Commit 8409a0d2 authored by Al Viro's avatar Al Viro

sanitize iov_iter_fault_in_readable()

1) constify iov_iter argument; we are not advancing it in this primitive.

2) cap the amount requested by the amount of data in iov_iter.  All
existing callers should've been safe, but the check is really cheap and
doing it here makes for easier analysis, as well as more consistent
semantics among the primitives.

3) don't bother with iterate_iovec().  Explicit loop is not any harder
to follow, and we get rid of standalone iterate_iovec() users - it's
only used by iterate_and_advance() and (soon to be gone) iterate_all_kinds().
Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
parent 185ac4d4
...@@ -119,7 +119,7 @@ size_t iov_iter_copy_from_user_atomic(struct page *page, ...@@ -119,7 +119,7 @@ size_t iov_iter_copy_from_user_atomic(struct page *page,
struct iov_iter *i, unsigned long offset, size_t bytes); struct iov_iter *i, unsigned long offset, size_t bytes);
void iov_iter_advance(struct iov_iter *i, size_t bytes); void iov_iter_advance(struct iov_iter *i, size_t bytes);
void iov_iter_revert(struct iov_iter *i, size_t bytes); void iov_iter_revert(struct iov_iter *i, size_t bytes);
int iov_iter_fault_in_readable(struct iov_iter *i, size_t bytes); int iov_iter_fault_in_readable(const struct iov_iter *i, size_t bytes);
size_t iov_iter_single_seg_count(const struct iov_iter *i); size_t iov_iter_single_seg_count(const struct iov_iter *i);
size_t copy_page_to_iter(struct page *page, size_t offset, size_t bytes, size_t copy_page_to_iter(struct page *page, size_t offset, size_t bytes,
struct iov_iter *i); struct iov_iter *i);
......
...@@ -466,19 +466,25 @@ static size_t copy_page_to_iter_pipe(struct page *page, size_t offset, size_t by ...@@ -466,19 +466,25 @@ static size_t copy_page_to_iter_pipe(struct page *page, size_t offset, size_t by
* Return 0 on success, or non-zero if the memory could not be accessed (i.e. * Return 0 on success, or non-zero if the memory could not be accessed (i.e.
* because it is an invalid address). * because it is an invalid address).
*/ */
int iov_iter_fault_in_readable(struct iov_iter *i, size_t bytes) int iov_iter_fault_in_readable(const struct iov_iter *i, size_t bytes)
{ {
size_t skip = i->iov_offset;
const struct iovec *iov;
int err;
struct iovec v;
if (iter_is_iovec(i)) { if (iter_is_iovec(i)) {
iterate_iovec(i, bytes, v, iov, skip, ({ const struct iovec *p;
err = fault_in_pages_readable(v.iov_base, v.iov_len); size_t skip;
if (bytes > i->count)
bytes = i->count;
for (p = i->iov, skip = i->iov_offset; bytes; p++, skip = 0) {
size_t len = min(bytes, p->iov_len - skip);
int err;
if (unlikely(!len))
continue;
err = fault_in_pages_readable(p->iov_base + skip, len);
if (unlikely(err)) if (unlikely(err))
return err; return err;
0;})) bytes -= len;
}
} }
return 0; return 0;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment