xref: /linux/fs/read_write.c (revision 160b8e75932fd51a49607d32dbfa1d417977b79c)
1 // SPDX-License-Identifier: GPL-2.0
2 /*
3  *  linux/fs/read_write.c
4  *
5  *  Copyright (C) 1991, 1992  Linus Torvalds
6  */
7 
8 #include <linux/slab.h>
9 #include <linux/stat.h>
10 #include <linux/sched/xacct.h>
11 #include <linux/fcntl.h>
12 #include <linux/file.h>
13 #include <linux/uio.h>
14 #include <linux/fsnotify.h>
15 #include <linux/security.h>
16 #include <linux/export.h>
17 #include <linux/syscalls.h>
18 #include <linux/pagemap.h>
19 #include <linux/splice.h>
20 #include <linux/compat.h>
21 #include <linux/mount.h>
22 #include <linux/fs.h>
23 #include "internal.h"
24 
25 #include <linux/uaccess.h>
26 #include <asm/unistd.h>
27 
28 const struct file_operations generic_ro_fops = {
29 	.llseek		= generic_file_llseek,
30 	.read_iter	= generic_file_read_iter,
31 	.mmap		= generic_file_readonly_mmap,
32 	.splice_read	= generic_file_splice_read,
33 };
34 
35 EXPORT_SYMBOL(generic_ro_fops);
36 
37 static inline bool unsigned_offsets(struct file *file)
38 {
39 	return file->f_mode & FMODE_UNSIGNED_OFFSET;
40 }
41 
42 /**
43  * vfs_setpos - update the file offset for lseek
44  * @file:	file structure in question
45  * @offset:	file offset to seek to
46  * @maxsize:	maximum file size
47  *
48  * This is a low-level filesystem helper for updating the file offset to
49  * the value specified by @offset if the given offset is valid and it is
50  * not equal to the current file offset.
51  *
52  * Return the specified offset on success and -EINVAL on invalid offset.
53  */
54 loff_t vfs_setpos(struct file *file, loff_t offset, loff_t maxsize)
55 {
56 	if (offset < 0 && !unsigned_offsets(file))
57 		return -EINVAL;
58 	if (offset > maxsize)
59 		return -EINVAL;
60 
61 	if (offset != file->f_pos) {
62 		file->f_pos = offset;
63 		file->f_version = 0;
64 	}
65 	return offset;
66 }
67 EXPORT_SYMBOL(vfs_setpos);
68 
69 /**
70  * generic_file_llseek_size - generic llseek implementation for regular files
71  * @file:	file structure to seek on
72  * @offset:	file offset to seek to
73  * @whence:	type of seek
74  * @size:	max size of this file in file system
75  * @eof:	offset used for SEEK_END position
76  *
77  * This is a variant of generic_file_llseek that allows passing in a custom
78  * maximum file size and a custom EOF position, for e.g. hashed directories
79  *
80  * Synchronization:
81  * SEEK_SET and SEEK_END are unsynchronized (but atomic on 64bit platforms)
82  * SEEK_CUR is synchronized against other SEEK_CURs, but not read/writes.
83  * read/writes behave like SEEK_SET against seeks.
84  */
85 loff_t
86 generic_file_llseek_size(struct file *file, loff_t offset, int whence,
87 		loff_t maxsize, loff_t eof)
88 {
89 	switch (whence) {
90 	case SEEK_END:
91 		offset += eof;
92 		break;
93 	case SEEK_CUR:
94 		/*
95 		 * Here we special-case the lseek(fd, 0, SEEK_CUR)
96 		 * position-querying operation.  Avoid rewriting the "same"
97 		 * f_pos value back to the file because a concurrent read(),
98 		 * write() or lseek() might have altered it
99 		 */
100 		if (offset == 0)
101 			return file->f_pos;
102 		/*
103 		 * f_lock protects against read/modify/write race with other
104 		 * SEEK_CURs. Note that parallel writes and reads behave
105 		 * like SEEK_SET.
106 		 */
107 		spin_lock(&file->f_lock);
108 		offset = vfs_setpos(file, file->f_pos + offset, maxsize);
109 		spin_unlock(&file->f_lock);
110 		return offset;
111 	case SEEK_DATA:
112 		/*
113 		 * In the generic case the entire file is data, so as long as
114 		 * offset isn't at the end of the file then the offset is data.
115 		 */
116 		if ((unsigned long long)offset >= eof)
117 			return -ENXIO;
118 		break;
119 	case SEEK_HOLE:
120 		/*
121 		 * There is a virtual hole at the end of the file, so as long as
122 		 * offset isn't i_size or larger, return i_size.
123 		 */
124 		if ((unsigned long long)offset >= eof)
125 			return -ENXIO;
126 		offset = eof;
127 		break;
128 	}
129 
130 	return vfs_setpos(file, offset, maxsize);
131 }
132 EXPORT_SYMBOL(generic_file_llseek_size);
133 
134 /**
135  * generic_file_llseek - generic llseek implementation for regular files
136  * @file:	file structure to seek on
137  * @offset:	file offset to seek to
138  * @whence:	type of seek
139  *
140  * This is a generic implemenation of ->llseek useable for all normal local
141  * filesystems.  It just updates the file offset to the value specified by
142  * @offset and @whence.
143  */
144 loff_t generic_file_llseek(struct file *file, loff_t offset, int whence)
145 {
146 	struct inode *inode = file->f_mapping->host;
147 
148 	return generic_file_llseek_size(file, offset, whence,
149 					inode->i_sb->s_maxbytes,
150 					i_size_read(inode));
151 }
152 EXPORT_SYMBOL(generic_file_llseek);
153 
154 /**
155  * fixed_size_llseek - llseek implementation for fixed-sized devices
156  * @file:	file structure to seek on
157  * @offset:	file offset to seek to
158  * @whence:	type of seek
159  * @size:	size of the file
160  *
161  */
162 loff_t fixed_size_llseek(struct file *file, loff_t offset, int whence, loff_t size)
163 {
164 	switch (whence) {
165 	case SEEK_SET: case SEEK_CUR: case SEEK_END:
166 		return generic_file_llseek_size(file, offset, whence,
167 						size, size);
168 	default:
169 		return -EINVAL;
170 	}
171 }
172 EXPORT_SYMBOL(fixed_size_llseek);
173 
174 /**
175  * no_seek_end_llseek - llseek implementation for fixed-sized devices
176  * @file:	file structure to seek on
177  * @offset:	file offset to seek to
178  * @whence:	type of seek
179  *
180  */
181 loff_t no_seek_end_llseek(struct file *file, loff_t offset, int whence)
182 {
183 	switch (whence) {
184 	case SEEK_SET: case SEEK_CUR:
185 		return generic_file_llseek_size(file, offset, whence,
186 						OFFSET_MAX, 0);
187 	default:
188 		return -EINVAL;
189 	}
190 }
191 EXPORT_SYMBOL(no_seek_end_llseek);
192 
193 /**
194  * no_seek_end_llseek_size - llseek implementation for fixed-sized devices
195  * @file:	file structure to seek on
196  * @offset:	file offset to seek to
197  * @whence:	type of seek
198  * @size:	maximal offset allowed
199  *
200  */
201 loff_t no_seek_end_llseek_size(struct file *file, loff_t offset, int whence, loff_t size)
202 {
203 	switch (whence) {
204 	case SEEK_SET: case SEEK_CUR:
205 		return generic_file_llseek_size(file, offset, whence,
206 						size, 0);
207 	default:
208 		return -EINVAL;
209 	}
210 }
211 EXPORT_SYMBOL(no_seek_end_llseek_size);
212 
213 /**
214  * noop_llseek - No Operation Performed llseek implementation
215  * @file:	file structure to seek on
216  * @offset:	file offset to seek to
217  * @whence:	type of seek
218  *
219  * This is an implementation of ->llseek useable for the rare special case when
220  * userspace expects the seek to succeed but the (device) file is actually not
221  * able to perform the seek. In this case you use noop_llseek() instead of
222  * falling back to the default implementation of ->llseek.
223  */
224 loff_t noop_llseek(struct file *file, loff_t offset, int whence)
225 {
226 	return file->f_pos;
227 }
228 EXPORT_SYMBOL(noop_llseek);
229 
230 loff_t no_llseek(struct file *file, loff_t offset, int whence)
231 {
232 	return -ESPIPE;
233 }
234 EXPORT_SYMBOL(no_llseek);
235 
236 loff_t default_llseek(struct file *file, loff_t offset, int whence)
237 {
238 	struct inode *inode = file_inode(file);
239 	loff_t retval;
240 
241 	inode_lock(inode);
242 	switch (whence) {
243 		case SEEK_END:
244 			offset += i_size_read(inode);
245 			break;
246 		case SEEK_CUR:
247 			if (offset == 0) {
248 				retval = file->f_pos;
249 				goto out;
250 			}
251 			offset += file->f_pos;
252 			break;
253 		case SEEK_DATA:
254 			/*
255 			 * In the generic case the entire file is data, so as
256 			 * long as offset isn't at the end of the file then the
257 			 * offset is data.
258 			 */
259 			if (offset >= inode->i_size) {
260 				retval = -ENXIO;
261 				goto out;
262 			}
263 			break;
264 		case SEEK_HOLE:
265 			/*
266 			 * There is a virtual hole at the end of the file, so
267 			 * as long as offset isn't i_size or larger, return
268 			 * i_size.
269 			 */
270 			if (offset >= inode->i_size) {
271 				retval = -ENXIO;
272 				goto out;
273 			}
274 			offset = inode->i_size;
275 			break;
276 	}
277 	retval = -EINVAL;
278 	if (offset >= 0 || unsigned_offsets(file)) {
279 		if (offset != file->f_pos) {
280 			file->f_pos = offset;
281 			file->f_version = 0;
282 		}
283 		retval = offset;
284 	}
285 out:
286 	inode_unlock(inode);
287 	return retval;
288 }
289 EXPORT_SYMBOL(default_llseek);
290 
291 loff_t vfs_llseek(struct file *file, loff_t offset, int whence)
292 {
293 	loff_t (*fn)(struct file *, loff_t, int);
294 
295 	fn = no_llseek;
296 	if (file->f_mode & FMODE_LSEEK) {
297 		if (file->f_op->llseek)
298 			fn = file->f_op->llseek;
299 	}
300 	return fn(file, offset, whence);
301 }
302 EXPORT_SYMBOL(vfs_llseek);
303 
304 SYSCALL_DEFINE3(lseek, unsigned int, fd, off_t, offset, unsigned int, whence)
305 {
306 	off_t retval;
307 	struct fd f = fdget_pos(fd);
308 	if (!f.file)
309 		return -EBADF;
310 
311 	retval = -EINVAL;
312 	if (whence <= SEEK_MAX) {
313 		loff_t res = vfs_llseek(f.file, offset, whence);
314 		retval = res;
315 		if (res != (loff_t)retval)
316 			retval = -EOVERFLOW;	/* LFS: should only happen on 32 bit platforms */
317 	}
318 	fdput_pos(f);
319 	return retval;
320 }
321 
322 #ifdef CONFIG_COMPAT
323 COMPAT_SYSCALL_DEFINE3(lseek, unsigned int, fd, compat_off_t, offset, unsigned int, whence)
324 {
325 	return sys_lseek(fd, offset, whence);
326 }
327 #endif
328 
329 #ifdef __ARCH_WANT_SYS_LLSEEK
330 SYSCALL_DEFINE5(llseek, unsigned int, fd, unsigned long, offset_high,
331 		unsigned long, offset_low, loff_t __user *, result,
332 		unsigned int, whence)
333 {
334 	int retval;
335 	struct fd f = fdget_pos(fd);
336 	loff_t offset;
337 
338 	if (!f.file)
339 		return -EBADF;
340 
341 	retval = -EINVAL;
342 	if (whence > SEEK_MAX)
343 		goto out_putf;
344 
345 	offset = vfs_llseek(f.file, ((loff_t) offset_high << 32) | offset_low,
346 			whence);
347 
348 	retval = (int)offset;
349 	if (offset >= 0) {
350 		retval = -EFAULT;
351 		if (!copy_to_user(result, &offset, sizeof(offset)))
352 			retval = 0;
353 	}
354 out_putf:
355 	fdput_pos(f);
356 	return retval;
357 }
358 #endif
359 
360 int rw_verify_area(int read_write, struct file *file, const loff_t *ppos, size_t count)
361 {
362 	struct inode *inode;
363 	loff_t pos;
364 	int retval = -EINVAL;
365 
366 	inode = file_inode(file);
367 	if (unlikely((ssize_t) count < 0))
368 		return retval;
369 	pos = *ppos;
370 	if (unlikely(pos < 0)) {
371 		if (!unsigned_offsets(file))
372 			return retval;
373 		if (count >= -pos) /* both values are in 0..LLONG_MAX */
374 			return -EOVERFLOW;
375 	} else if (unlikely((loff_t) (pos + count) < 0)) {
376 		if (!unsigned_offsets(file))
377 			return retval;
378 	}
379 
380 	if (unlikely(inode->i_flctx && mandatory_lock(inode))) {
381 		retval = locks_mandatory_area(inode, file, pos, pos + count - 1,
382 				read_write == READ ? F_RDLCK : F_WRLCK);
383 		if (retval < 0)
384 			return retval;
385 	}
386 	return security_file_permission(file,
387 				read_write == READ ? MAY_READ : MAY_WRITE);
388 }
389 
390 static ssize_t new_sync_read(struct file *filp, char __user *buf, size_t len, loff_t *ppos)
391 {
392 	struct iovec iov = { .iov_base = buf, .iov_len = len };
393 	struct kiocb kiocb;
394 	struct iov_iter iter;
395 	ssize_t ret;
396 
397 	init_sync_kiocb(&kiocb, filp);
398 	kiocb.ki_pos = *ppos;
399 	iov_iter_init(&iter, READ, &iov, 1, len);
400 
401 	ret = call_read_iter(filp, &kiocb, &iter);
402 	BUG_ON(ret == -EIOCBQUEUED);
403 	*ppos = kiocb.ki_pos;
404 	return ret;
405 }
406 
407 ssize_t __vfs_read(struct file *file, char __user *buf, size_t count,
408 		   loff_t *pos)
409 {
410 	if (file->f_op->read)
411 		return file->f_op->read(file, buf, count, pos);
412 	else if (file->f_op->read_iter)
413 		return new_sync_read(file, buf, count, pos);
414 	else
415 		return -EINVAL;
416 }
417 
418 ssize_t kernel_read(struct file *file, void *buf, size_t count, loff_t *pos)
419 {
420 	mm_segment_t old_fs;
421 	ssize_t result;
422 
423 	old_fs = get_fs();
424 	set_fs(get_ds());
425 	/* The cast to a user pointer is valid due to the set_fs() */
426 	result = vfs_read(file, (void __user *)buf, count, pos);
427 	set_fs(old_fs);
428 	return result;
429 }
430 EXPORT_SYMBOL(kernel_read);
431 
432 ssize_t vfs_read(struct file *file, char __user *buf, size_t count, loff_t *pos)
433 {
434 	ssize_t ret;
435 
436 	if (!(file->f_mode & FMODE_READ))
437 		return -EBADF;
438 	if (!(file->f_mode & FMODE_CAN_READ))
439 		return -EINVAL;
440 	if (unlikely(!access_ok(VERIFY_WRITE, buf, count)))
441 		return -EFAULT;
442 
443 	ret = rw_verify_area(READ, file, pos, count);
444 	if (!ret) {
445 		if (count > MAX_RW_COUNT)
446 			count =  MAX_RW_COUNT;
447 		ret = __vfs_read(file, buf, count, pos);
448 		if (ret > 0) {
449 			fsnotify_access(file);
450 			add_rchar(current, ret);
451 		}
452 		inc_syscr(current);
453 	}
454 
455 	return ret;
456 }
457 
458 static ssize_t new_sync_write(struct file *filp, const char __user *buf, size_t len, loff_t *ppos)
459 {
460 	struct iovec iov = { .iov_base = (void __user *)buf, .iov_len = len };
461 	struct kiocb kiocb;
462 	struct iov_iter iter;
463 	ssize_t ret;
464 
465 	init_sync_kiocb(&kiocb, filp);
466 	kiocb.ki_pos = *ppos;
467 	iov_iter_init(&iter, WRITE, &iov, 1, len);
468 
469 	ret = call_write_iter(filp, &kiocb, &iter);
470 	BUG_ON(ret == -EIOCBQUEUED);
471 	if (ret > 0)
472 		*ppos = kiocb.ki_pos;
473 	return ret;
474 }
475 
476 ssize_t __vfs_write(struct file *file, const char __user *p, size_t count,
477 		    loff_t *pos)
478 {
479 	if (file->f_op->write)
480 		return file->f_op->write(file, p, count, pos);
481 	else if (file->f_op->write_iter)
482 		return new_sync_write(file, p, count, pos);
483 	else
484 		return -EINVAL;
485 }
486 
487 ssize_t __kernel_write(struct file *file, const void *buf, size_t count, loff_t *pos)
488 {
489 	mm_segment_t old_fs;
490 	const char __user *p;
491 	ssize_t ret;
492 
493 	if (!(file->f_mode & FMODE_CAN_WRITE))
494 		return -EINVAL;
495 
496 	old_fs = get_fs();
497 	set_fs(get_ds());
498 	p = (__force const char __user *)buf;
499 	if (count > MAX_RW_COUNT)
500 		count =  MAX_RW_COUNT;
501 	ret = __vfs_write(file, p, count, pos);
502 	set_fs(old_fs);
503 	if (ret > 0) {
504 		fsnotify_modify(file);
505 		add_wchar(current, ret);
506 	}
507 	inc_syscw(current);
508 	return ret;
509 }
510 EXPORT_SYMBOL(__kernel_write);
511 
512 ssize_t kernel_write(struct file *file, const void *buf, size_t count,
513 			    loff_t *pos)
514 {
515 	mm_segment_t old_fs;
516 	ssize_t res;
517 
518 	old_fs = get_fs();
519 	set_fs(get_ds());
520 	/* The cast to a user pointer is valid due to the set_fs() */
521 	res = vfs_write(file, (__force const char __user *)buf, count, pos);
522 	set_fs(old_fs);
523 
524 	return res;
525 }
526 EXPORT_SYMBOL(kernel_write);
527 
528 ssize_t vfs_write(struct file *file, const char __user *buf, size_t count, loff_t *pos)
529 {
530 	ssize_t ret;
531 
532 	if (!(file->f_mode & FMODE_WRITE))
533 		return -EBADF;
534 	if (!(file->f_mode & FMODE_CAN_WRITE))
535 		return -EINVAL;
536 	if (unlikely(!access_ok(VERIFY_READ, buf, count)))
537 		return -EFAULT;
538 
539 	ret = rw_verify_area(WRITE, file, pos, count);
540 	if (!ret) {
541 		if (count > MAX_RW_COUNT)
542 			count =  MAX_RW_COUNT;
543 		file_start_write(file);
544 		ret = __vfs_write(file, buf, count, pos);
545 		if (ret > 0) {
546 			fsnotify_modify(file);
547 			add_wchar(current, ret);
548 		}
549 		inc_syscw(current);
550 		file_end_write(file);
551 	}
552 
553 	return ret;
554 }
555 
556 static inline loff_t file_pos_read(struct file *file)
557 {
558 	return file->f_pos;
559 }
560 
561 static inline void file_pos_write(struct file *file, loff_t pos)
562 {
563 	file->f_pos = pos;
564 }
565 
566 SYSCALL_DEFINE3(read, unsigned int, fd, char __user *, buf, size_t, count)
567 {
568 	struct fd f = fdget_pos(fd);
569 	ssize_t ret = -EBADF;
570 
571 	if (f.file) {
572 		loff_t pos = file_pos_read(f.file);
573 		ret = vfs_read(f.file, buf, count, &pos);
574 		if (ret >= 0)
575 			file_pos_write(f.file, pos);
576 		fdput_pos(f);
577 	}
578 	return ret;
579 }
580 
581 SYSCALL_DEFINE3(write, unsigned int, fd, const char __user *, buf,
582 		size_t, count)
583 {
584 	struct fd f = fdget_pos(fd);
585 	ssize_t ret = -EBADF;
586 
587 	if (f.file) {
588 		loff_t pos = file_pos_read(f.file);
589 		ret = vfs_write(f.file, buf, count, &pos);
590 		if (ret >= 0)
591 			file_pos_write(f.file, pos);
592 		fdput_pos(f);
593 	}
594 
595 	return ret;
596 }
597 
598 SYSCALL_DEFINE4(pread64, unsigned int, fd, char __user *, buf,
599 			size_t, count, loff_t, pos)
600 {
601 	struct fd f;
602 	ssize_t ret = -EBADF;
603 
604 	if (pos < 0)
605 		return -EINVAL;
606 
607 	f = fdget(fd);
608 	if (f.file) {
609 		ret = -ESPIPE;
610 		if (f.file->f_mode & FMODE_PREAD)
611 			ret = vfs_read(f.file, buf, count, &pos);
612 		fdput(f);
613 	}
614 
615 	return ret;
616 }
617 
618 SYSCALL_DEFINE4(pwrite64, unsigned int, fd, const char __user *, buf,
619 			 size_t, count, loff_t, pos)
620 {
621 	struct fd f;
622 	ssize_t ret = -EBADF;
623 
624 	if (pos < 0)
625 		return -EINVAL;
626 
627 	f = fdget(fd);
628 	if (f.file) {
629 		ret = -ESPIPE;
630 		if (f.file->f_mode & FMODE_PWRITE)
631 			ret = vfs_write(f.file, buf, count, &pos);
632 		fdput(f);
633 	}
634 
635 	return ret;
636 }
637 
638 static ssize_t do_iter_readv_writev(struct file *filp, struct iov_iter *iter,
639 		loff_t *ppos, int type, rwf_t flags)
640 {
641 	struct kiocb kiocb;
642 	ssize_t ret;
643 
644 	init_sync_kiocb(&kiocb, filp);
645 	ret = kiocb_set_rw_flags(&kiocb, flags);
646 	if (ret)
647 		return ret;
648 	kiocb.ki_pos = *ppos;
649 
650 	if (type == READ)
651 		ret = call_read_iter(filp, &kiocb, iter);
652 	else
653 		ret = call_write_iter(filp, &kiocb, iter);
654 	BUG_ON(ret == -EIOCBQUEUED);
655 	*ppos = kiocb.ki_pos;
656 	return ret;
657 }
658 
659 /* Do it by hand, with file-ops */
660 static ssize_t do_loop_readv_writev(struct file *filp, struct iov_iter *iter,
661 		loff_t *ppos, int type, rwf_t flags)
662 {
663 	ssize_t ret = 0;
664 
665 	if (flags & ~RWF_HIPRI)
666 		return -EOPNOTSUPP;
667 
668 	while (iov_iter_count(iter)) {
669 		struct iovec iovec = iov_iter_iovec(iter);
670 		ssize_t nr;
671 
672 		if (type == READ) {
673 			nr = filp->f_op->read(filp, iovec.iov_base,
674 					      iovec.iov_len, ppos);
675 		} else {
676 			nr = filp->f_op->write(filp, iovec.iov_base,
677 					       iovec.iov_len, ppos);
678 		}
679 
680 		if (nr < 0) {
681 			if (!ret)
682 				ret = nr;
683 			break;
684 		}
685 		ret += nr;
686 		if (nr != iovec.iov_len)
687 			break;
688 		iov_iter_advance(iter, nr);
689 	}
690 
691 	return ret;
692 }
693 
694 /* A write operation does a read from user space and vice versa */
695 #define vrfy_dir(type) ((type) == READ ? VERIFY_WRITE : VERIFY_READ)
696 
697 /**
698  * rw_copy_check_uvector() - Copy an array of &struct iovec from userspace
699  *     into the kernel and check that it is valid.
700  *
701  * @type: One of %CHECK_IOVEC_ONLY, %READ, or %WRITE.
702  * @uvector: Pointer to the userspace array.
703  * @nr_segs: Number of elements in userspace array.
704  * @fast_segs: Number of elements in @fast_pointer.
705  * @fast_pointer: Pointer to (usually small on-stack) kernel array.
706  * @ret_pointer: (output parameter) Pointer to a variable that will point to
707  *     either @fast_pointer, a newly allocated kernel array, or NULL,
708  *     depending on which array was used.
709  *
710  * This function copies an array of &struct iovec of @nr_segs from
711  * userspace into the kernel and checks that each element is valid (e.g.
712  * it does not point to a kernel address or cause overflow by being too
713  * large, etc.).
714  *
715  * As an optimization, the caller may provide a pointer to a small
716  * on-stack array in @fast_pointer, typically %UIO_FASTIOV elements long
717  * (the size of this array, or 0 if unused, should be given in @fast_segs).
718  *
719  * @ret_pointer will always point to the array that was used, so the
720  * caller must take care not to call kfree() on it e.g. in case the
721  * @fast_pointer array was used and it was allocated on the stack.
722  *
723  * Return: The total number of bytes covered by the iovec array on success
724  *   or a negative error code on error.
725  */
726 ssize_t rw_copy_check_uvector(int type, const struct iovec __user * uvector,
727 			      unsigned long nr_segs, unsigned long fast_segs,
728 			      struct iovec *fast_pointer,
729 			      struct iovec **ret_pointer)
730 {
731 	unsigned long seg;
732 	ssize_t ret;
733 	struct iovec *iov = fast_pointer;
734 
735 	/*
736 	 * SuS says "The readv() function *may* fail if the iovcnt argument
737 	 * was less than or equal to 0, or greater than {IOV_MAX}.  Linux has
738 	 * traditionally returned zero for zero segments, so...
739 	 */
740 	if (nr_segs == 0) {
741 		ret = 0;
742 		goto out;
743 	}
744 
745 	/*
746 	 * First get the "struct iovec" from user memory and
747 	 * verify all the pointers
748 	 */
749 	if (nr_segs > UIO_MAXIOV) {
750 		ret = -EINVAL;
751 		goto out;
752 	}
753 	if (nr_segs > fast_segs) {
754 		iov = kmalloc(nr_segs*sizeof(struct iovec), GFP_KERNEL);
755 		if (iov == NULL) {
756 			ret = -ENOMEM;
757 			goto out;
758 		}
759 	}
760 	if (copy_from_user(iov, uvector, nr_segs*sizeof(*uvector))) {
761 		ret = -EFAULT;
762 		goto out;
763 	}
764 
765 	/*
766 	 * According to the Single Unix Specification we should return EINVAL
767 	 * if an element length is < 0 when cast to ssize_t or if the
768 	 * total length would overflow the ssize_t return value of the
769 	 * system call.
770 	 *
771 	 * Linux caps all read/write calls to MAX_RW_COUNT, and avoids the
772 	 * overflow case.
773 	 */
774 	ret = 0;
775 	for (seg = 0; seg < nr_segs; seg++) {
776 		void __user *buf = iov[seg].iov_base;
777 		ssize_t len = (ssize_t)iov[seg].iov_len;
778 
779 		/* see if we we're about to use an invalid len or if
780 		 * it's about to overflow ssize_t */
781 		if (len < 0) {
782 			ret = -EINVAL;
783 			goto out;
784 		}
785 		if (type >= 0
786 		    && unlikely(!access_ok(vrfy_dir(type), buf, len))) {
787 			ret = -EFAULT;
788 			goto out;
789 		}
790 		if (len > MAX_RW_COUNT - ret) {
791 			len = MAX_RW_COUNT - ret;
792 			iov[seg].iov_len = len;
793 		}
794 		ret += len;
795 	}
796 out:
797 	*ret_pointer = iov;
798 	return ret;
799 }
800 
801 #ifdef CONFIG_COMPAT
802 ssize_t compat_rw_copy_check_uvector(int type,
803 		const struct compat_iovec __user *uvector, unsigned long nr_segs,
804 		unsigned long fast_segs, struct iovec *fast_pointer,
805 		struct iovec **ret_pointer)
806 {
807 	compat_ssize_t tot_len;
808 	struct iovec *iov = *ret_pointer = fast_pointer;
809 	ssize_t ret = 0;
810 	int seg;
811 
812 	/*
813 	 * SuS says "The readv() function *may* fail if the iovcnt argument
814 	 * was less than or equal to 0, or greater than {IOV_MAX}.  Linux has
815 	 * traditionally returned zero for zero segments, so...
816 	 */
817 	if (nr_segs == 0)
818 		goto out;
819 
820 	ret = -EINVAL;
821 	if (nr_segs > UIO_MAXIOV)
822 		goto out;
823 	if (nr_segs > fast_segs) {
824 		ret = -ENOMEM;
825 		iov = kmalloc(nr_segs*sizeof(struct iovec), GFP_KERNEL);
826 		if (iov == NULL)
827 			goto out;
828 	}
829 	*ret_pointer = iov;
830 
831 	ret = -EFAULT;
832 	if (!access_ok(VERIFY_READ, uvector, nr_segs*sizeof(*uvector)))
833 		goto out;
834 
835 	/*
836 	 * Single unix specification:
837 	 * We should -EINVAL if an element length is not >= 0 and fitting an
838 	 * ssize_t.
839 	 *
840 	 * In Linux, the total length is limited to MAX_RW_COUNT, there is
841 	 * no overflow possibility.
842 	 */
843 	tot_len = 0;
844 	ret = -EINVAL;
845 	for (seg = 0; seg < nr_segs; seg++) {
846 		compat_uptr_t buf;
847 		compat_ssize_t len;
848 
849 		if (__get_user(len, &uvector->iov_len) ||
850 		   __get_user(buf, &uvector->iov_base)) {
851 			ret = -EFAULT;
852 			goto out;
853 		}
854 		if (len < 0)	/* size_t not fitting in compat_ssize_t .. */
855 			goto out;
856 		if (type >= 0 &&
857 		    !access_ok(vrfy_dir(type), compat_ptr(buf), len)) {
858 			ret = -EFAULT;
859 			goto out;
860 		}
861 		if (len > MAX_RW_COUNT - tot_len)
862 			len = MAX_RW_COUNT - tot_len;
863 		tot_len += len;
864 		iov->iov_base = compat_ptr(buf);
865 		iov->iov_len = (compat_size_t) len;
866 		uvector++;
867 		iov++;
868 	}
869 	ret = tot_len;
870 
871 out:
872 	return ret;
873 }
874 #endif
875 
876 static ssize_t do_iter_read(struct file *file, struct iov_iter *iter,
877 		loff_t *pos, rwf_t flags)
878 {
879 	size_t tot_len;
880 	ssize_t ret = 0;
881 
882 	if (!(file->f_mode & FMODE_READ))
883 		return -EBADF;
884 	if (!(file->f_mode & FMODE_CAN_READ))
885 		return -EINVAL;
886 
887 	tot_len = iov_iter_count(iter);
888 	if (!tot_len)
889 		goto out;
890 	ret = rw_verify_area(READ, file, pos, tot_len);
891 	if (ret < 0)
892 		return ret;
893 
894 	if (file->f_op->read_iter)
895 		ret = do_iter_readv_writev(file, iter, pos, READ, flags);
896 	else
897 		ret = do_loop_readv_writev(file, iter, pos, READ, flags);
898 out:
899 	if (ret >= 0)
900 		fsnotify_access(file);
901 	return ret;
902 }
903 
904 ssize_t vfs_iter_read(struct file *file, struct iov_iter *iter, loff_t *ppos,
905 		rwf_t flags)
906 {
907 	if (!file->f_op->read_iter)
908 		return -EINVAL;
909 	return do_iter_read(file, iter, ppos, flags);
910 }
911 EXPORT_SYMBOL(vfs_iter_read);
912 
913 static ssize_t do_iter_write(struct file *file, struct iov_iter *iter,
914 		loff_t *pos, rwf_t flags)
915 {
916 	size_t tot_len;
917 	ssize_t ret = 0;
918 
919 	if (!(file->f_mode & FMODE_WRITE))
920 		return -EBADF;
921 	if (!(file->f_mode & FMODE_CAN_WRITE))
922 		return -EINVAL;
923 
924 	tot_len = iov_iter_count(iter);
925 	if (!tot_len)
926 		return 0;
927 	ret = rw_verify_area(WRITE, file, pos, tot_len);
928 	if (ret < 0)
929 		return ret;
930 
931 	if (file->f_op->write_iter)
932 		ret = do_iter_readv_writev(file, iter, pos, WRITE, flags);
933 	else
934 		ret = do_loop_readv_writev(file, iter, pos, WRITE, flags);
935 	if (ret > 0)
936 		fsnotify_modify(file);
937 	return ret;
938 }
939 
940 ssize_t vfs_iter_write(struct file *file, struct iov_iter *iter, loff_t *ppos,
941 		rwf_t flags)
942 {
943 	if (!file->f_op->write_iter)
944 		return -EINVAL;
945 	return do_iter_write(file, iter, ppos, flags);
946 }
947 EXPORT_SYMBOL(vfs_iter_write);
948 
949 ssize_t vfs_readv(struct file *file, const struct iovec __user *vec,
950 		  unsigned long vlen, loff_t *pos, rwf_t flags)
951 {
952 	struct iovec iovstack[UIO_FASTIOV];
953 	struct iovec *iov = iovstack;
954 	struct iov_iter iter;
955 	ssize_t ret;
956 
957 	ret = import_iovec(READ, vec, vlen, ARRAY_SIZE(iovstack), &iov, &iter);
958 	if (ret >= 0) {
959 		ret = do_iter_read(file, &iter, pos, flags);
960 		kfree(iov);
961 	}
962 
963 	return ret;
964 }
965 
966 static ssize_t vfs_writev(struct file *file, const struct iovec __user *vec,
967 		   unsigned long vlen, loff_t *pos, rwf_t flags)
968 {
969 	struct iovec iovstack[UIO_FASTIOV];
970 	struct iovec *iov = iovstack;
971 	struct iov_iter iter;
972 	ssize_t ret;
973 
974 	ret = import_iovec(WRITE, vec, vlen, ARRAY_SIZE(iovstack), &iov, &iter);
975 	if (ret >= 0) {
976 		file_start_write(file);
977 		ret = do_iter_write(file, &iter, pos, flags);
978 		file_end_write(file);
979 		kfree(iov);
980 	}
981 	return ret;
982 }
983 
984 static ssize_t do_readv(unsigned long fd, const struct iovec __user *vec,
985 			unsigned long vlen, rwf_t flags)
986 {
987 	struct fd f = fdget_pos(fd);
988 	ssize_t ret = -EBADF;
989 
990 	if (f.file) {
991 		loff_t pos = file_pos_read(f.file);
992 		ret = vfs_readv(f.file, vec, vlen, &pos, flags);
993 		if (ret >= 0)
994 			file_pos_write(f.file, pos);
995 		fdput_pos(f);
996 	}
997 
998 	if (ret > 0)
999 		add_rchar(current, ret);
1000 	inc_syscr(current);
1001 	return ret;
1002 }
1003 
1004 static ssize_t do_writev(unsigned long fd, const struct iovec __user *vec,
1005 			 unsigned long vlen, rwf_t flags)
1006 {
1007 	struct fd f = fdget_pos(fd);
1008 	ssize_t ret = -EBADF;
1009 
1010 	if (f.file) {
1011 		loff_t pos = file_pos_read(f.file);
1012 		ret = vfs_writev(f.file, vec, vlen, &pos, flags);
1013 		if (ret >= 0)
1014 			file_pos_write(f.file, pos);
1015 		fdput_pos(f);
1016 	}
1017 
1018 	if (ret > 0)
1019 		add_wchar(current, ret);
1020 	inc_syscw(current);
1021 	return ret;
1022 }
1023 
1024 static inline loff_t pos_from_hilo(unsigned long high, unsigned long low)
1025 {
1026 #define HALF_LONG_BITS (BITS_PER_LONG / 2)
1027 	return (((loff_t)high << HALF_LONG_BITS) << HALF_LONG_BITS) | low;
1028 }
1029 
1030 static ssize_t do_preadv(unsigned long fd, const struct iovec __user *vec,
1031 			 unsigned long vlen, loff_t pos, rwf_t flags)
1032 {
1033 	struct fd f;
1034 	ssize_t ret = -EBADF;
1035 
1036 	if (pos < 0)
1037 		return -EINVAL;
1038 
1039 	f = fdget(fd);
1040 	if (f.file) {
1041 		ret = -ESPIPE;
1042 		if (f.file->f_mode & FMODE_PREAD)
1043 			ret = vfs_readv(f.file, vec, vlen, &pos, flags);
1044 		fdput(f);
1045 	}
1046 
1047 	if (ret > 0)
1048 		add_rchar(current, ret);
1049 	inc_syscr(current);
1050 	return ret;
1051 }
1052 
1053 static ssize_t do_pwritev(unsigned long fd, const struct iovec __user *vec,
1054 			  unsigned long vlen, loff_t pos, rwf_t flags)
1055 {
1056 	struct fd f;
1057 	ssize_t ret = -EBADF;
1058 
1059 	if (pos < 0)
1060 		return -EINVAL;
1061 
1062 	f = fdget(fd);
1063 	if (f.file) {
1064 		ret = -ESPIPE;
1065 		if (f.file->f_mode & FMODE_PWRITE)
1066 			ret = vfs_writev(f.file, vec, vlen, &pos, flags);
1067 		fdput(f);
1068 	}
1069 
1070 	if (ret > 0)
1071 		add_wchar(current, ret);
1072 	inc_syscw(current);
1073 	return ret;
1074 }
1075 
1076 SYSCALL_DEFINE3(readv, unsigned long, fd, const struct iovec __user *, vec,
1077 		unsigned long, vlen)
1078 {
1079 	return do_readv(fd, vec, vlen, 0);
1080 }
1081 
1082 SYSCALL_DEFINE3(writev, unsigned long, fd, const struct iovec __user *, vec,
1083 		unsigned long, vlen)
1084 {
1085 	return do_writev(fd, vec, vlen, 0);
1086 }
1087 
1088 SYSCALL_DEFINE5(preadv, unsigned long, fd, const struct iovec __user *, vec,
1089 		unsigned long, vlen, unsigned long, pos_l, unsigned long, pos_h)
1090 {
1091 	loff_t pos = pos_from_hilo(pos_h, pos_l);
1092 
1093 	return do_preadv(fd, vec, vlen, pos, 0);
1094 }
1095 
1096 SYSCALL_DEFINE6(preadv2, unsigned long, fd, const struct iovec __user *, vec,
