loff_t * ppos)352 ssize_t vfs_iter_write(struct file *file, struct iov_iter *iter, loff_t *ppos)
353 {
354 struct kiocb kiocb;
355 ssize_t ret;
356
357 if (!file->f_op->write_iter)
358 return -EINVAL;
359
360 init_sync_kiocb(&kiocb, file);
361 kiocb.ki_pos = *ppos;
362
363 iter->type |= WRITE;
364 ret = file->f_op->write_iter(&kiocb, iter);
365 BUG_ON(ret == -EIOCBQUEUED);
366 if (ret > 0) {
367 *ppos = kiocb.ki_pos;
368 fsnotify_modify(file);
369 }
370 return ret;
371 }
372 EXPORT_SYMBOL(vfs_iter_write);
373
374 /*
375 * rw_verify_area doesn't like huge counts. We limit
376 * them to something that fits in "int" so that others
377 * won't have to do range checks all the time.
378 */
rw_verify_area(int read_write,struct file * file,const loff_t * ppos,size_t count)379 int rw_verify_area(int read_write, struct file *file, const loff_t *ppos, size_t count)
380 {
381 struct inode *inode;
382 loff_t pos;
383 int retval = -EINVAL;
384
385 inode = file_inode(file);
386 if (unlikely((ssize_t) count < 0))
387 return retval;
388 pos = *ppos;
389 if (unlikely(pos < 0)) {
390 if (!unsigned_offsets(file))
391 return retval;
392 if (count >= -pos) /* both values are in 0..LLONG_MAX */
393 return -EOVERFLOW;
394 } else if (unlikely((loff_t) (pos + count) < 0)) {
395 if (!unsigned_offsets(file))
396 return retval;
397 }
398
399 if (unlikely(inode->i_flctx && mandatory_lock(inode))) {
400 retval = locks_mandatory_area(
401 read_write == READ ? FLOCK_VERIFY_READ : FLOCK_VERIFY_WRITE,
402 inode, file, pos, count);
403 if (retval < 0)
404 return retval;
405 }
406 retval = security_file_permission(file,
407 read_write == READ ? MAY_READ : MAY_WRITE);
408 if (retval)
409 return retval;
410 return count > MAX_RW_COUNT ? MAX_RW_COUNT : count;
411 }
412
new_sync_read(struct file * filp,char __user * buf,size_t len,loff_t * ppos)413 static ssize_t new_sync_read(struct file *filp, char __user *buf, size_t len, loff_t *ppos)
414 {
415 struct iovec iov = { .iov_base = buf, .iov_len = len };
416 struct kiocb kiocb;
417 struct iov_iter iter;
418 ssize_t ret;
419
420 init_sync_kiocb(&kiocb, filp);
421 kiocb.ki_pos = *ppos;
422 iov_iter_init(&iter, READ, &iov, 1, len);
423
424 ret = filp->f_op->read_iter(&kiocb, &iter);
425 BUG_ON(ret == -EIOCBQUEUED);
426 *ppos = kiocb.ki_pos;
427 return ret;
428 }
429
__vfs_read(struct file * file,char __user * buf,size_t count,loff_t * pos)430 ssize_t __vfs_read(struct file *file, char __user *buf, size_t count,
431 loff_t *pos)
432 {
433 if (file->f_op->read)
434 return file->f_op->read(file, buf, count, pos);
435 else if (file->f_op->read_iter)
436 return new_sync_read(file, buf, count, pos);
437 else
438 return -EINVAL;
439 }
440 EXPORT_SYMBOL(__vfs_read);
441
vfs_read(struct file * file,char __user * buf,size_t count,loff_t * pos)442 ssize_t vfs_read(struct file *file, char __user *buf, size_t count, loff_t *pos)
443 {
444 ssize_t ret;
445
446 if (!(file->f_mode & FMODE_READ))
447 return -EBADF;
448 if (!(file->f_mode & FMODE_CAN_READ))
449 return -EINVAL;
450 if (unlikely(!access_ok(VERIFY_WRITE, buf, count)))
451 return -EFAULT;
452
453 ret = rw_verify_area(READ, file, pos, count);
454 if (ret >= 0) {
455 count = ret;
456 ret = __vfs_read(file, buf, count, pos);
457 if (ret > 0) {
458 fsnotify_access(file);
459 add_rchar(current, ret);
460 }
461 inc_syscr(current);
462 }
463
464 return ret;
465 }
466
467 EXPORT_SYMBOL(vfs_read);
468
new_sync_write(struct file * filp,const char __user * buf,size_t len,loff_t * ppos)469 static ssize_t new_sync_write(struct file *filp, const char __user *buf, size_t len, loff_t *ppos)
470 {
471 struct iovec iov = { .iov_base = (void __user *)buf, .iov_len = len };
472 struct kiocb kiocb;
473 struct iov_iter iter;
474 ssize_t ret;
475
476 init_sync_kiocb(&kiocb, filp);
477 kiocb.ki_pos = *ppos;
478 iov_iter_init(&iter, WRITE, &iov, 1, len);
479
480 ret = filp->f_op->write_iter(&kiocb, &iter);
481 BUG_ON(ret == -EIOCBQUEUED);
482 if (ret > 0)
483 *ppos = kiocb.ki_pos;
484 return ret;
485 }
486
__vfs_write(struct file * file,const char __user * p,size_t count,loff_t * pos)487 ssize_t __vfs_write(struct file *file, const char __user *p, size_t count,
488 loff_t *pos)
489 {
490 if (file->f_op->write)
491 return file->f_op->write(file, p, count, pos);
492 else if (file->f_op->write_iter)
493 return new_sync_write(file, p, count, pos);
494 else
495 return -EINVAL;
496 }
497 EXPORT_SYMBOL(__vfs_write);
498
__kernel_write(struct file * file,const char * buf,size_t count,loff_t * pos)499 ssize_t __kernel_write(struct file *file, const char *buf, size_t count, loff_t *pos)
500 {
501 mm_segment_t old_fs;
502 const char __user *p;
503 ssize_t ret;
504
505 if (!(file->f_mode & FMODE_CAN_WRITE))
506 return -EINVAL;
507
508 old_fs = get_fs();
509 set_fs(get_ds());
510 p = (__force const char __user *)buf;
511 if (count > MAX_RW_COUNT)
512 count = MAX_RW_COUNT;
513 ret = __vfs_write(file, p, count, pos);
514 set_fs(old_fs);
515 if (ret > 0) {
516 fsnotify_modify(file);
517 add_wchar(current, ret);
518 }
519 inc_syscw(current);
520 return ret;
521 }
522
523 EXPORT_SYMBOL(__kernel_write);
524
vfs_write(struct file * file,const char __user * buf,size_t count,loff_t * pos)525 ssize_t vfs_write(struct file *file, const char __user *buf, size_t count, loff_t *pos)
526 {
527 ssize_t ret;
528
529 if (!(file->f_mode & FMODE_WRITE))
530 return -EBADF;
531 if (!(file->f_mode & FMODE_CAN_WRITE))
532 return -EINVAL;
533 if (unlikely(!access_ok(VERIFY_READ, buf, count)))
534 return -EFAULT;
535
536 ret = rw_verify_area(WRITE, file, pos, count);
537 if (ret >= 0) {
538 count = ret;
539 file_start_write(file);
540 ret = __vfs_write(file, buf, count, pos);
541 if (ret > 0) {
542 fsnotify_modify(file);
543 add_wchar(current, ret);
544 }
545 inc_syscw(current);
546 file_end_write(file);
547 }
548
549 return ret;
550 }
551
552 EXPORT_SYMBOL(vfs_write);
553
file_pos_read(struct file * file)554 static inline loff_t file_pos_read(struct file *file)
555 {
556 return file->f_mode & FMODE_STREAM ? 0 : file->f_pos;
557 }
558
file_pos_write(struct file * file,loff_t pos)559 static inline void file_pos_write(struct file *file, loff_t pos)
560 {
561 if ((file->f_mode & FMODE_STREAM) == 0)
562 file->f_pos = pos;
563 }
564
SYSCALL_DEFINE3(read,unsigned int,fd,char __user *,buf,size_t,count)565 SYSCALL_DEFINE3(read, unsigned int, fd, char __user *, buf, size_t, count)
566 {
567 struct fd f = fdget_pos(fd);
568 ssize_t ret = -EBADF;
569
570 if (f.file) {
571 loff_t pos = file_pos_read(f.file);
572 ret = vfs_read(f.file, buf, count, &pos);
573 if (ret >= 0)
574 file_pos_write(f.file, pos);
575 fdput_pos(f);
576 }
577 return ret;
578 }
579
SYSCALL_DEFINE3(write,unsigned int,fd,const char __user *,buf,size_t,count)580 SYSCALL_DEFINE3(write, unsigned int, fd, const char __user *, buf,
581 size_t, count)
582 {
583 struct fd f = fdget_pos(fd);
584 ssize_t ret = -EBADF;
585
586 if (f.file) {
587 loff_t pos = file_pos_read(f.file);
588 ret = vfs_write(f.file, buf, count, &pos);
589 if (ret >= 0)
590 file_pos_write(f.file, pos);
591 fdput_pos(f);
592 }
593
594 return ret;
595 }
596
SYSCALL_DEFINE4(pread64,unsigned int,fd,char __user *,buf,size_t,count,loff_t,pos)597 SYSCALL_DEFINE4(pread64, unsigned int, fd, char __user *, buf,
598 size_t, count, loff_t, pos)
599 {
600 struct fd f;
601 ssize_t ret = -EBADF;
602
603 if (pos < 0)
604 return -EINVAL;
605
606 f = fdget(fd);
607 if (f.file) {
608 ret = -ESPIPE;
