1 /* 2 * linux/fs/read_write.c 3 * 4 * Copyright (C) 1991, 1992 Linus Torvalds 5 */ 6 7 #include <linux/slab.h> 8 #include <linux/stat.h> 9 #include <linux/fcntl.h> 10 #include <linux/file.h> 11 #include <linux/uio.h> 12 #include <linux/fsnotify.h> 13 #include <linux/security.h> 14 #include <linux/export.h> 15 #include <linux/syscalls.h> 16 #include <linux/pagemap.h> 17 #include <linux/splice.h> 18 #include <linux/compat.h> 19 #include "internal.h" 20 21 #include <asm/uaccess.h> 22 #include <asm/unistd.h> 23 24 typedef ssize_t (*io_fn_t)(struct file *, char __user *, size_t, loff_t *); 25 typedef ssize_t (*iter_fn_t)(struct kiocb *, struct iov_iter *); 26 27 const struct file_operations generic_ro_fops = { 28 .llseek = generic_file_llseek, 29 .read_iter = generic_file_read_iter, 30 .mmap = generic_file_readonly_mmap, 31 .splice_read = generic_file_splice_read, 32 }; 33 34 EXPORT_SYMBOL(generic_ro_fops); 35 36 static inline int unsigned_offsets(struct file *file) 37 { 38 return file->f_mode & FMODE_UNSIGNED_OFFSET; 39 } 40 41 /** 42 * vfs_setpos - update the file offset for lseek 43 * @file: file structure in question 44 * @offset: file offset to seek to 45 * @maxsize: maximum file size 46 * 47 * This is a low-level filesystem helper for updating the file offset to 48 * the value specified by @offset if the given offset is valid and it is 49 * not equal to the current file offset. 50 * 51 * Return the specified offset on success and -EINVAL on invalid offset. 52 */ 53 loff_t vfs_setpos(struct file *file, loff_t offset, loff_t maxsize) 54 { 55 if (offset < 0 && !unsigned_offsets(file)) 56 return -EINVAL; 57 if (offset > maxsize) 58 return -EINVAL; 59 60 if (offset != file->f_pos) { 61 file->f_pos = offset; 62 file->f_version = 0; 63 } 64 return offset; 65 } 66 EXPORT_SYMBOL(vfs_setpos); 67 68 /** 69 * generic_file_llseek_size - generic llseek implementation for regular files 70 * @file: file structure to seek on 71 * @offset: file offset to seek to 72 * @whence: type of seek 73 * @size: max size of this file in file system 74 * @eof: offset used for SEEK_END position 75 * 76 * This is a variant of generic_file_llseek that allows passing in a custom 77 * maximum file size and a custom EOF position, for e.g. hashed directories 78 * 79 * Synchronization: 80 * SEEK_SET and SEEK_END are unsynchronized (but atomic on 64bit platforms) 81 * SEEK_CUR is synchronized against other SEEK_CURs, but not read/writes. 82 * read/writes behave like SEEK_SET against seeks. 83 */ 84 loff_t 85 generic_file_llseek_size(struct file *file, loff_t offset, int whence, 86 loff_t maxsize, loff_t eof) 87 { 88 switch (whence) { 89 case SEEK_END: 90 offset += eof; 91 break; 92 case SEEK_CUR: 93 /* 94 * Here we special-case the lseek(fd, 0, SEEK_CUR) 95 * position-querying operation. Avoid rewriting the "same" 96 * f_pos value back to the file because a concurrent read(), 97 * write() or lseek() might have altered it 98 */ 99 if (offset == 0) 100 return file->f_pos; 101 /* 102 * f_lock protects against read/modify/write race with other 103 * SEEK_CURs. Note that parallel writes and reads behave 104 * like SEEK_SET. 105 */ 106 spin_lock(&file->f_lock); 107 offset = vfs_setpos(file, file->f_pos + offset, maxsize); 108 spin_unlock(&file->f_lock); 109 return offset; 110 case SEEK_DATA: 111 /* 112 * In the generic case the entire file is data, so as long as 113 * offset isn't at the end of the file then the offset is data. 114 */ 115 if (offset >= eof) 116 return -ENXIO; 117 break; 118 case SEEK_HOLE: 119 /* 120 * There is a virtual hole at the end of the file, so as long as 121 * offset isn't i_size or larger, return i_size. 122 */ 123 if (offset >= eof) 124 return -ENXIO; 125 offset = eof; 126 break; 127 } 128 129 return vfs_setpos(file, offset, maxsize); 130 } 131 EXPORT_SYMBOL(generic_file_llseek_size); 132 133 /** 134 * generic_file_llseek - generic llseek implementation for regular files 135 * @file: file structure to seek on 136 * @offset: file offset to seek to 137 * @whence: type of seek 138 * 139 * This is a generic implemenation of ->llseek useable for all normal local 140 * filesystems. It just updates the file offset to the value specified by 141 * @offset and @whence. 