1097 		unsigned long, vlen, unsigned long, pos_l, unsigned long, pos_h,
1098 		rwf_t, flags)
1099 {
1100 	loff_t pos = pos_from_hilo(pos_h, pos_l);
1101 
1102 	if (pos == -1)
1103 		return do_readv(fd, vec, vlen, flags);
1104 
1105 	return do_preadv(fd, vec, vlen, pos, flags);
1106 }
1107 
1108 SYSCALL_DEFINE5(pwritev, unsigned long, fd, const struct iovec __user *, vec,
1109 		unsigned long, vlen, unsigned long, pos_l, unsigned long, pos_h)
1110 {
1111 	loff_t pos = pos_from_hilo(pos_h, pos_l);
1112 
1113 	return do_pwritev(fd, vec, vlen, pos, 0);
1114 }
1115 
1116 SYSCALL_DEFINE6(pwritev2, unsigned long, fd, const struct iovec __user *, vec,
1117 		unsigned long, vlen, unsigned long, pos_l, unsigned long, pos_h,
1118 		rwf_t, flags)
1119 {
1120 	loff_t pos = pos_from_hilo(pos_h, pos_l);
1121 
1122 	if (pos == -1)
1123 		return do_writev(fd, vec, vlen, flags);
1124 
1125 	return do_pwritev(fd, vec, vlen, pos, flags);
1126 }
1127 
1128 #ifdef CONFIG_COMPAT
1129 static size_t compat_readv(struct file *file,
1130 			   const struct compat_iovec __user *vec,
1131 			   unsigned long vlen, loff_t *pos, rwf_t flags)
1132 {
1133 	struct iovec iovstack[UIO_FASTIOV];
1134 	struct iovec *iov = iovstack;
1135 	struct iov_iter iter;
1136 	ssize_t ret;
1137 
1138 	ret = compat_import_iovec(READ, vec, vlen, UIO_FASTIOV, &iov, &iter);
1139 	if (ret >= 0) {
1140 		ret = do_iter_read(file, &iter, pos, flags);
1141 		kfree(iov);
1142 	}
1143 	if (ret > 0)
1144 		add_rchar(current, ret);
1145 	inc_syscr(current);
1146 	return ret;
1147 }
1148 
1149 static size_t do_compat_readv(compat_ulong_t fd,
1150 				 const struct compat_iovec __user *vec,
1151 				 compat_ulong_t vlen, rwf_t flags)
1152 {
1153 	struct fd f = fdget_pos(fd);
1154 	ssize_t ret;
1155 	loff_t pos;
1156 
1157 	if (!f.file)
1158 		return -EBADF;
1159 	pos = f.file->f_pos;
1160 	ret = compat_readv(f.file, vec, vlen, &pos, flags);
1161 	if (ret >= 0)
1162 		f.file->f_pos = pos;
1163 	fdput_pos(f);
1164 	return ret;
1165 
1166 }
1167 
1168 COMPAT_SYSCALL_DEFINE3(readv, compat_ulong_t, fd,
1169 		const struct compat_iovec __user *,vec,
1170 		compat_ulong_t, vlen)
1171 {
1172 	return do_compat_readv(fd, vec, vlen, 0);
1173 }
1174 
1175 static long do_compat_preadv64(unsigned long fd,
1176 				  const struct compat_iovec __user *vec,
1177 				  unsigned long vlen, loff_t pos, rwf_t flags)
1178 {
1179 	struct fd f;
1180 	ssize_t ret;
1181 
1182 	if (pos < 0)
1183 		return -EINVAL;
1184 	f = fdget(fd);
1185 	if (!f.file)
1186 		return -EBADF;
1187 	ret = -ESPIPE;
1188 	if (f.file->f_mode & FMODE_PREAD)
1189 		ret = compat_readv(f.file, vec, vlen, &pos, flags);
1190 	fdput(f);
1191 	return ret;
1192 }
1193 
1194 #ifdef __ARCH_WANT_COMPAT_SYS_PREADV64
1195 COMPAT_SYSCALL_DEFINE4(preadv64, unsigned long, fd,
1196 		const struct compat_iovec __user *,vec,
1197 		unsigned long, vlen, loff_t, pos)
1198 {
1199 	return do_compat_preadv64(fd, vec, vlen, pos, 0);
1200 }
1201 #endif
1202 
1203 COMPAT_SYSCALL_DEFINE5(preadv, compat_ulong_t, fd,
1204 		const struct compat_iovec __user *,vec,
1205 		compat_ulong_t, vlen, u32, pos_low, u32, pos_high)
1206 {
1207 	loff_t pos = ((loff_t)pos_high << 32) | pos_low;
1208 
1209 	return do_compat_preadv64(fd, vec, vlen, pos, 0);
1210 }
1211 
1212 #ifdef __ARCH_WANT_COMPAT_SYS_PREADV64V2
1213 COMPAT_SYSCALL_DEFINE5(preadv64v2, unsigned long, fd,
1214 		const struct compat_iovec __user *,vec,
1215 		unsigned long, vlen, loff_t, pos, rwf_t, flags)
1216 {
1217 	return do_compat_preadv64(fd, vec, vlen, pos, flags);
1218 }
1219 #endif
1220 
1221 COMPAT_SYSCALL_DEFINE6(preadv2, compat_ulong_t, fd,
1222 		const struct compat_iovec __user *,vec,
1223 		compat_ulong_t, vlen, u32, pos_low, u32, pos_high,
1224 		rwf_t, flags)
1225 {
1226 	loff_t pos = ((loff_t)pos_high << 32) | pos_low;
1227 
1228 	if (pos == -1)
1229 		return do_compat_readv(fd, vec, vlen, flags);
1230 
1231 	return do_compat_preadv64(fd, vec, vlen, pos, flags);
1232 }
1233 
1234 static size_t compat_writev(struct file *file,
1235 			    const struct compat_iovec __user *vec,
1236 			    unsigned long vlen, loff_t *pos, rwf_t flags)
1237 {
1238 	struct iovec iovstack[UIO_FASTIOV];
1239 	struct iovec *iov = iovstack;
1240 	struct iov_iter iter;
1241 	ssize_t ret;
1242 
1243 	ret = compat_import_iovec(WRITE, vec, vlen, UIO_FASTIOV, &iov, &iter);
1244 	if (ret >= 0) {
1245 		file_start_write(file);
1246 		ret = do_iter_write(file, &iter, pos, flags);
1247 		file_end_write(file);
1248 		kfree(iov);
1249 	}
1250 	if (ret > 0)
1251 		add_wchar(current, ret);
1252 	inc_syscw(current);
1253 	return ret;
1254 }
1255 
1256 static size_t do_compat_writev(compat_ulong_t fd,
1257 				  const struct compat_iovec __user* vec,
1258 				  compat_ulong_t vlen, rwf_t flags)
1259 {
1260 	struct fd f = fdget_pos(fd);
1261 	ssize_t ret;
1262 	loff_t pos;
1263 
1264 	if (!f.file)
1265 		return -EBADF;
1266 	pos = f.file->f_pos;
1267 	ret = compat_writev(f.file, vec, vlen, &pos, flags);
1268 	if (ret >= 0)
1269 		f.file->f_pos = pos;
1270 	fdput_pos(f);
1271 	return ret;
1272 }
1273 
1274 COMPAT_SYSCALL_DEFINE3(writev, compat_ulong_t, fd,
1275 		const struct compat_iovec __user *, vec,
1276 		compat_ulong_t, vlen)
1277 {
1278 	return do_compat_writev(fd, vec, vlen, 0);
1279 }
1280 
1281 static long do_compat_pwritev64(unsigned long fd,
1282 				   const struct compat_iovec __user *vec,
1283 				   unsigned long vlen, loff_t pos, rwf_t flags)
1284 {
1285 	struct fd f;
1286 	ssize_t ret;
1287 
1288 	if (pos < 0)
1289 		return -EINVAL;
1290 	f = fdget(fd);
1291 	if (!f.file)
1292 		return -EBADF;
1293 	ret = -ESPIPE;
1294 	if (f.file->f_mode & FMODE_PWRITE)
1295 		ret = compat_writev(f.file, vec, vlen, &pos, flags);
1296 	fdput(f);
1297 	return ret;
1298 }
1299 
1300 #ifdef __ARCH_WANT_COMPAT_SYS_PWRITEV64
1301 COMPAT_SYSCALL_DEFINE4(pwritev64, unsigned long, fd,
1302 		const struct compat_iovec __user *,vec,
1303 		unsigned long, vlen, loff_t, pos)
1304 {
1305 	return do_compat_pwritev64(fd, vec, vlen, pos, 0);
1306 }
1307 #endif
1308 
1309 COMPAT_SYSCALL_DEFINE5(pwritev, compat_ulong_t, fd,
1310 		const struct compat_iovec __user *,vec,
1311 		compat_ulong_t, vlen, u32, pos_low, u32, pos_high)
1312 {
1313 	loff_t pos = ((loff_t)pos_high << 32) | pos_low;
1314 
1315 	return do_compat_pwritev64(fd, vec, vlen, pos, 0);
1316 }
1317 
1318 #ifdef __ARCH_WANT_COMPAT_SYS_PWRITEV64V2
1319 COMPAT_SYSCALL_DEFINE5(pwritev64v2, unsigned long, fd,
1320 		const struct compat_iovec __user *,vec,
1321 		unsigned long, vlen, loff_t, pos, rwf_t, flags)
1322 {
1323 	return do_compat_pwritev64(fd, vec, vlen, pos, flags);
1324 }
1325 #endif
1326 
1327 COMPAT_SYSCALL_DEFINE6(pwritev2, compat_ulong_t, fd,
1328 		const struct compat_iovec __user *,vec,
1329 		compat_ulong_t, vlen, u32, pos_low, u32, pos_high, rwf_t, flags)
1330 {
1331 	loff_t pos = ((loff_t)pos_high << 32) | pos_low;
1332 
1333 	if (pos == -1)
1334 		return do_compat_writev(fd, vec, vlen, flags);
1335 
1336 	return do_compat_pwritev64(fd, vec, vlen, pos, flags);
1337 }
1338 
1339 #endif
1340 
1341 static ssize_t do_sendfile(int out_fd, int in_fd, loff_t *ppos,
1342 		  	   size_t count, loff_t max)
1343 {
1344 	struct fd in, out;
1345 	struct inode *in_inode, *out_inode;
1346 	loff_t pos;
1347 	loff_t out_pos;
1348 	ssize_t retval;
1349 	int fl;
1350 
1351 	/*
1352 	 * Get input file, and verify that it is ok..