609 if (f.file->f_mode & FMODE_PREAD)
610 ret = vfs_read(f.file, buf, count, &pos);
611 fdput(f);
612 }
613
614 return ret;
615 }
616
SYSCALL_DEFINE4(pwrite64,unsigned int,fd,const char __user *,buf,size_t,count,loff_t,pos)617 SYSCALL_DEFINE4(pwrite64, unsigned int, fd, const char __user *, buf,
618 size_t, count, loff_t, pos)
619 {
620 struct fd f;
621 ssize_t ret = -EBADF;
622
623 if (pos < 0)
624 return -EINVAL;
625
626 f = fdget(fd);
627 if (f.file) {
628 ret = -ESPIPE;
629 if (f.file->f_mode & FMODE_PWRITE)
630 ret = vfs_write(f.file, buf, count, &pos);
631 fdput(f);
632 }
633
634 return ret;
635 }
636
637 /*
638 * Reduce an iovec's length in-place. Return the resulting number of segments
639 */
iov_shorten(struct iovec * iov,unsigned long nr_segs,size_t to)640 unsigned long iov_shorten(struct iovec *iov, unsigned long nr_segs, size_t to)
641 {
642 unsigned long seg = 0;
643 size_t len = 0;
644
645 while (seg < nr_segs) {
646 seg++;
647 if (len + iov->iov_len >= to) {
648 iov->iov_len = to - len;
649 break;
650 }
651 len += iov->iov_len;
652 iov++;
653 }
654 return seg;
655 }
656 EXPORT_SYMBOL(iov_shorten);
657
do_iter_readv_writev(struct file * filp,struct iov_iter * iter,loff_t * ppos,iter_fn_t fn)658 static ssize_t do_iter_readv_writev(struct file *filp, struct iov_iter *iter,
659 loff_t *ppos, iter_fn_t fn)
660 {
661 struct kiocb kiocb;
662 ssize_t ret;
663
664 init_sync_kiocb(&kiocb, filp);
665 kiocb.ki_pos = *ppos;
666
667 ret = fn(&kiocb, iter);
668 BUG_ON(ret == -EIOCBQUEUED);
669 *ppos = kiocb.ki_pos;
670 return ret;
671 }
672
673 /* Do it by hand, with file-ops */
do_loop_readv_writev(struct file * filp,struct iov_iter * iter,loff_t * ppos,io_fn_t fn)674 static ssize_t do_loop_readv_writev(struct file *filp, struct iov_iter *iter,
675 loff_t *ppos, io_fn_t fn)
676 {
677 ssize_t ret = 0;
678
679 while (iov_iter_count(iter)) {
680 struct iovec iovec = iov_iter_iovec(iter);
681 ssize_t nr;
682
683 nr = fn(filp, iovec.iov_base, iovec.iov_len, ppos);
684
685 if (nr < 0) {
686 if (!ret)
687 ret = nr;
688 break;
689 }
690 ret += nr;
691 if (nr != iovec.iov_len)
692 break;
693 iov_iter_advance(iter, nr);
694 }
695
696 return ret;
697 }
698
699 /* A write operation does a read from user space and vice versa */
700 #define vrfy_dir(type) ((type) == READ ? VERIFY_WRITE : VERIFY_READ)
701
rw_copy_check_uvector(int type,const struct iovec __user * uvector,unsigned long nr_segs,unsigned long fast_segs,struct iovec * fast_pointer,struct iovec ** ret_pointer)702 ssize_t rw_copy_check_uvector(int type, const struct iovec __user * uvector,
703 unsigned long nr_segs, unsigned long fast_segs,
704 struct iovec *fast_pointer,
705 struct iovec **ret_pointer)
706 {
707 unsigned long seg;
708 ssize_t ret;
709 struct iovec *iov = fast_pointer;
710
711 /*
712 * SuS says "The readv() function *may* fail if the iovcnt argument
713 * was less than or equal to 0, or greater than {IOV_MAX}. Linux has
714 * traditionally returned zero for zero segments, so...
715 */
716 if (nr_segs == 0) {
717 ret = 0;
718 goto out;
719 }
720
721 /*
722 * First get the "struct iovec" from user memory and
723 * verify all the pointers
724 */
725 if (nr_segs > UIO_MAXIOV) {
726 ret = -EINVAL;
727 goto out;
728 }
729 if (nr_segs > fast_segs) {
730 iov = kmalloc(nr_segs*sizeof(struct iovec), GFP_KERNEL);
731 if (iov == NULL) {
732 ret = -ENOMEM;
733 goto out;
734 }
735 }
736 if (copy_from_user(iov, uvector, nr_segs*sizeof(*uvector))) {
737 ret = -EFAULT;
738 goto out;
739 }
740
741 /*
742 * According to the Single Unix Specification we should return EINVAL
743 * if an element length is < 0 when cast to ssize_t or if the
744 * total length would overflow the ssize_t return value of the
745 * system call.