142 */ 143 loff_t generic_file_llseek(struct file *file, loff_t offset, int whence) 144 { 145 struct inode *inode = file->f_mapping->host; 146 147 return generic_file_llseek_size(file, offset, whence, 148 inode->i_sb->s_maxbytes, 149 i_size_read(inode)); 150 } 151 EXPORT_SYMBOL(generic_file_llseek); 152 153 /** 154 * fixed_size_llseek - llseek implementation for fixed-sized devices 155 * @file: file structure to seek on 156 * @offset: file offset to seek to 157 * @whence: type of seek 158 * @size: size of the file 159 * 160 */ 161 loff_t fixed_size_llseek(struct file *file, loff_t offset, int whence, loff_t size) 162 { 163 switch (whence) { 164 case SEEK_SET: case SEEK_CUR: case SEEK_END: 165 return generic_file_llseek_size(file, offset, whence, 166 size, size); 167 default: 168 return -EINVAL; 169 } 170 } 171 EXPORT_SYMBOL(fixed_size_llseek); 172 173 /** 174 * noop_llseek - No Operation Performed llseek implementation 175 * @file: file structure to seek on 176 * @offset: file offset to seek to 177 * @whence: type of seek 178 * 179 * This is an implementation of ->llseek useable for the rare special case when 180 * userspace expects the seek to succeed but the (device) file is actually not 181 * able to perform the seek. In this case you use noop_llseek() instead of 182 * falling back to the default implementation of ->llseek. 183 */ 184 loff_t noop_llseek(struct file *file, loff_t offset, int whence) 185 { 186 return file->f_pos; 187 } 188 EXPORT_SYMBOL(noop_llseek); 189 190 loff_t no_llseek(struct file *file, loff_t offset, int whence) 191 { 192 return -ESPIPE; 193 } 194 EXPORT_SYMBOL(no_llseek); 195 196 loff_t default_llseek(struct file *file, loff_t offset, int whence) 197 { 198 struct inode *inode = file_inode(file); 199 loff_t retval; 200 201 mutex_lock(&inode->i_mutex); 202 switch (whence) { 203 case SEEK_END: 204 offset += i_size_read(inode); 205 break; 206 case SEEK_CUR: 207 if (offset == 0) { 208 retval = file->f_pos; 209 goto out; 210 } 211 offset += file->f_pos; 212 break; 213 case SEEK_DATA: 214 /* 215 * In the generic case the entire file is data, so as 216 * long as offset isn't at the end of the file then the 217 * offset is data. 218 */ 219 if (offset >= inode->i_size) { 220 retval = -ENXIO; 221 goto out; 222 } 223 break; 224 case SEEK_HOLE: 225 /* 226 * There is a virtual hole at the end of the file, so 227 * as long as offset isn't i_size or larger, return 228 * i_size. 229 */ 230 if (offset >= inode->i_size) { 231 retval = -ENXIO; 232 goto out; 233 } 234 offset = inode->i_size; 235 break; 236 } 237 retval = -EINVAL; 238 if (offset >= 0 || unsigned_offsets(file)) { 239 if (offset != file->f_pos) { 240 file->f_pos = offset; 241 file->f_version = 0; 242 } 243 retval = offset; 244 } 245 out: 246 mutex_unlock(&inode->i_mutex); 247 return retval; 248 } 249 EXPORT_SYMBOL(default_llseek); 250 251 loff_t vfs_llseek(struct file *file, loff_t offset, int whence) 252 { 253 loff_t (*fn)(struct file *, loff_t, int); 254 255 fn = no_llseek; 256 if (file->f_mode & FMODE_LSEEK) { 257 if (file->f_op->llseek) 258 fn = file->f_op->llseek; 259 } 260 return fn(file, offset, whence); 261 } 262 EXPORT_SYMBOL(vfs_llseek); 263 264 static inline struct fd fdget_pos(int fd) 265 { 266 return __to_fd(__fdget_pos(fd)); 267 } 268 269 static inline void fdput_pos(struct fd f) 270 { 271 if (f.flags & FDPUT_POS_UNLOCK) 272 mutex_unlock(&f.file->f_pos_lock); 273 fdput(f); 274 } 275 276 SYSCALL_DEFINE3(lseek, unsigned int, fd, off_t, offset, unsigned int, whence) 277 { 278 off_t retval; 279 struct fd f = fdget_pos(fd); 280 if (!f.file) 281 return -EBADF; 282 283 retval = -EINVAL; 284 if (whence <= SEEK_MAX) { 285 loff_t res = vfs_llseek(f.file, offset, whence); 286 retval = res; 287 if (res != (loff_t)retval) 288 retval = -EOVERFLOW; /* LFS: should only happen on 32 bit platforms */ 289 } 290 fdput_pos(f); 291 return retval; 292 } 293 294 #ifdef CONFIG_COMPAT 295 COMPAT_SYSCALL_DEFINE3(lseek, unsigned int, fd, compat_off_t, offset, unsigned int, whence) 296 { 297 return sys_lseek(fd, offset, whence); 298 } 299 #endif 300 301 #ifdef __ARCH_WANT_SYS_LLSEEK 302 