#include <linux/in.h>
#include <linux/ipv6.h>
#include <linux/poll.h>
+#include <linux/uio.h>
#include <net/sock.h>
#include "rds.h"
}
static int rds_getsockopt(struct socket *sock, int level, int optname,
- char __user *optval, int __user *optlen)
+ sockopt_t *opt)
{
struct rds_sock *rs = rds_sk_to_rs(sock->sk);
int ret = -ENOPROTOOPT, len;
int trans;
+ int val;
if (level != SOL_RDS)
goto out;
- if (get_user(len, optlen)) {
- ret = -EFAULT;
- goto out;
- }
+ len = opt->optlen;
switch (optname) {
case RDS_INFO_FIRST ... RDS_INFO_LAST:
- ret = rds_info_getsockopt(sock, optname, optval,
- optlen);
+ ret = rds_info_getsockopt(sock, optname, opt);
break;
case RDS_RECVERR:
- if (len < sizeof(int))
+ if (len < sizeof(int)) {
ret = -EINVAL;
- else
- if (put_user(rs->rs_recverr, (int __user *) optval) ||
- put_user(sizeof(int), optlen))
+ break;
+ }
+ val = rs->rs_recverr;
+ if (copy_to_iter(&val, sizeof(int), &opt->iter_out) !=
+ sizeof(int)) {
ret = -EFAULT;
- else
+ } else {
+ opt->optlen = sizeof(int);
ret = 0;
+ }
break;
case SO_RDS_TRANSPORT:
if (len < sizeof(int)) {
}
trans = (rs->rs_transport ? rs->rs_transport->t_type :
RDS_TRANS_NONE); /* unbound */
- if (put_user(trans, (int __user *)optval) ||
- put_user(sizeof(int), optlen))
+ if (copy_to_iter(&trans, sizeof(int), &opt->iter_out) !=
+ sizeof(int)) {
ret = -EFAULT;
- else
+ } else {
+ opt->optlen = sizeof(int);
ret = 0;
+ }
break;
default:
break;
.listen = sock_no_listen,
.shutdown = sock_no_shutdown,
.setsockopt = rds_setsockopt,
- .getsockopt = rds_getsockopt,
+ .getsockopt_iter = rds_getsockopt,
.sendmsg = rds_sendmsg,
.recvmsg = rds_recvmsg,
.mmap = sock_no_mmap,
#include <linux/slab.h>
#include <linux/proc_fs.h>
#include <linux/export.h>
+#include <linux/uio.h>
#include "rds.h"
EXPORT_SYMBOL_GPL(rds_info_copy);
/*
- * @optval points to the userspace buffer that the information snapshot
- * will be copied into.
- *
- * @optlen on input is the size of the buffer in userspace. @optlen
- * on output is the size of the requested snapshot in bytes.
+ * @opt->iter_out describes the buffer that the information snapshot will be
+ * copied into, and @opt->optlen is the size of that buffer on input. On
+ * output @opt->optlen is set to the size of the requested snapshot in bytes.
*
* This function returns -errno if there is a failure, particularly -ENOSPC
- * if the given userspace buffer was not large enough to fit the snapshot.
- * On success it returns the positive number of bytes of each array element
- * in the snapshot.
+ * if the given buffer was not large enough to fit the snapshot. On success
+ * it returns the positive number of bytes of each array element in the
+ * snapshot.
*/
-int rds_info_getsockopt(struct socket *sock, int optname, char __user *optval,
- int __user *optlen)
+int rds_info_getsockopt(struct socket *sock, int optname, sockopt_t *opt)
{
struct rds_info_iterator iter;
struct rds_info_lengths lens;
unsigned long nr_pages = 0;
- unsigned long start;
rds_info_func func;
struct page **pages = NULL;
+ size_t offset0 = 0;
+ int npages = 0;
int ret;
int len;
int total;
- if (get_user(len, optlen)) {
- ret = -EFAULT;
- goto out;
- }
+ len = opt->optlen;
/* check for all kinds of wrapping and the like */
- start = (unsigned long)optval;
- if (len < 0 || len > INT_MAX - PAGE_SIZE + 1 || start + len < start) {
+ if (len < 0 || len > INT_MAX - PAGE_SIZE + 1) {
ret = -EINVAL;
goto out;
}
+ /* The info producers write into the pages with kmap_atomic() while
+ * holding a spinlock, so they need a genuine page-backed user buffer.
+ */
+ if (!user_backed_iter(&opt->iter_out)) {
+ ret = -EOPNOTSUPP;
+ goto out;
+ }
+
/* a 0 len call is just trying to probe its length */
if (len == 0)
goto call_func;
- nr_pages = (PAGE_ALIGN(start + len) - (start & PAGE_MASK))
- >> PAGE_SHIFT;
-
- pages = kmalloc_objs(struct page *, nr_pages);
+ /*
+ * Preallocate the page array and pass it in so that
+ * iov_iter_extract_pages() fills it in place rather than allocating
+ * one for us. Handing it a non-NULL array keeps ownership of the
+ * array with us on every return path, instead of depending on the
+ * iterator code to allocate and hand it back.
+ */
+ npages = iov_iter_npages(&opt->iter_out, INT_MAX);
+ pages = kvmalloc_array(npages, sizeof(*pages), GFP_KERNEL);
if (!pages) {
ret = -ENOMEM;
goto out;
}
- ret = pin_user_pages_fast(start, nr_pages, FOLL_WRITE, pages);
- if (ret != nr_pages) {
- if (ret > 0)
- nr_pages = ret;
- else
- nr_pages = 0;
+
+ ret = iov_iter_extract_pages(&opt->iter_out, &pages, len, npages,
+ 0, &offset0);
+ if (ret < 0)
+ goto out;
+ nr_pages = DIV_ROUND_UP(offset0 + ret, PAGE_SIZE);
+ if (ret != len) {
ret = -EAGAIN; /* XXX ? */
goto out;
}
iter.pages = pages;
iter.addr = NULL;
- iter.offset = start & (PAGE_SIZE - 1);
+ iter.offset = offset0;
func(sock, len, &iter, &lens);
BUG_ON(lens.each == 0);
ret = lens.each;
}
- if (put_user(len, optlen))
- ret = -EFAULT;
+ opt->optlen = len;
out:
- if (pages)
+ /*
+ * iov_iter_extract_pages() pins only user-backed (ubuf) iters;
+ * iov_iter_extract_will_pin() reports whether an unpin is owed here.
+ */
+ if (pages && iov_iter_extract_will_pin(&opt->iter_out))
unpin_user_pages(pages, nr_pages);
- kfree(pages);
+ kvfree(pages);
return ret;
}
projects / thirdparty / linux.git / commitdiff