746 *
747 * Linux caps all read/write calls to MAX_RW_COUNT, and avoids the
748 * overflow case.
749 */
750 ret = 0;
751 for (seg = 0; seg < nr_segs; seg++) {
752 void __user *buf = iov[seg].iov_base;
753 ssize_t len = (ssize_t)iov[seg].iov_len;
754
755 /* see if we we're about to use an invalid len or if
756 * it's about to overflow ssize_t */
757 if (len < 0) {
758 ret = -EINVAL;
759 goto out;
760 }
761 if (type >= 0
762 && unlikely(!access_ok(vrfy_dir(type), buf, len))) {
763 ret = -EFAULT;
764 goto out;
765 }
766 if (len > MAX_RW_COUNT - ret) {
767 len = MAX_RW_COUNT - ret;
768 iov[seg].iov_len = len;
769 }
770 ret += len;
771 }
772 out:
773 *ret_pointer = iov;
774 return ret;
775 }
776
do_readv_writev(int type,struct file * file,const struct iovec __user * uvector,unsigned long nr_segs,loff_t * pos)777 static ssize_t do_readv_writev(int type, struct file *file,
778 const struct iovec __user * uvector,
779 unsigned long nr_segs, loff_t *pos)
780 {
781 size_t tot_len;
782 struct iovec iovstack[UIO_FASTIOV];
783 struct iovec *iov = iovstack;
784 struct iov_iter iter;
785 ssize_t ret;
786 io_fn_t fn;
787 iter_fn_t iter_fn;
788
789 ret = import_iovec(type, uvector, nr_segs,
790 ARRAY_SIZE(iovstack), &iov, &iter);
791 if (ret < 0)
792 return ret;
793
794 tot_len = iov_iter_count(&iter);
795 if (!tot_len)
796 goto out;
797 ret = rw_verify_area(type, file, pos, tot_len);
798 if (ret < 0)
799 goto out;
800
801 if (type == READ) {
802 fn = file->f_op->read;
803 iter_fn = file->f_op->read_iter;
804 } else {
805 fn = (io_fn_t)file->f_op->write;
806 iter_fn = file->f_op->write_iter;
807 file_start_write(file);
808 }
809
810 if (iter_fn)
811 ret = do_iter_readv_writev(file, &iter, pos, iter_fn);
812 else
813 ret = do_loop_readv_writev(file, &iter, pos, fn);
814
815 if (type != READ)
816 file_end_write(file);
817
818 out:
819 kfree(iov);
820 if ((ret + (type == READ)) > 0) {
821 if (type == READ)
822 fsnotify_access(file);
823 else
824 fsnotify_modify(file);
825 }
826 return ret;
827 }
828
vfs_readv(struct file * file,const struct iovec __user * vec,unsigned long vlen,loff_t * pos)829 ssize_t vfs_readv(struct file *file, const struct iovec __user *vec,
830 unsigned long vlen, loff_t *pos)
831 {
832 if (!(file->f_mode & FMODE_READ))
833 return -EBADF;
834 if (!(file->f_mode & FMODE_CAN_READ))
835 return -EINVAL;
836
837 return do_readv_writev(READ, file, vec, vlen, pos);
838 }
839
840 EXPORT_SYMBOL(vfs_readv);
841
vfs_writev(struct file * file,const struct iovec __user * vec,unsigned long vlen,loff_t * pos)842 ssize_t vfs_writev(struct file *file, const struct iovec __user *vec,
843 unsigned long vlen, loff_t *pos)
844 {
845 if (!(file->f_mode & FMODE_WRITE))
846 return -EBADF;
847 if (!(file->f_mode & FMODE_CAN_WRITE))
848 return -EINVAL;
849
850 return do_readv_writev(WRITE, file, vec, vlen, pos);
851 }
852
853 EXPORT_SYMBOL(vfs_writev);
854
SYSCALL_DEFINE3(readv,unsigned long,fd,const struct iovec __user *,vec,unsigned long,vlen)855 SYSCALL_DEFINE3(readv, unsigned long, fd, const struct iovec __user *, vec,
856 unsigned long, vlen)
857 {
858 struct fd f = fdget_pos(fd);
859 ssize_t ret = -EBADF;
860
861 if (f.file) {
862 loff_t pos = file_pos_read(f.file);
863 ret = vfs_readv(f.file, vec, vlen, &pos);
864 if (ret >= 0)
865 file_pos_write(f.file, pos);
866 fdput_pos(f);
867 }
868
869 if (ret > 0)
870 add_rchar(current, ret);
871 inc_syscr(current);
872 return ret;
873 }
874