SYSCALL_DEFINE5(llseek, unsigned int, fd, unsigned long, offset_high, 303 unsigned long, offset_low, loff_t __user *, result, 304 unsigned int, whence) 305 { 306 int retval; 307 struct fd f = fdget_pos(fd); 308 loff_t offset; 309 310 if (!f.file) 311 return -EBADF; 312 313 retval = -EINVAL; 314 if (whence > SEEK_MAX) 315 goto out_putf; 316 317 offset = vfs_llseek(f.file, ((loff_t) offset_high << 32) | offset_low, 318 whence); 319 320 retval = (int)offset; 321 if (offset >= 0) { 322 retval = -EFAULT; 323 if (!copy_to_user(result, &offset, sizeof(offset))) 324 retval = 0; 325 } 326 out_putf: 327 fdput_pos(f); 328 return retval; 329 } 330 #endif 331 332 ssize_t vfs_iter_read(struct file *file, struct iov_iter *iter, loff_t *ppos) 333 { 334 struct kiocb kiocb; 335 ssize_t ret; 336 337 if (!file->f_op->read_iter) 338 return -EINVAL; 339 340 init_sync_kiocb(&kiocb, file); 341 kiocb.ki_pos = *ppos; 342 343 iter->type |= READ; 344 ret = file->f_op->read_iter(&kiocb, iter); 345 BUG_ON(ret == -EIOCBQUEUED); 346 if (ret > 0) 347 *ppos = kiocb.ki_pos; 348 return ret; 349 } 350 EXPORT_SYMBOL(vfs_iter_read); 351 352 ssize_t vfs_iter_write(struct file *file, struct iov_iter *iter, loff_t *ppos) 353 { 354 struct kiocb kiocb; 355 ssize_t ret; 356 357 if (!file->f_op->write_iter) 358 return -EINVAL; 359 360 init_sync_kiocb(&kiocb, file); 361 kiocb.ki_pos = *ppos; 362 363 iter->type |= WRITE; 364 ret = file->f_op->write_iter(&kiocb, iter); 365 BUG_ON(ret == -EIOCBQUEUED); 366 if (ret > 0) 367 *ppos = kiocb.ki_pos; 368 return ret; 369 } 370 EXPORT_SYMBOL(vfs_iter_write); 371 372 /* 373 * rw_verify_area doesn't like huge counts. We limit 374 * them to something that fits in "int" so that others 375 * won't have to do range checks all the time. 376 */ 377 int rw_verify_area(int read_write, struct file *file, const loff_t *ppos, size_t count) 378 { 379 struct inode *inode; 380 loff_t pos; 381 int retval = -EINVAL; 382 383 inode = file_inode(file); 384 if (unlikely((ssize_t) count < 0)) 385 return retval; 386 pos = *ppos; 387 if (unlikely(pos < 0)) { 388 if (!unsigned_offsets(file)) 389 return retval; 390 if (count >= -pos) /* both values are in 0..LLONG_MAX */ 391 return -EOVERFLOW; 392 } else if (unlikely((loff_t) (pos + count) < 0)) { 393 if (!unsigned_offsets(file)) 394 return retval; 395 } 396 397 if (unlikely(inode->i_flctx && mandatory_lock(inode))) { 398 retval = locks_mandatory_area( 399 read_write == READ ? FLOCK_VERIFY_READ : FLOCK_VERIFY_WRITE, 400 inode, file, pos, count); 401 if (retval < 0) 402 return retval; 403 } 404 retval = security_file_permission(file, 405 read_write == READ ? MAY_READ : MAY_WRITE); 406 if (retval) 407 return retval; 408 return count > MAX_RW_COUNT ? MAX_RW_COUNT : count; 409 } 410 411 static ssize_t new_sync_read(struct file *filp, char __user *buf, size_t len, loff_t *ppos) 412 { 413 struct iovec iov = { .iov_base = buf, .iov_len = len }; 414 struct kiocb kiocb; 415 struct iov_iter iter; 416 ssize_t ret; 417 418 init_sync_kiocb(&kiocb, filp); 419 kiocb.ki_pos = *ppos; 420 iov_iter_init(&iter, READ, &iov, 1, len); 421 422 ret = filp->f_op->read_iter(&kiocb, &iter); 423 BUG_ON(ret == -EIOCBQUEUED); 424 *ppos = kiocb.ki_pos; 425 return ret; 426 } 427 428 ssize_t __vfs_read(struct file *file, char __user *buf, size_t count, 429 loff_t *pos) 430 { 431 if (file->f_op->read) 432 return file->f_op->read(file, buf, count, pos); 433 else if (file->f_op->read_iter) 434 return new_sync_read(file, buf, count, pos); 435 else 436 return -EINVAL; 437 } 438 EXPORT_SYMBOL(__vfs_read); 439 440 ssize_t vfs_read(struct file *file, char __user *buf, size_t count, loff_t *pos) 441 { 442 ssize_t ret; 443 444 if (!(file->f_mode & FMODE_READ)) 445 return -EBADF; 446 if (!