1353 	 */
1354 	retval = -EBADF;
1355 	in = fdget(in_fd);
1356 	if (!in.file)
1357 		goto out;
1358 	if (!(in.file->f_mode & FMODE_READ))
1359 		goto fput_in;
1360 	retval = -ESPIPE;
1361 	if (!ppos) {
1362 		pos = in.file->f_pos;
1363 	} else {
1364 		pos = *ppos;
1365 		if (!(in.file->f_mode & FMODE_PREAD))
1366 			goto fput_in;
1367 	}
1368 	retval = rw_verify_area(READ, in.file, &pos, count);
1369 	if (retval < 0)
1370 		goto fput_in;
1371 	if (count > MAX_RW_COUNT)
1372 		count =  MAX_RW_COUNT;
1373 
1374 	/*
1375 	 * Get output file, and verify that it is ok..
1376 	 */
1377 	retval = -EBADF;
1378 	out = fdget(out_fd);
1379 	if (!out.file)
1380 		goto fput_in;
1381 	if (!(out.file->f_mode & FMODE_WRITE))
1382 		goto fput_out;
1383 	retval = -EINVAL;
1384 	in_inode = file_inode(in.file);
1385 	out_inode = file_inode(out.file);
1386 	out_pos = out.file->f_pos;
1387 	retval = rw_verify_area(WRITE, out.file, &out_pos, count);
1388 	if (retval < 0)
1389 		goto fput_out;
1390 
1391 	if (!max)
1392 		max = min(in_inode->i_sb->s_maxbytes, out_inode->i_sb->s_maxbytes);
1393 
1394 	if (unlikely(pos + count > max)) {
1395 		retval = -EOVERFLOW;
1396 		if (pos >= max)
1397 			goto fput_out;
1398 		count = max - pos;
1399 	}
1400 
1401 	fl = 0;
1402 #if 0
1403 	/*
1404 	 * We need to debate whether we can enable this or not. The
1405 	 * man page documents EAGAIN return for the output at least,
1406 	 * and the application is arguably buggy if it doesn't expect
1407 	 * EAGAIN on a non-blocking file descriptor.
1408 	 */
1409 	if (in.file->f_flags & O_NONBLOCK)
1410 		fl = SPLICE_F_NONBLOCK;
1411 #endif
1412 	file_start_write(out.file);
1413 	retval = do_splice_direct(in.file, &pos, out.file, &out_pos, count, fl);
1414 	file_end_write(out.file);
1415 
1416 	if (retval > 0) {
1417 		add_rchar(current, retval);
1418 		add_wchar(current, retval);
1419 		fsnotify_access(in.file);
1420 		fsnotify_modify(out.file);
1421 		out.file->f_pos = out_pos;
1422 		if (ppos)
1423 			*ppos = pos;
1424 		else
1425 			in.file->f_pos = pos;
1426 	}
1427 
1428 	inc_syscr(current);
1429 	inc_syscw(current);
1430 	if (pos > max)
1431 		retval = -EOVERFLOW;
1432 
1433 fput_out:
1434 	fdput(out);
1435 fput_in:
1436 	fdput(in);
1437 out:
1438 	return retval;
1439 }
1440 
1441 SYSCALL_DEFINE4(sendfile, int, out_fd, int, in_fd, off_t __user *, offset, size_t, count)
1442 {
1443 	loff_t pos;
1444 	off_t off;
1445 	ssize_t ret;
1446 
1447 	if (offset) {
1448 		if (unlikely(get_user(off, offset)))
1449 			return -EFAULT;
1450 		pos = off;
1451 		ret = do_sendfile(out_fd, in_fd, &pos, count, MAX_NON_LFS);
1452 		if (unlikely(put_user(pos, offset)))
1453 			return -EFAULT;
1454 		return ret;
1455 	}
1456 
1457 	return do_sendfile(out_fd, in_fd, NULL, count, 0);
1458 }
1459 
1460 SYSCALL_DEFINE4(sendfile64, int, out_fd, int, in_fd, loff_t __user *, offset, size_t, count)
1461 {
1462 	loff_t pos;
1463 	ssize_t ret;
1464 
1465 	if (offset) {
1466 		if (unlikely(copy_from_user(&pos, offset, sizeof(loff_t))))
1467 			return -EFAULT;
1468 		ret = do_sendfile(out_fd, in_fd, &pos, count, 0);
1469 		if (unlikely(put_user(pos, offset)))
1470 			return -EFAULT;
1471 		return ret;
1472 	}
1473 
1474 	return do_sendfile(out_fd, in_fd, NULL, count, 0);
1475 }
1476 
1477 #ifdef CONFIG_COMPAT
1478 COMPAT_SYSCALL_DEFINE4(sendfile, int, out_fd, int, in_fd,
1479 		compat_off_t __user *, offset, compat_size_t, count)
1480 {
1481 	loff_t pos;
1482 	off_t off;
1483 	ssize_t ret;
1484 
1485 	if (offset) {
1486 		if (unlikely(get_user(off, offset)))
1487 			return -EFAULT;
1488 		pos = off;
1489 		ret = do_sendfile(out_fd, in_fd, &pos, count, MAX_NON_LFS);
1490 		if (unlikely(put_user(pos, offset)))
1491 			return -EFAULT;
1492 		return ret;
1493 	}
1494 
1495 	return do_sendfile(out_fd, in_fd, NULL, count, 0);
1496 }
1497 
1498 COMPAT_SYSCALL_DEFINE4(sendfile64, int, out_fd, int, in_fd,
1499 		compat_loff_t __user *, offset, compat_size_t, count)
1500 {
1501 	loff_t pos;
1502 	ssize_t ret;
1503 
1504 	if (offset) {
1505 		if (unlikely(copy_from_user(&pos, offset, sizeof(loff_t))))
1506 			return -EFAULT;
1507 		ret = do_sendfile(out_fd, in_fd, &pos, count, 0);
1508 		if (unlikely(put_user(pos, offset)))
1509 			return -EFAULT;
1510 		return ret;
1511 	}
1512 
1513 	return do_sendfile(out_fd, in_fd, NULL, count, 0);
1514 }
1515 #endif
1516 
1517 /*
1518  * copy_file_range() differs from regular file read and write in that it
1519  * specifically allows return partial success.  When it does so is up to
1520  * the copy_file_range method.