SYSCALL_DEFINE3(writev,unsigned long,fd,const struct iovec __user *,vec,unsigned long,vlen)875 SYSCALL_DEFINE3(writev, unsigned long, fd, const struct iovec __user *, vec,
876 unsigned long, vlen)
877 {
878 struct fd f = fdget_pos(fd);
879 ssize_t ret = -EBADF;
880
881 if (f.file) {
882 loff_t pos = file_pos_read(f.file);
883 ret = vfs_writev(f.file, vec, vlen, &pos);
884 if (ret >= 0)
885 file_pos_write(f.file, pos);
886 fdput_pos(f);
887 }
888
889 if (ret > 0)
890 add_wchar(current, ret);
891 inc_syscw(current);
892 return ret;
893 }
894
pos_from_hilo(unsigned long high,unsigned long low)895 static inline loff_t pos_from_hilo(unsigned long high, unsigned long low)
896 {
897 #define HALF_LONG_BITS (BITS_PER_LONG / 2)
898 return (((loff_t)high << HALF_LONG_BITS) << HALF_LONG_BITS) | low;
899 }
900
SYSCALL_DEFINE5(preadv,unsigned long,fd,const struct iovec __user *,vec,unsigned long,vlen,unsigned long,pos_l,unsigned long,pos_h)901 SYSCALL_DEFINE5(preadv, unsigned long, fd, const struct iovec __user *, vec,
902 unsigned long, vlen, unsigned long, pos_l, unsigned long, pos_h)
903 {
904 loff_t pos = pos_from_hilo(pos_h, pos_l);
905 struct fd f;
906 ssize_t ret = -EBADF;
907
908 if (pos < 0)
909 return -EINVAL;
910
911 f = fdget(fd);
912 if (f.file) {
913 ret = -ESPIPE;
914 if (f.file->f_mode & FMODE_PREAD)
915 ret = vfs_readv(f.file, vec, vlen, &pos);
916 fdput(f);
917 }
918
919 if (ret > 0)
920 add_rchar(current, ret);
921 inc_syscr(current);
922 return ret;
923 }
924
SYSCALL_DEFINE5(pwritev,unsigned long,fd,const struct iovec __user *,vec,unsigned long,vlen,unsigned long,pos_l,unsigned long,pos_h)925 SYSCALL_DEFINE5(pwritev, unsigned long, fd, const struct iovec __user *, vec,
926 unsigned long, vlen, unsigned long, pos_l, unsigned long, pos_h)
927 {
928 loff_t pos = pos_from_hilo(pos_h, pos_l);
929 struct fd f;
930 ssize_t ret = -EBADF;
931
932 if (pos < 0)
933 return -EINVAL;
934
935 f = fdget(fd);
936 if (f.file) {
937 ret = -ESPIPE;
938 if (f.file->f_mode & FMODE_PWRITE)
939 ret = vfs_writev(f.file, vec, vlen, &pos);
940 fdput(f);
941 }
942
943 if (ret > 0)
944 add_wchar(current, ret);
945 inc_syscw(current);
946 return ret;
947 }
948
949 #ifdef CONFIG_COMPAT
950
compat_do_readv_writev(int type,struct file * file,const struct compat_iovec __user * uvector,unsigned long nr_segs,loff_t * pos)951 static ssize_t compat_do_readv_writev(int type, struct file *file,
952 const struct compat_iovec __user *uvector,
953 unsigned long nr_segs, loff_t *pos)
954 {
955 compat_ssize_t tot_len;
956 struct iovec iovstack[UIO_FASTIOV];
957 struct iovec *iov = iovstack;
958 struct iov_iter iter;
959 ssize_t ret;
960 io_fn_t fn;
961 iter_fn_t iter_fn;
962
963 ret = compat_import_iovec(type, uvector, nr_segs,
964 UIO_FASTIOV, &iov, &iter);
965 if (ret < 0)
966 return ret;
967
968 tot_len = iov_iter_count(&iter);
969 if (!tot_len)
970 goto out;
971 ret = rw_verify_area(type, file, pos, tot_len);
972 if (ret < 0)
973 goto out;
974
975 if (type == READ) {
976 fn = file->f_op->read;
977 iter_fn = file->f_op->read_iter;
978 } else {
979 fn = (io_fn_t)file->f_op->write;
980 iter_fn = file->f_op->write_iter;
981 file_start_write(file);
982 }
983
984 if (iter_fn)
985 ret = do_iter_readv_writev(file, &iter, pos, iter_fn);
986 else
987 ret = do_loop_readv_writev(file, &iter, pos, fn);
988
989 if (type != READ)
990 file_end_write(file);
991
992 out:
993 kfree(iov);
994 if ((ret + (type == READ)) > 0) {
995 if (type == READ)