(file->f_mode & FMODE_CAN_READ)) 447 return -EINVAL; 448 if (unlikely(!access_ok(VERIFY_WRITE, buf, count))) 449 return -EFAULT; 450 451 ret = rw_verify_area(READ, file, pos, count); 452 if (ret >= 0) { 453 count = ret; 454 ret = __vfs_read(file, buf, count, pos); 455 if (ret > 0) { 456 fsnotify_access(file); 457 add_rchar(current, ret); 458 } 459 inc_syscr(current); 460 } 461 462 return ret; 463 } 464 465 EXPORT_SYMBOL(vfs_read); 466 467 static ssize_t new_sync_write(struct file *filp, const char __user *buf, size_t len, loff_t *ppos) 468 { 469 struct iovec iov = { .iov_base = (void __user *)buf, .iov_len = len }; 470 struct kiocb kiocb; 471 struct iov_iter iter; 472 ssize_t ret; 473 474 init_sync_kiocb(&kiocb, filp); 475 kiocb.ki_pos = *ppos; 476 iov_iter_init(&iter, WRITE, &iov, 1, len); 477 478 ret = filp->f_op->write_iter(&kiocb, &iter); 479 BUG_ON(ret == -EIOCBQUEUED); 480 *ppos = kiocb.ki_pos; 481 return ret; 482 } 483 484 ssize_t __vfs_write(struct file *file, const char __user *p, size_t count, 485 loff_t *pos) 486 { 487 if (file->f_op->write) 488 return file->f_op->write(file, p, count, pos); 489 else if (file->f_op->write_iter) 490 return new_sync_write(file, p, count, pos); 491 else 492 return -EINVAL; 493 } 494 EXPORT_SYMBOL(__vfs_write); 495 496 ssize_t __kernel_write(struct file *file, const char *buf, size_t count, loff_t *pos) 497 { 498 mm_segment_t old_fs; 499 const char __user *p; 500 ssize_t ret; 501 502 if (!(file->f_mode & FMODE_CAN_WRITE)) 503 return -EINVAL; 504 505 old_fs = get_fs(); 506 set_fs(get_ds()); 507 p = (__force const char __user *)buf; 508 if (count > MAX_RW_COUNT) 509 count = MAX_RW_COUNT; 510 ret = __vfs_write(file, p, count, pos); 511 set_fs(old_fs); 512 if (ret > 0) { 513 fsnotify_modify(file); 514 add_wchar(current, ret); 515 } 516 inc_syscw(current); 517 return ret; 518 } 519 520 EXPORT_SYMBOL(__kernel_write); 521 522 ssize_t vfs_write(struct file *file, const char __user *buf, size_t count, loff_t *pos) 523 { 524 ssize_t ret; 525 526 if (!(file->f_mode & FMODE_WRITE)) 527 return -EBADF; 528 if (!(file->f_mode & FMODE_CAN_WRITE)) 529 return -EINVAL; 530 if (unlikely(!access_ok(VERIFY_READ, buf, count))) 531 return -EFAULT; 532 533 ret = rw_verify_area(WRITE, file, pos, count); 534 if (ret >= 0) { 535 count = ret; 536 file_start_write(file); 537 ret = __vfs_write(file, buf, count, pos); 538 if (ret > 0) { 539 fsnotify_modify(file); 540 add_wchar(current, ret); 541 } 542 inc_syscw(current); 543 file_end_write(file); 544 } 545 546 return ret; 547 } 548 549 EXPORT_SYMBOL(vfs_write); 550 551 static inline loff_t file_pos_read(struct file *file) 552 { 553 return file->f_pos; 554 } 555 556 static inline void file_pos_write(struct file *file, loff_t pos) 557 { 558 file->f_pos = pos; 559 } 560 561 SYSCALL_DEFINE3(read, unsigned int, fd, char __user *, buf, size_t, count) 562 { 563 struct fd f = fdget_pos(fd); 564 ssize_t ret = -EBADF; 565 566 if (f.file) { 567 loff_t pos = file_pos_read(f.file); 568 ret = vfs_read(f.file, buf, count, &pos); 569 if (ret >= 0) 570 file_pos_write(f.file, pos); 571 fdput_pos(f); 572 } 573 return ret; 574 } 575 576 SYSCALL_DEFINE3(write, unsigned int, fd, const char __user *, buf, 577 size_t, count) 578 { 579 struct fd f = fdget_pos(fd); 580 ssize_t ret = -EBADF; 581 582 if (f.file) { 583 loff_t pos = file_pos_read(f.file); 584 ret = vfs_write(f.file, buf, count, &pos); 585 if (ret >= 0) 586 file_pos_write(f.file, pos); 587 fdput_pos(f); 588 } 589 590 return ret; 591 } 592 593 SYSCALL_DEFINE4(pread64, unsigned int, fd, char __user *, buf, 594 size_t, count, loff_t, pos) 595 { 596 struct fd f; 597 ssize_t ret = -EBADF; 598 599 if (pos < 0) 600 return -EINVAL; 601 602 f = fdget(fd); 603 if (f.file) { 604 ret = -ESPIPE; 605 if (f.file->f_mode & FMODE_PREAD) 606 ret = vfs_read(f.file, buf, count, &pos); 607 fdput(f); 608 } 609 610 return ret; 611 } 612 613 SYSCALL_DEFINE4(pwrite64, unsigned int, fd, const char __user *, buf, 614 size_t, count, loff_t, pos) 615 { 616 struct fd f; 617 ssize_t ret = -EBADF; 618 619 if (pos < 0) 620 return -EINVAL; 621 622 f = fdget(fd); 623 if (f.file) { 624 ret = -ESPIPE; 625 if (f.file->f_mode & FMODE_PWRITE) 626 ret = vfs_write(f.file, buf, count, &pos); 627 fdput(f); 628 } 629 630 return ret; 631 } 632 633 /* 634 * Reduce an iovec's length in-place. Return the resulting number of segments 635 */ 636 unsigned long iov_shorten(struct iovec *iov, unsigned long nr_segs, size_t to) 637 { 638 unsigned long seg = 0; 639 size_t len = 0; 640 641 while (seg < nr_segs) { 642 seg++; 643 if (len + iov->iov_len >= to) { 644 iov->iov_len = to - len; 645 