1521  */
1522 ssize_t vfs_copy_file_range(struct file *file_in, loff_t pos_in,
1523 			    struct file *file_out, loff_t pos_out,
1524 			    size_t len, unsigned int flags)
1525 {
1526 	struct inode *inode_in = file_inode(file_in);
1527 	struct inode *inode_out = file_inode(file_out);
1528 	ssize_t ret;
1529 
1530 	if (flags != 0)
1531 		return -EINVAL;
1532 
1533 	if (S_ISDIR(inode_in->i_mode) || S_ISDIR(inode_out->i_mode))
1534 		return -EISDIR;
1535 	if (!S_ISREG(inode_in->i_mode) || !S_ISREG(inode_out->i_mode))
1536 		return -EINVAL;
1537 
1538 	ret = rw_verify_area(READ, file_in, &pos_in, len);
1539 	if (unlikely(ret))
1540 		return ret;
1541 
1542 	ret = rw_verify_area(WRITE, file_out, &pos_out, len);
1543 	if (unlikely(ret))
1544 		return ret;
1545 
1546 	if (!(file_in->f_mode & FMODE_READ) ||
1547 	    !(file_out->f_mode & FMODE_WRITE) ||
1548 	    (file_out->f_flags & O_APPEND))
1549 		return -EBADF;
1550 
1551 	/* this could be relaxed once a method supports cross-fs copies */
1552 	if (inode_in->i_sb != inode_out->i_sb)
1553 		return -EXDEV;
1554 
1555 	if (len == 0)
1556 		return 0;
1557 
1558 	file_start_write(file_out);
1559 
1560 	/*
1561 	 * Try cloning first, this is supported by more file systems, and
1562 	 * more efficient if both clone and copy are supported (e.g. NFS).
1563 	 */
1564 	if (file_in->f_op->clone_file_range) {
1565 		ret = file_in->f_op->clone_file_range(file_in, pos_in,
1566 				file_out, pos_out, len);
1567 		if (ret == 0) {
1568 			ret = len;
1569 			goto done;
1570 		}
1571 	}
1572 
1573 	if (file_out->f_op->copy_file_range) {
1574 		ret = file_out->f_op->copy_file_range(file_in, pos_in, file_out,
1575 						      pos_out, len, flags);
1576 		if (ret != -EOPNOTSUPP)
1577 			goto done;
1578 	}
1579 
1580 	ret = do_splice_direct(file_in, &pos_in, file_out, &pos_out,
1581 			len > MAX_RW_COUNT ? MAX_RW_COUNT : len, 0);
1582 
1583 done:
1584 	if (ret > 0) {
1585 		fsnotify_access(file_in);
1586 		add_rchar(current, ret);
1587 		fsnotify_modify(file_out);
1588 		add_wchar(current, ret);
1589 	}
1590 
1591 	inc_syscr(current);
1592 	inc_syscw(current);
1593 
1594 	file_end_write(file_out);
1595 
1596 	return ret;
1597 }
1598 EXPORT_SYMBOL(vfs_copy_file_range);
1599 
1600 SYSCALL_DEFINE6(copy_file_range, int, fd_in, loff_t __user *, off_in,
1601 		int, fd_out, loff_t __user *, off_out,
1602 		size_t, len, unsigned int, flags)
1603 {
1604 	loff_t pos_in;
1605 	loff_t pos_out;
1606 	struct fd f_in;
1607 	struct fd f_out;
1608 	ssize_t ret = -EBADF;
1609 
1610 	f_in = fdget(fd_in);
1611 	if (!f_in.file)
1612 		goto out2;
1613 
1614 	f_out = fdget(fd_out);
1615 	if (!f_out.file)
1616 		goto out1;
1617 
1618 	ret = -EFAULT;
1619 	if (off_in) {
1620 		if (copy_from_user(&pos_in, off_in, sizeof(loff_t)))
1621 			goto out;
1622 	} else {
1623 		pos_in = f_in.file->f_pos;
1624 	}
1625 
1626 	if (off_out) {
1627 		if (copy_from_user(&pos_out, off_out, sizeof(loff_t)))
1628 			goto out;
1629 	} else {
1630 		pos_out = f_out.file->f_pos;
1631 	}
1632 
1633 	ret = vfs_copy_file_range(f_in.file, pos_in, f_out.file, pos_out, len,
1634 				  flags);
1635 	if (ret > 0) {
1636 		pos_in += ret;
1637 		pos_out += ret;
1638 
1639 		if (off_in) {
1640 			if (copy_to_user(off_in, &pos_in, sizeof(loff_t)))
1641 				ret = -EFAULT;
1642 		} else {
1643 			f_in.file->f_pos = pos_in;
1644 		}
1645 
1646 		if (off_out) {
1647 			if (copy_to_user(off_out, &pos_out, sizeof(loff_t)))
1648 				ret = -EFAULT;
1649 		} else {
1650 			f_out.file->f_pos = pos_out;
1651 		}
1652 	}
1653 
1654 out:
1655 	fdput(f_out);
1656 out1:
1657 	fdput(f_in);
1658 out2:
1659 	return ret;
1660 }
1661 
1662 static int clone_verify_area(struct file *file, loff_t pos, u64 len, bool write)
1663 {
1664 	struct inode *inode = file_inode(file);
1665 
1666 	if (unlikely(pos < 0))
1667 		return -EINVAL;
1668 
1669 	 if (unlikely((loff_t) (pos + len) < 0))
1670 		return -EINVAL;
1671 
1672 	if (unlikely(inode->i_flctx && mandatory_lock(inode))) {
1673 		loff_t end = len ? pos + len - 1 : OFFSET_MAX;
1674 		int retval;
1675 
1676 		retval = locks_mandatory_area(inode, file, pos, end,
1677 				write ? F_WRLCK : F_RDLCK);
1678 		if (retval < 0)
1679 			return retval;
1680 	}
1681 
1682 	return security_file_permission(file, write ? MAY_WRITE : MAY_READ);
1683 }
1684 
1685 /*
1686  * Check that the two inodes are eligible for cloning, the ranges make
1687  * sense, and then flush all dirty data.  Caller must ensure that the
1688  * inodes have been locked against any other modifications.
1689  *
1690  * Returns: 0 for "nothing to clone", 1 for "something to clone", or
1691  * the usual negative error code.
1692  */
1693 int vfs_clone_file_prep_inodes(struct inode *inode_in, loff_t pos_in,
1694 			       struct inode *inode_out, loff_t pos_out,
1695 			       u64 *len, bool is_dedupe)
1696 {
1697 	loff_t bs = inode_out->i_sb->s_blocksize;
1698 	loff_t blen;
1699 	loff_t isize;
1700 	bool same_inode = (inode_in == inode_out);
1701 	int ret;
1702 
1703 	/* Don't touch certain kinds of inodes */
1704 	if (IS_IMMUTABLE(inode_out))
1705 		return -EPERM;
1706 
1707 	if (IS_SWAPFILE(inode_in) || IS_SWAPFILE(inode_out))
1708 		return -ETXTBSY;
1709 
1710 	/* Don't reflink dirs, pipes, sockets... */
1711 	if (S_ISDIR(inode_in->i_mode) || S_ISDIR(inode_out->i_mode))
1712 		return -EISDIR;
1713 	if (!S_ISREG(inode_in->i_mode) || !S_ISREG(inode_out->i_mode))
1714 		return -EINVAL;
1715 
1716 	/* Are we going all the way to the end? */
1717 	isize = i_size_read(inode_in);
1718 	if (isize == 0)
1719 		return 0;
1720 
1721 	/* Zero length dedupe exits immediately; reflink goes to EOF. */
1722 	if (*len == 0) {
1723 		if (is_dedupe || pos_in == isize)
1724 			return 0;
1725 		if (pos_in > isize)
1726 			return -EINVAL;
1727 		*len = isize - pos_in;
1728 	}
1729 
1730 	/* Ensure offsets don't wrap and the input is inside i_size */
1731 	if (pos_in + *len < pos_in || pos_out + *len < pos_out ||
1732 	    pos_in + *len > isize)
1733 		return -EINVAL;
1734 
1735 	/* Don't allow dedupe past EOF in the dest file */
1736 	if (is_dedupe) {
1737 		loff_t	disize;
1738 
1739 		disize = i_size_read(inode_out);
1740 		if (pos_out >= disize || pos_out + *len > disize)
1741 			return -EINVAL;
1742 	}
1743 
1744 	/* If we're linking to EOF, continue to the block boundary. */
1745 	if (pos_in + *len == isize)
1746 		blen = ALIGN(isize, bs) - pos_in;
1747 	else
1748 		blen = *len;
1749 
1750 	/* Only reflink if we're aligned to block boundaries */
1751 	if (!IS_ALIGNED(pos_in, bs) || !IS_ALIGNED(pos_in + blen, bs) ||
1752 	    !IS_ALIGNED(pos_out, bs) || !IS_ALIGNED(pos_out + blen, bs))
1753 		return -EINVAL;
1754 
1755 	/* Don't allow overlapped reflink within the same file */
1756 	if (same_inode) {
1757 		if (pos_out + blen > pos_in && pos_out < pos_in + blen)
1758 			return -EINVAL;
1759 	}
1760 
1761 	/* Wait for the completion of any pending IOs on both files */
1762 	inode_dio_wait(inode_in);
1763 	if (!same_inode)
1764 		inode_dio_wait(inode_out);
1765 
1766 	ret = filemap_write_and_wait_range(inode_in->i_mapping,
1767 			pos_in, pos_in + *len - 1);
1768 	if (ret)
1769 		return ret;
1770 
1771 	ret = filemap_write_and_wait_range(inode_out->i_mapping,
1772 			pos_out, pos_out + *len - 1);
1773 	if (ret)
1774 		return ret;
1775 
1776 	/*
1777 	 * Check that the extents are the same.