996 fsnotify_access(file);
997 else
998 fsnotify_modify(file);
999 }
1000 return ret;
1001 }
1002
compat_readv(struct file * file,const struct compat_iovec __user * vec,unsigned long vlen,loff_t * pos)1003 static size_t compat_readv(struct file *file,
1004 const struct compat_iovec __user *vec,
1005 unsigned long vlen, loff_t *pos)
1006 {
1007 ssize_t ret = -EBADF;
1008
1009 if (!(file->f_mode & FMODE_READ))
1010 goto out;
1011
1012 ret = -EINVAL;
1013 if (!(file->f_mode & FMODE_CAN_READ))
1014 goto out;
1015
1016 ret = compat_do_readv_writev(READ, file, vec, vlen, pos);
1017
1018 out:
1019 if (ret > 0)
1020 add_rchar(current, ret);
1021 inc_syscr(current);
1022 return ret;
1023 }
1024
COMPAT_SYSCALL_DEFINE3(readv,compat_ulong_t,fd,const struct compat_iovec __user *,vec,compat_ulong_t,vlen)1025 COMPAT_SYSCALL_DEFINE3(readv, compat_ulong_t, fd,
1026 const struct compat_iovec __user *,vec,
1027 compat_ulong_t, vlen)
1028 {
1029 struct fd f = fdget_pos(fd);
1030 ssize_t ret;
1031 loff_t pos;
1032
1033 if (!f.file)
1034 return -EBADF;
1035 pos = f.file->f_pos;
1036 ret = compat_readv(f.file, vec, vlen, &pos);
1037 if (ret >= 0)
1038 f.file->f_pos = pos;
1039 fdput_pos(f);
1040 return ret;
1041 }
1042
__compat_sys_preadv64(unsigned long fd,const struct compat_iovec __user * vec,unsigned long vlen,loff_t pos)1043 static long __compat_sys_preadv64(unsigned long fd,
1044 const struct compat_iovec __user *vec,
1045 unsigned long vlen, loff_t pos)
1046 {
1047 struct fd f;
1048 ssize_t ret;
1049
1050 if (pos < 0)
1051 return -EINVAL;
1052 f = fdget(fd);
1053 if (!f.file)
1054 return -EBADF;
1055 ret = -ESPIPE;
1056 if (f.file->f_mode & FMODE_PREAD)
1057 ret = compat_readv(f.file, vec, vlen, &pos);
1058 fdput(f);
1059 return ret;
1060 }
1061
1062 #ifdef __ARCH_WANT_COMPAT_SYS_PREADV64
COMPAT_SYSCALL_DEFINE4(preadv64,unsigned long,fd,const struct compat_iovec __user *,vec,unsigned long,vlen,loff_t,pos)1063 COMPAT_SYSCALL_DEFINE4(preadv64, unsigned long, fd,
1064 const struct compat_iovec __user *,vec,
1065 unsigned long, vlen, loff_t, pos)
1066 {
1067 return __compat_sys_preadv64(fd, vec, vlen, pos);
1068 }
1069 #endif
1070
COMPAT_SYSCALL_DEFINE5(preadv,compat_ulong_t,fd,const struct compat_iovec __user *,vec,compat_ulong_t,vlen,u32,pos_low,u32,pos_high)1071 COMPAT_SYSCALL_DEFINE5(preadv, compat_ulong_t, fd,
1072 const struct compat_iovec __user *,vec,
1073 compat_ulong_t, vlen, u32, pos_low, u32, pos_high)
1074 {
1075 loff_t pos = ((loff_t)pos_high << 32) | pos_low;
1076
1077 return __compat_sys_preadv64(fd, vec, vlen, pos);
1078 }
1079
compat_writev(struct file * file,const struct compat_iovec __user * vec,unsigned long vlen,loff_t * pos)1080 static size_t compat_writev(struct file *file,
1081 const struct compat_iovec __user *vec,
1082 unsigned long vlen, loff_t *pos)
1083 {
1084 ssize_t ret = -EBADF;
1085
1086 if (!(file->f_mode & FMODE_WRITE))
1087 goto out;
1088
1089 ret = -EINVAL;
1090 if (!(file->f_mode & FMODE_CAN_WRITE))
1091 goto out;
1092
1093 ret = compat_do_readv_writev(WRITE, file, vec, vlen, pos);
1094
1095 out:
1096 if (ret > 0)
1097 add_wchar(current, ret);
1098 inc_syscw(current);
1099 return ret;
1100 }
1101
COMPAT_SYSCALL_DEFINE3(writev,compat_ulong_t,fd,const struct compat_iovec __user *,vec,compat_ulong_t,vlen)1102 COMPAT_SYSCALL_DEFINE3(writev, compat_ulong_t, fd,
1103 const struct compat_iovec __user *, vec,
1104 compat_ulong_t, vlen)
1105 {
1106 struct fd f = fdget_pos(fd);