break; 646 } 647 len += iov->iov_len; 648 iov++; 649 } 650 return seg; 651 } 652 EXPORT_SYMBOL(iov_shorten); 653 654 static ssize_t do_iter_readv_writev(struct file *filp, struct iov_iter *iter, 655 loff_t *ppos, iter_fn_t fn) 656 { 657 struct kiocb kiocb; 658 ssize_t ret; 659 660 init_sync_kiocb(&kiocb, filp); 661 kiocb.ki_pos = *ppos; 662 663 ret = fn(&kiocb, iter); 664 BUG_ON(ret == -EIOCBQUEUED); 665 *ppos = kiocb.ki_pos; 666 return ret; 667 } 668 669 /* Do it by hand, with file-ops */ 670 static ssize_t do_loop_readv_writev(struct file *filp, struct iov_iter *iter, 671 loff_t *ppos, io_fn_t fn) 672 { 673 ssize_t ret = 0; 674 675 while (iov_iter_count(iter)) { 676 struct iovec iovec = iov_iter_iovec(iter); 677 ssize_t nr; 678 679 nr = fn(filp, iovec.iov_base, iovec.iov_len, ppos); 680 681 if (nr < 0) { 682 if (!ret) 683 ret = nr; 684 break; 685 } 686 ret += nr; 687 if (nr != iovec.iov_len) 688 break; 689 iov_iter_advance(iter, nr); 690 } 691 692 return ret; 693 } 694 695 /* A write operation does a read from user space and vice versa */ 696 #define vrfy_dir(type) ((type) == READ ? VERIFY_WRITE : VERIFY_READ) 697 698 ssize_t rw_copy_check_uvector(int type, const struct iovec __user * uvector, 699 unsigned long nr_segs, unsigned long fast_segs, 700 struct iovec *fast_pointer, 701 struct iovec **ret_pointer) 702 { 703 unsigned long seg; 704 ssize_t ret; 705 struct iovec *iov = fast_pointer; 706 707 /* 708 * SuS says "The readv() function *may* fail if the iovcnt argument 709 * was less than or equal to 0, or greater than {IOV_MAX}. Linux has 710 * traditionally returned zero for zero segments, so... 711 */ 712 if (nr_segs == 0) { 713 ret = 0; 714 goto out; 715 } 716 717 /* 718 * First get the "struct iovec" from user memory and 719 * verify all the pointers 720 */ 721 if (nr_segs > UIO_MAXIOV) { 722 ret = -EINVAL; 723 goto out; 724 } 725 if (nr_segs > fast_segs) { 726 iov = kmalloc(nr_segs*sizeof(struct iovec), GFP_KERNEL); 727 if (iov == NULL) { 728 ret = -ENOMEM; 729 goto out; 730 } 731 } 732 if (copy_from_user(iov, uvector, nr_segs*sizeof(*uvector))) { 733 ret = -EFAULT; 734 goto out; 735 } 736 737 /* 738 * According to the Single Unix Specification we should return EINVAL 739 * if an element length is < 0 when cast to ssize_t or if the 740 * total length would overflow the ssize_t return value of the 741 * system call. 742 * 743 * Linux caps all read/write calls to MAX_RW_COUNT, and avoids the 744 * overflow case. 745 */ 746 ret = 0; 747 for (seg = 0; seg < nr_segs; seg++) { 748 void __user *buf = iov[seg].iov_base; 749 ssize_t len = (ssize_t)iov[seg].iov_len; 750 751 /* see if we we're about to use an invalid len or if 752 * it's about to overflow ssize_t */ 753 if (len < 0) { 754 ret = -EINVAL; 755 goto out; 756 } 757 if (type >= 0 758 && unlikely(!access_ok(vrfy_dir(type), buf, len))) { 759 ret = -EFAULT; 760 goto out; 761 } 762 if (len > MAX_RW_COUNT - ret) { 763 len = MAX_RW_COUNT - ret; 764 iov[seg].iov_len = len; 765 } 766 ret += len; 767 } 768 out: 769 *ret_pointer = iov; 770 return ret; 771 } 772 773 static ssize_t do_readv_writev(int type, struct file *file, 774 const struct iovec __user * uvector, 775 unsigned long nr_segs, loff_t *pos) 776 { 777 size_t tot_len; 778 struct iovec iovstack[UIO_FASTIOV]; 779 struct iovec *iov = iovstack; 780 struct iov_iter iter; 781 ssize_t ret; 782 io_fn_t fn; 783 iter_fn_t iter_fn; 784 785 ret = import_iovec(type, uvector, nr_segs, 786 ARRAY_SIZE(iovstack), &iov, &iter); 787 if (ret < 0) 788 return ret; 789 790 tot_len = iov_iter_count(&iter); 791 if (!tot_len) 792 goto out; 793 ret = rw_verify_area(type, file, pos, tot_len); 794 if (ret < 0) 795 goto out; 796 797 if (type == READ) { 798 fn = file->f_op->read; 799 iter_fn = file->f_op->read_iter; 800 } else { 801 fn = (io_fn_t)file->f_op->write; 802 iter_fn = file->f_op->write_iter; 803 file_start_write(file); 804 } 805 806 if (iter_fn) 807 ret = do_iter_readv_writev(file, &iter, pos, iter_fn); 808 else 809 ret = do_loop_readv_writev(file, &iter, pos, fn); 810 811 if (type != READ) 812 file_end_write(file); 813 814 out: 815 kfree(iov); 816 if ((ret + (type == READ)) > 0) { 817 if (type == READ) 818 fsnotify_access(file); 819 else 820 fsnotify_modify(file); 821 } 822 return ret; 823 } 824 825 ssize_t vfs_readv(struct file *file, const struct iovec __user *vec, 826 unsigned long vlen, loff_t *pos) 827 { 828 if (!(file->f_mode & FMODE_READ)) 829 return -EBADF; 830 if (!(file->f_mode & FMODE_CAN_READ)) 831 return -EINVAL; 832 833 return do_readv_writev(READ, file, vec, vlen, pos); 834 } 835 836 EXPORT_SYMBOL(vfs_readv); 837 838 ssize_t vfs_writev(struct file *file, const struct iovec __user *vec, 839 unsigned long vlen, loff_t *pos) 840 { 841 if (!(file->f_mode & FMODE_WRITE)) 842 return -EBADF; 843 if (!(file->f_mode & FMODE_CAN_WRITE)) 844 return -EINVAL; 845 846 return do_readv_writev(WRITE, file, vec, vlen, pos); 847 } 848 849 EXPORT_SYMBOL(vfs_writev); 850 851 SYSCALL_DEFINE3(readv, unsigned long, fd, const struct iovec __user *, vec, 852 unsigned long, vlen) 853 { 854 struct fd f = fdget_pos(fd); 855 ssize_t ret = -EBADF; 856 857 if (f.file) { 858 loff_t pos = file_pos_read(f.file); 859 ret = vfs_readv(f.file, vec, vlen, &pos); 860 if (ret >= 0) 861 file_pos_write(f.file, pos); 862 fdput_pos(f); 863 } 864 865 if (ret > 0) 866 add_rchar(current, ret); 867 inc_syscr(current); 868 return ret; 869 } 870 871 SYSCALL_DEFINE3(writev, unsigned long, fd, const struct iovec __user *, vec, 872 unsigned long, vlen) 873 { 874 struct fd f = fdget_pos(fd); 875 ssize_t ret = -EBADF; 876 877 if (f.file) { 878 loff_t pos = file_pos_read(f.file); 879 ret = vfs_writev(f.file, vec, vlen, &pos); 880 if (ret >= 0) 881 file_pos_write(f.file, pos); 882 fdput_pos(f); 883 } 884 885 if (ret > 0) 886 add_wchar(current, ret); 887 inc_syscw(current); 888 return ret; 889 } 890 891 static inline loff_t pos_from_hilo(unsigned long high, unsigned long low) 892 { 893 #define HALF_LONG_BITS (BITS_PER_LONG / 2) 894 return (((loff_t)high << HALF_LONG_BITS) << HALF_LONG_BITS) | low; 895 } 896 897 SYSCALL_DEFINE5(preadv, unsigned long, fd, const struct iovec __user *, vec, 898 unsigned long, vlen, unsigned long, pos_l, unsigned long, pos_h) 899 { 900 loff_t pos = pos_from_hilo(pos_h, pos_l); 901 struct fd f; 902 ssize_t ret = -EBADF; 903 904 if (pos < 0) 905 return -EINVAL; 906 907 f = fdget(fd); 908 if (f.file) { 909 ret = -ESPIPE; 910 if (f.file->f_mode & FMODE_PREAD) 911 ret = vfs_readv(f.file, vec, vlen, &pos); 912 fdput(f); 913 } 914 915 if (ret > 0) 916 add_rchar(current, ret); 917 inc_syscr(current); 918 return ret; 919 } 920 921 SYSCALL_DEFINE5(pwritev, unsigned long, fd, const struct iovec __user *, vec, 922 unsigned long, vlen, unsigned long, pos_l, unsigned long, pos_h) 923 { 924 loff_t pos = pos_from_hilo(pos_h, pos_l); 925 struct fd f; 926 ssize_t ret = -EBADF; 927 928 if (pos < 0) 929 return -EINVAL; 930 931 f = fdget(fd); 932 if (f.file) { 933 ret = -ESPIPE; 934 if (f.file->f_mode & FMODE_PWRITE) 935 ret = vfs_writev(f.file, vec, vlen, &pos); 936 fdput(f); 937 } 938 939 if (ret > 0) 940 add_wchar(current, ret); 941 inc_syscw(current); 942 return ret; 943 } 944 945 #ifdef CONFIG_COMPAT 946 947 static ssize_t compat_do_readv_writev(int type, struct file *file, 948 const struct compat_iovec __user *uvector, 949 unsigned long nr_segs, loff_t *pos) 950 { 951 compat_ssize_t tot_len; 952 struct iovec iovstack[UIO_FASTIOV]; 953 struct iovec *iov = iovstack; 954 struct iov_iter iter; 955 ssize_t ret; 956 io_fn_t fn; 957 iter_fn_t iter_fn; 958 959 ret = compat_import_iovec(type, uvector, nr_segs, 960 UIO_FASTIOV, &iov, &iter); 961 if (ret < 0) 962 return ret; 963 964 tot_len = iov_iter_count(&iter); 965 if (!tot_len) 966 goto out; 967 ret = rw_verify_area(type, file, pos, tot_len); 968 if (ret < 0) 969 goto out; 970 971 if (type == READ) { 972 fn = file->f_op->read; 973 iter_fn = file->f_op->read_iter; 974 } else { 975 fn = (io_fn_t)file->f_op->write; 976 iter_fn = file->f_op->write_iter; 977 file_start_write(file); 978 } 979 980 if (iter_fn) 981 ret = do_iter_readv_writev(file, &iter, pos, iter_fn); 982 else 983 ret = do_loop_readv_writev(file, &iter, pos, fn); 984 985 if (type != READ) 986 file_end_write(file); 987 988 out: 989 kfree(iov); 990 if ((ret + (type == READ)) > 0) { 991 if (type == READ) 992 fsnotify_access(file); 993 else 994 fsnotify_modify(file); 995 } 996 return ret; 997 } 998 999 static size_t compat_readv(struct file *file, 1000 const struct compat_iovec __user *vec, 1001 unsigned long vlen, loff_t *pos) 1002 { 1003 ssize_t ret = -EBADF; 1004 1005 if (!