1778 	 */
1779 	if (is_dedupe) {
1780 		bool		is_same = false;
1781 
1782 		ret = vfs_dedupe_file_range_compare(inode_in, pos_in,
1783 				inode_out, pos_out, *len, &is_same);
1784 		if (ret)
1785 			return ret;
1786 		if (!is_same)
1787 			return -EBADE;
1788 	}
1789 
1790 	return 1;
1791 }
1792 EXPORT_SYMBOL(vfs_clone_file_prep_inodes);
1793 
1794 int vfs_clone_file_range(struct file *file_in, loff_t pos_in,
1795 		struct file *file_out, loff_t pos_out, u64 len)
1796 {
1797 	struct inode *inode_in = file_inode(file_in);
1798 	struct inode *inode_out = file_inode(file_out);
1799 	int ret;
1800 
1801 	if (S_ISDIR(inode_in->i_mode) || S_ISDIR(inode_out->i_mode))
1802 		return -EISDIR;
1803 	if (!S_ISREG(inode_in->i_mode) || !S_ISREG(inode_out->i_mode))
1804 		return -EINVAL;
1805 
1806 	/*
1807 	 * FICLONE/FICLONERANGE ioctls enforce that src and dest files are on
1808 	 * the same mount. Practically, they only need to be on the same file
1809 	 * system.
1810 	 */
1811 	if (inode_in->i_sb != inode_out->i_sb)
1812 		return -EXDEV;
1813 
1814 	if (!(file_in->f_mode & FMODE_READ) ||
1815 	    !(file_out->f_mode & FMODE_WRITE) ||
1816 	    (file_out->f_flags & O_APPEND))
1817 		return -EBADF;
1818 
1819 	if (!file_in->f_op->clone_file_range)
1820 		return -EOPNOTSUPP;
1821 
1822 	ret = clone_verify_area(file_in, pos_in, len, false);
1823 	if (ret)
1824 		return ret;
1825 
1826 	ret = clone_verify_area(file_out, pos_out, len, true);
1827 	if (ret)
1828 		return ret;
1829 
1830 	if (pos_in + len > i_size_read(inode_in))
1831 		return -EINVAL;
1832 
1833 	ret = file_in->f_op->clone_file_range(file_in, pos_in,
1834 			file_out, pos_out, len);
1835 	if (!ret) {
1836 		fsnotify_access(file_in);
1837 		fsnotify_modify(file_out);
1838 	}
1839 
1840 	return ret;
1841 }
1842 EXPORT_SYMBOL(vfs_clone_file_range);
1843 
1844 /*
1845  * Read a page's worth of file data into the page cache.  Return the page
1846  * locked.
1847  */
1848 static struct page *vfs_dedupe_get_page(struct inode *inode, loff_t offset)
1849 {
1850 	struct address_space *mapping;
1851 	struct page *page;
1852 	pgoff_t n;
1853 
1854 	n = offset >> PAGE_SHIFT;
1855 	mapping = inode->i_mapping;
1856 	page = read_mapping_page(mapping, n, NULL);
1857 	if (IS_ERR(page))
1858 		return page;
1859 	if (!PageUptodate(page)) {
1860 		put_page(page);
1861 		return ERR_PTR(-EIO);
1862 	}
1863 	lock_page(page);
1864 	return page;
1865 }
1866 
1867 /*
1868  * Compare extents of two files to see if they are the same.
1869  * Caller must have locked both inodes to prevent write races.
1870  */
1871 int vfs_dedupe_file_range_compare(struct inode *src, loff_t srcoff,
1872 				  struct inode *dest, loff_t destoff,
1873 				  loff_t len, bool *is_same)
1874 {
1875 	loff_t src_poff;
1876 	loff_t dest_poff;
1877 	void *src_addr;
1878 	void *dest_addr;
1879 	struct page *src_page;
1880 	struct page *dest_page;
1881 	loff_t cmp_len;
1882 	bool same;
1883 	int error;
1884 
1885 	error = -EINVAL;
1886 	same = true;
1887 	while (len) {
1888 		src_poff = srcoff & (PAGE_SIZE - 1);
1889 		dest_poff = destoff & (PAGE_SIZE - 1);
1890 		cmp_len = min(PAGE_SIZE - src_poff,
1891 			      PAGE_SIZE - dest_poff);
1892 		cmp_len = min(cmp_len, len);
1893 		if (cmp_len <= 0)
1894 			goto out_error;
1895 
1896 		src_page = vfs_dedupe_get_page(src, srcoff);
1897 		if (IS_ERR(src_page)) {
1898 			error = PTR_ERR(src_page);
1899 			goto out_error;
1900 		}
1901 		dest_page = vfs_dedupe_get_page(dest, destoff);
1902 		if (IS_ERR(dest_page)) {
1903 			error = PTR_ERR(dest_page);
1904 			unlock_page(src_page);
1905 			put_page(src_page);
1906 			goto out_error;
1907 		}
1908 		src_addr = kmap_atomic(src_page);
1909 		dest_addr = kmap_atomic(dest_page);
1910 
1911 		flush_dcache_page(src_page);
1912 		flush_dcache_page(dest_page);
1913 
1914 		if (memcmp(src_addr + src_poff, dest_addr + dest_poff, cmp_len))
1915 			same = false;
1916 
1917 		kunmap_atomic(dest_addr);
1918 		kunmap_atomic(src_addr);
1919 		unlock_page(dest_page);
1920 		unlock_page(src_page);
1921 		put_page(dest_page);
1922 		put_page(src_page);
1923 
1924 		if (!same)
1925 			break;
1926 
1927 		srcoff += cmp_len;
1928 		destoff += cmp_len;
1929 		len -= cmp_len;
1930 	}
1931 
1932 	*is_same = same;
1933 	return 0;
1934 
1935 out_error:
1936 	return error;
1937 }
1938 EXPORT_SYMBOL(vfs_dedupe_file_range_compare);
1939 
1940 int vfs_dedupe_file_range(struct file *file, struct file_dedupe_range *same)
1941 {
1942 	struct file_dedupe_range_info *info;
1943 	struct inode *src = file_inode(file);
1944 	u64 off;
1945 	u64 len;
1946 	int i;
1947 	int ret;
1948 	bool is_admin = capable(CAP_SYS_ADMIN);
1949 	u16 count = same->dest_count;
1950 	struct file *dst_file;
1951 	loff_t dst_off;
1952 	ssize_t deduped;
1953 
1954 	if (!(file->f_mode & FMODE_READ))
1955 		return -EINVAL;
1956 
1957 	if (same->reserved1 || same->reserved2)
1958 		return -EINVAL;
1959 
1960 	off = same->src_offset;
1961 	len = same->src_length;
1962 
1963 	ret = -EISDIR;
1964 	if (S_ISDIR(src->i_mode))
1965 		goto out;
1966 
1967 	ret = -EINVAL;
1968 	if (!S_ISREG(src->i_mode))
1969 		goto out;
1970 
1971 	ret = clone_verify_area(file, off, len, false);
1972 	if (ret < 0)
1973 		goto out;
1974 	ret = 0;
1975 
1976 	if (off + len > i_size_read(src))
1977 		return -EINVAL;
1978 
1979 	/* pre-format output fields to sane values */
1980 	for (i = 0; i < count; i++) {
1981 		same->info[i].bytes_deduped = 0ULL;
1982 		same->info[i].status = FILE_DEDUPE_RANGE_SAME;
1983 	}
1984 
1985 	for (i = 0, info = same->info; i < count; i++, info++) {
1986 		struct inode *dst;
1987 		struct fd dst_fd = fdget(info->dest_fd);
1988 
1989 		dst_file = dst_fd.file;
1990 		if (!dst_file) {
1991 			info->status = -EBADF;
1992 			goto next_loop;
1993 		}
1994 		dst = file_inode(dst_file);
1995 
1996 		ret = mnt_want_write_file(dst_file);
1997 		if (ret) {
1998 			info->status = ret;
1999 			goto next_loop;
2000 		}
2001 
2002 		dst_off = info->dest_offset;
2003 		ret = clone_verify_area(dst_file, dst_off, len, true);
2004 		if (ret < 0) {
2005 			info->status = ret;
2006 			goto next_file;
2007 		}
2008 		ret = 0;
2009 
2010 		if (info->reserved) {
2011 			info->status = -EINVAL;
2012 		} else if (!(is_admin || (dst_file->f_mode & FMODE_WRITE))) {
2013 			info->status = -EINVAL;
2014 		} else if (file->f_path.mnt != dst_file->f_path.mnt) {
2015 			info->status = -EXDEV;
2016 		} else if (S_ISDIR(dst->i_mode)) {
2017 			info->status = -EISDIR;
2018 		} else if (dst_file->f_op->dedupe_file_range == NULL) {
2019 			info->status = -EINVAL;
2020 		} else {
2021 			deduped = dst_file->f_op->dedupe_file_range(file, off,
2022 							len, dst_file,
2023 							info->dest_offset);
2024 			if (deduped == -EBADE)
2025 				info->status = FILE_DEDUPE_RANGE_DIFFERS;
2026 			else if (deduped < 0)
2027 				info->status = deduped;
2028 			else
2029 				info->bytes_deduped += deduped;
2030 		}
2031 
2032 next_file:
2033 		mnt_drop_write_file(dst_file);
2034 next_loop:
2035 		fdput(dst_fd);
2036 
2037 		if (fatal_signal_pending(current))
2038 			goto out;
2039 	}
2040 
2041 out:
2042 	return ret;
2043 }
2044 EXPORT_SYMBOL(vfs_dedupe_file_range);
2045