1107 ssize_t ret;
1108 loff_t pos;
1109
1110 if (!f.file)
1111 return -EBADF;
1112 pos = f.file->f_pos;
1113 ret = compat_writev(f.file, vec, vlen, &pos);
1114 if (ret >= 0)
1115 f.file->f_pos = pos;
1116 fdput_pos(f);
1117 return ret;
1118 }
1119
__compat_sys_pwritev64(unsigned long fd,const struct compat_iovec __user * vec,unsigned long vlen,loff_t pos)1120 static long __compat_sys_pwritev64(unsigned long fd,
1121 const struct compat_iovec __user *vec,
1122 unsigned long vlen, loff_t pos)
1123 {
1124 struct fd f;
1125 ssize_t ret;
1126
1127 if (pos < 0)
1128 return -EINVAL;
1129 f = fdget(fd);
1130 if (!f.file)
1131 return -EBADF;
1132 ret = -ESPIPE;
1133 if (f.file->f_mode & FMODE_PWRITE)
1134 ret = compat_writev(f.file, vec, vlen, &pos);
1135 fdput(f);
1136 return ret;
1137 }
1138
1139 #ifdef __ARCH_WANT_COMPAT_SYS_PWRITEV64
COMPAT_SYSCALL_DEFINE4(pwritev64,unsigned long,fd,const struct compat_iovec __user *,vec,unsigned long,vlen,loff_t,pos)1140 COMPAT_SYSCALL_DEFINE4(pwritev64, unsigned long, fd,
1141 const struct compat_iovec __user *,vec,
1142 unsigned long, vlen, loff_t, pos)
1143 {
1144 return __compat_sys_pwritev64(fd, vec, vlen, pos);
1145 }
1146 #endif
1147
COMPAT_SYSCALL_DEFINE5(pwritev,compat_ulong_t,fd,const struct compat_iovec __user *,vec,compat_ulong_t,vlen,u32,pos_low,u32,pos_high)1148 COMPAT_SYSCALL_DEFINE5(pwritev, compat_ulong_t, fd,
1149 const struct compat_iovec __user *,vec,
1150 compat_ulong_t, vlen, u32, pos_low, u32, pos_high)
1151 {
1152 loff_t pos = ((loff_t)pos_high << 32) | pos_low;
1153
1154 return __compat_sys_pwritev64(fd, vec, vlen, pos);
1155 }
1156 #endif
1157
do_sendfile(int out_fd,int in_fd,loff_t * ppos,size_t count,loff_t max)1158 static ssize_t do_sendfile(int out_fd, int in_fd, loff_t *ppos,
1159 size_t count, loff_t max)
1160 {
1161 struct fd in, out;
1162 struct inode *in_inode, *out_inode;
1163 loff_t pos;
1164 loff_t out_pos;
1165 ssize_t retval;
1166 int fl;
1167
1168 /*
1169 * Get input file, and verify that it is ok..
1170 */
1171 retval = -EBADF;
1172 in = fdget(in_fd);
1173 if (!in.file)
1174 goto out;
1175 if (!(in.file->f_mode & FMODE_READ))
1176 goto fput_in;
1177 retval = -ESPIPE;
1178 if (!ppos) {
1179 pos = in.file->f_pos;
1180 } else {
1181 pos = *ppos;
1182 if (!(in.file->f_mode & FMODE_PREAD))
1183 goto fput_in;
1184 }
1185 retval = rw_verify_area(READ, in.file, &pos, count);
1186 if (retval < 0)
1187 goto fput_in;
1188 count = retval;
1189
1190 /*
1191 * Get output file, and verify that it is ok..
1192 */
1193 retval = -EBADF;
1194 out = fdget(out_fd);
1195 if (!out.file)
1196 goto fput_in;
1197 if (!(out.file->f_mode & FMODE_WRITE))
1198 goto fput_out;
1199 retval = -EINVAL;
1200 in_inode = file_inode(in.file);
1201 out_inode = file_inode(out.file);
1202 out_pos = out.file->f_pos;
1203 retval = rw_verify_area(WRITE, out.file, &out_pos, count);
1204 if (retval < 0)
1205 goto fput_out;
1206 count = retval;
1207
1208 if (!max)
1209 max = min(in_inode->i_sb->s_maxbytes, out_inode->i_sb->s_maxbytes);
1210
1211 if (unlikely(pos + count > max)) {
1212 retval = -EOVERFLOW;
1213 if (pos >= max)
1214 goto fput_out;
1215 count = max - pos;
1216 }
1217
1218 fl = 0;
1219 #if 0
1220 /*
1221 * We need to debate whether we can enable this or not. The
1222 * man page documents EAGAIN return for the output at least,
1223 * and the application is arguably buggy if it doesn't expect
1224 * EAGAIN on a non-blocking file descriptor.