(file->f_mode & FMODE_READ)) 1006 goto out; 1007 1008 ret = -EINVAL; 1009 if (!(file->f_mode & FMODE_CAN_READ)) 1010 goto out; 1011 1012 ret = compat_do_readv_writev(READ, file, vec, vlen, pos); 1013 1014 out: 1015 if (ret > 0) 1016 add_rchar(current, ret); 1017 inc_syscr(current); 1018 return ret; 1019 } 1020 1021 COMPAT_SYSCALL_DEFINE3(readv, compat_ulong_t, fd, 1022 const struct compat_iovec __user *,vec, 1023 compat_ulong_t, vlen) 1024 { 1025 struct fd f = fdget_pos(fd); 1026 ssize_t ret; 1027 loff_t pos; 1028 1029 if (!f.file) 1030 return -EBADF; 1031 pos = f.file->f_pos; 1032 ret = compat_readv(f.file, vec, vlen, &pos); 1033 if (ret >= 0) 1034 f.file->f_pos = pos; 1035 fdput_pos(f); 1036 return ret; 1037 } 1038 1039 static long __compat_sys_preadv64(unsigned long fd, 1040 const struct compat_iovec __user *vec, 1041 unsigned long vlen, loff_t pos) 1042 { 1043 struct fd f; 1044 ssize_t ret; 1045 1046 if (pos < 0) 1047 return -EINVAL; 1048 f = fdget(fd); 1049 if (!f.file) 1050 return -EBADF; 1051 ret = -ESPIPE; 1052 if (f.file->f_mode & FMODE_PREAD) 1053 ret = compat_readv(f.file, vec, vlen, &pos); 1054 fdput(f); 1055 return ret; 1056 } 1057 1058 #ifdef __ARCH_WANT_COMPAT_SYS_PREADV64 1059 COMPAT_SYSCALL_DEFINE4(preadv64, unsigned long, fd, 1060 const struct compat_iovec __user *,vec, 1061 unsigned long, vlen, loff_t, pos) 1062 { 1063 return __compat_sys_preadv64(fd, vec, vlen, pos); 1064 } 1065 #endif 1066 1067 COMPAT_SYSCALL_DEFINE5(preadv, compat_ulong_t, fd, 1068 const struct compat_iovec __user *,vec, 1069 compat_ulong_t, vlen, u32, pos_low, u32, pos_high) 1070 { 1071 loff_t pos = ((loff_t)pos_high << 32) | pos_low; 1072 1073 return __compat_sys_preadv64(fd, vec, vlen, pos); 1074 } 1075 1076 static size_t compat_writev(struct file *file, 1077 const struct compat_iovec __user *vec, 1078 unsigned long vlen, loff_t *pos) 1079 { 1080 ssize_t ret = -EBADF; 1081 1082 if (!(file->f_mode & FMODE_WRITE)) 1083 goto out; 1084 1085 ret = -EINVAL; 1086 if (!(file->f_mode & FMODE_CAN_WRITE)) 1087 goto out; 1088 1089 ret = compat_do_readv_writev(WRITE, file, vec, vlen, pos); 1090 1091 out: 1092 if (ret > 0) 1093 add_wchar(current, ret); 1094 inc_syscw(current); 1095 return ret; 1096 } 1097 1098 COMPAT_SYSCALL_DEFINE3(writev, compat_ulong_t, fd, 1099 const struct compat_iovec __user *, vec, 1100 compat_ulong_t, vlen) 1101 { 1102 struct fd f = fdget_pos(fd); 1103 ssize_t ret; 1104 loff_t pos; 1105 1106 if (!f.file) 1107 return -EBADF; 1108 pos = f.file->f_pos; 1109 ret = compat_writev(f.file, vec, vlen, &pos); 1110 if (ret >= 0) 1111 f.file->f_pos = pos; 1112 fdput_pos(f); 1113 return ret; 1114 } 1115 1116 static long __compat_sys_pwritev64(unsigned long fd, 1117 const struct compat_iovec __user *vec, 1118 unsigned long vlen, loff_t pos) 1119 { 1120 struct fd f; 1121 ssize_t ret; 1122 1123 if (pos < 0) 1124 return -EINVAL; 1125 f = fdget(fd); 1126 if (!f.file) 1127 return -EBADF; 1128 ret = -ESPIPE; 1129 if (f.file->f_mode & FMODE_PWRITE) 1130 ret = compat_writev(f.file, vec, vlen, &pos); 1131 fdput(f); 1132 return ret; 1133 } 1134 1135 #ifdef __ARCH_WANT_COMPAT_SYS_PWRITEV64 1136 COMPAT_SYSCALL_DEFINE4(pwritev64, unsigned long, fd, 1137 const struct compat_iovec __user *,vec, 1138 unsigned long, vlen, loff_t, pos) 1139 { 1140 return __compat_sys_pwritev64(fd, vec, vlen, pos); 1141 } 1142 #endif 1143 1144 COMPAT_SYSCALL_DEFINE5(pwritev, compat_ulong_t, fd, 1145 const struct compat_iovec __user *,vec, 1146 compat_ulong_t, vlen, u32, pos_low, u32, pos_high) 1147 { 1148 loff_t pos = ((loff_t)pos_high << 32) | pos_low; 1149 1150 return __compat_sys_pwritev64(fd, vec, vlen, pos); 1151 } 1152 #endif 1153 1154 static ssize_t do_sendfile(int out_fd, int in_fd, loff_t *ppos, 1155 size_t count, loff_t max) 1156 { 1157 struct fd in, out; 1158 struct inode *in_inode, *out_inode; 1159 loff_t pos; 1160 loff_t out_pos; 1161 ssize_t retval; 1162 int fl; 1163 1164 /* 1165 * Get input file, and verify that it is ok.. 1166 */ 1167 retval = -EBADF; 1168 in = fdget(in_fd); 1169 if (!in.file) 1170 goto out; 1171 if (!(in.file->f_mode & FMODE_READ)) 1172 goto fput_in; 1173 retval = -ESPIPE; 1174 if (!ppos) { 1175 pos = in.file->f_pos; 1176 } else { 1177 pos = *ppos; 1178 if (!(in.file->f_mode & FMODE_PREAD)) 1179 goto fput_in; 1180 } 1181 retval = rw_verify_area(READ, in.file, &pos, count); 1182 if (retval < 0) 1183 goto fput_in; 1184 count = retval; 1185 1186 /* 1187 * Get output file, and verify that it is ok.. 1188 */ 1189 retval = -EBADF; 1190 out = fdget(out_fd); 1191 if (!out.file) 1192 goto fput_in; 1193 if (!(out.file->f_mode & FMODE_WRITE)) 1194 goto fput_out; 1195 retval = -EINVAL; 1196 in_inode = file_inode(in.file); 1197 out_inode = file_inode(out.file); 1198 out_pos = out.file->f_pos; 1199 retval = rw_verify_area(WRITE, out.file, &out_pos, count); 1200 if (retval < 0) 1201 goto fput_out; 1202 count = retval; 1203 1204 if (!max) 1205 max = min(in_inode->i_sb->s_maxbytes, out_inode->i_sb->s_maxbytes); 1206 1207 if (unlikely(pos + count > max)) { 1208 retval = -EOVERFLOW; 1209 if (pos >= max) 1210 goto fput_out; 1211 count = max - pos; 1212 } 1213 1214 fl = 0; 1215 #if 0 1216 /* 1217 * We need to debate whether we can enable this or not. The 1218 * man page documents EAGAIN return for the output at least, 1219 * and the application is arguably buggy if it doesn't expect 1220 * EAGAIN on a non-blocking file descriptor. 1221 */ 1222 if (in.file->f_flags & O_NONBLOCK) 1223 fl = SPLICE_F_NONBLOCK; 1224 #endif 1225 file_start_write(out.file); 1226 retval = do_splice_direct(in.file, &pos, out.file, &out_pos, count, fl); 1227 file_end_write(out.file); 1228 1229 if (retval > 0) { 1230 add_rchar(current, retval); 1231 add_wchar(current, retval); 1232 fsnotify_access(in.file); 1233 fsnotify_modify(out.file); 1234 out.file->f_pos = out_pos; 1235 if (ppos) 1236 *ppos = pos; 1237 else 1238 in.file->f_pos = pos; 1239 } 1240 1241 inc_syscr(current); 1242 inc_syscw(current); 1243 if (pos > max) 1244 retval = -EOVERFLOW; 1245 1246 fput_out: 1247 fdput(out); 1248 fput_in: 1249 fdput(in); 1250 out: 1251 return retval; 1252 } 1253 1254 SYSCALL_DEFINE4(sendfile, int, out_fd, int, in_fd, off_t __user *, offset, size_t, count) 1255 { 1256 loff_t pos; 1257 off_t off; 1258 ssize_t ret; 1259 1260 if (offset) { 1261 if (unlikely(get_user(off, offset))) 1262 return -EFAULT; 1263 pos = off; 1264 ret = do_sendfile(out_fd, in_fd, &pos, count, MAX_NON_LFS); 1265 if (unlikely(put_user(pos, offset))) 1266 return -EFAULT; 1267 return ret; 1268 } 1269 1270 return do_sendfile(out_fd, in_fd, NULL, count, 0); 1271 } 1272 1273 SYSCALL_DEFINE4(sendfile64, int, out_fd, int, in_fd, loff_t __user *, offset, size_t, count) 1274 { 1275 loff_t pos; 1276 ssize_t ret; 1277 1278 if (offset) { 1279 if (unlikely(copy_from_user(&pos, offset, sizeof(loff_t)))) 1280 return -EFAULT; 1281 ret = do_sendfile(out_fd, in_fd, &pos, count, 0); 1282 if (unlikely(put_user(pos, offset))) 1283 return -EFAULT; 1284 return ret; 1285 } 1286 1287 return do_sendfile(out_fd, in_fd, NULL, count, 0); 1288 } 1289 1290 #ifdef CONFIG_COMPAT 1291 COMPAT_SYSCALL_DEFINE4(sendfile, int, out_fd, int, in_fd, 1292 compat_off_t __user *, offset, compat_size_t, count) 1293 { 1294 loff_t pos; 1295 off_t off; 1296 ssize_t ret; 1297 1298 if (offset) { 1299 if (unlikely(get_user(off, offset))) 1300 return -EFAULT; 1301 pos = off; 1302 ret = do_sendfile(out_fd, in_fd, &pos, count, MAX_NON_LFS); 1303 if (unlikely(put_user(pos, offset))) 1304 return -EFAULT; 1305 return ret; 1306 } 1307 1308 return do_sendfile(out_fd, in_fd, NULL, count, 0); 1309 } 1310 1311 COMPAT_SYSCALL_DEFINE4(sendfile64, int, out_fd, int, in_fd, 1312 compat_loff_t __user *, offset, compat_size_t, count) 1313 { 1314 loff_t pos; 1315 ssize_t ret; 1316 1317 if (offset) { 1318 if (unlikely(copy_from_user(&pos, offset, sizeof(loff_t)))) 1319 return -EFAULT; 1320 ret = do_sendfile(out_fd, in_fd, &pos, count, 0); 1321 if (unlikely(put_user(pos, offset))) 1322 return -EFAULT; 1323 return ret; 1324 } 1325 1326 return do_sendfile(out_fd, in_fd, NULL, count, 0); 1327 } 1328 #endif 1329