1225 */
1226 if (in.file->f_flags & O_NONBLOCK)
1227 fl = SPLICE_F_NONBLOCK;
1228 #endif
1229 file_start_write(out.file);
1230 retval = do_splice_direct(in.file, &pos, out.file, &out_pos, count, fl);
1231 file_end_write(out.file);
1232
1233 if (retval > 0) {
1234 add_rchar(current, retval);
1235 add_wchar(current, retval);
1236 fsnotify_access(in.file);
1237 fsnotify_modify(out.file);
1238 out.file->f_pos = out_pos;
1239 if (ppos)
1240 *ppos = pos;
1241 else
1242 in.file->f_pos = pos;
1243 }
1244
1245 inc_syscr(current);
1246 inc_syscw(current);
1247 if (pos > max)
1248 retval = -EOVERFLOW;
1249
1250 fput_out:
1251 fdput(out);
1252 fput_in:
1253 fdput(in);
1254 out:
1255 return retval;
1256 }
1257
SYSCALL_DEFINE4(sendfile,int,out_fd,int,in_fd,off_t __user *,offset,size_t,count)1258 SYSCALL_DEFINE4(sendfile, int, out_fd, int, in_fd, off_t __user *, offset, size_t, count)
1259 {
1260 loff_t pos;
1261 off_t off;
1262 ssize_t ret;
1263
1264 if (offset) {
1265 if (unlikely(get_user(off, offset)))
1266 return -EFAULT;
1267 pos = off;
1268 ret = do_sendfile(out_fd, in_fd, &pos, count, MAX_NON_LFS);
1269 if (unlikely(put_user(pos, offset)))
1270 return -EFAULT;
1271 return ret;
1272 }
1273
1274 return do_sendfile(out_fd, in_fd, NULL, count, 0);
1275 }
1276
SYSCALL_DEFINE4(sendfile64,int,out_fd,int,in_fd,loff_t __user *,offset,size_t,count)1277 SYSCALL_DEFINE4(sendfile64, int, out_fd, int, in_fd, loff_t __user *, offset, size_t, count)
1278 {
1279 loff_t pos;
1280 ssize_t ret;
1281
1282 if (offset) {
1283 if (unlikely(copy_from_user(&pos, offset, sizeof(loff_t))))
1284 return -EFAULT;
1285 ret = do_sendfile(out_fd, in_fd, &pos, count, 0);
1286 if (unlikely(put_user(pos, offset)))
1287 return -EFAULT;
1288 return ret;
1289 }
1290
1291 return do_sendfile(out_fd, in_fd, NULL, count, 0);
1292 }
1293
1294 #ifdef CONFIG_COMPAT
COMPAT_SYSCALL_DEFINE4(sendfile,int,out_fd,int,in_fd,compat_off_t __user *,offset,compat_size_t,count)1295 COMPAT_SYSCALL_DEFINE4(sendfile, int, out_fd, int, in_fd,
1296 compat_off_t __user *, offset, compat_size_t, count)
1297 {
1298 loff_t pos;
1299 off_t off;
1300 ssize_t ret;
1301
1302 if (offset) {
1303 if (unlikely(get_user(off, offset)))
1304 return -EFAULT;
1305 pos = off;
1306 ret = do_sendfile(out_fd, in_fd, &pos, count, MAX_NON_LFS);
1307 if (unlikely(put_user(pos, offset)))
1308 return -EFAULT;
1309 return ret;
1310 }
1311
1312 return do_sendfile(out_fd, in_fd, NULL, count, 0);
1313 }
1314
COMPAT_SYSCALL_DEFINE4(sendfile64,int,out_fd,int,in_fd,compat_loff_t __user *,offset,compat_size_t,count)1315 COMPAT_SYSCALL_DEFINE4(sendfile64, int, out_fd, int, in_fd,
1316 compat_loff_t __user *, offset, compat_size_t, count)
1317 {
1318 loff_t pos;
1319 ssize_t ret;
1320
1321 if (offset) {
1322 if (unlikely(copy_from_user(&pos, offset, sizeof(loff_t))))
1323 return -EFAULT;
1324 ret = do_sendfile(out_fd, in_fd, &pos, count, 0);
1325 if (unlikely(put_user(pos, offset)))
1326 return -EFAULT;
1327 return ret;
1328 }
1329
1330 return do_sendfile(out_fd, in_fd, NULL, count, 0);
1331 }
1332 #endif
1333