From: Al Viro Date: Sat, 4 Apr 2015 04:19:32 +0000 (-0400) Subject: pcm: another weird API abuse X-Git-Tag: firefly_0821_release~176^2~1853^2~51 X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=1c65d98672e09a0cb28e1e9ae49e9d96355f522f;p=firefly-linux-kernel-4.4.55.git pcm: another weird API abuse readv() and writev() should _not_ ignore all but the first ->iov_len, among other things. Really weird abuse of those syscalls - it expects a vector element per channel, with identical lengths (it actually assumes them to be identical - no checking is done). readv() and writev() are really bad match for that. Unfortunately, userland API is userland API and we can't do anything about them. Converted to ->read_iter/->write_iter. Please, _please_ don't do anything of that kind when designing new interfaces. Signed-off-by: Al Viro --- diff --git a/sound/core/pcm_native.c b/sound/core/pcm_native.c index a69ebc79bc50..8e43610ec9b5 100644 --- a/sound/core/pcm_native.c +++ b/sound/core/pcm_native.c @@ -3033,9 +3033,7 @@ static ssize_t snd_pcm_write(struct file *file, const char __user *buf, return result; } -static ssize_t snd_pcm_aio_read(struct kiocb *iocb, const struct iovec *iov, - unsigned long nr_segs, loff_t pos) - +static ssize_t snd_pcm_readv(struct kiocb *iocb, struct iov_iter *to) { struct snd_pcm_file *pcm_file; struct snd_pcm_substream *substream; @@ -3052,16 +3050,18 @@ static ssize_t snd_pcm_aio_read(struct kiocb *iocb, const struct iovec *iov, runtime = substream->runtime; if (runtime->status->state == SNDRV_PCM_STATE_OPEN) return -EBADFD; - if (nr_segs > 1024 || nr_segs != runtime->channels) + if (!iter_is_iovec(to)) + return -EINVAL; + if (to->nr_segs > 1024 || to->nr_segs != runtime->channels) return -EINVAL; - if (!frame_aligned(runtime, iov->iov_len)) + if (!frame_aligned(runtime, to->iov->iov_len)) return -EINVAL; - frames = bytes_to_samples(runtime, iov->iov_len); - bufs = kmalloc(sizeof(void *) * nr_segs, GFP_KERNEL); + frames = bytes_to_samples(runtime, to->iov->iov_len); + bufs = kmalloc(sizeof(void *) * to->nr_segs, GFP_KERNEL); if (bufs == NULL) return -ENOMEM; - for (i = 0; i < nr_segs; ++i) - bufs[i] = iov[i].iov_base; + for (i = 0; i < to->nr_segs; ++i) + bufs[i] = to->iov[i].iov_base; result = snd_pcm_lib_readv(substream, bufs, frames); if (result > 0) result = frames_to_bytes(runtime, result); @@ -3069,8 +3069,7 @@ static ssize_t snd_pcm_aio_read(struct kiocb *iocb, const struct iovec *iov, return result; } -static ssize_t snd_pcm_aio_write(struct kiocb *iocb, const struct iovec *iov, - unsigned long nr_segs, loff_t pos) +static ssize_t snd_pcm_writev(struct kiocb *iocb, struct iov_iter *from) { struct snd_pcm_file *pcm_file; struct snd_pcm_substream *substream; @@ -3087,15 +3086,17 @@ static ssize_t snd_pcm_aio_write(struct kiocb *iocb, const struct iovec *iov, runtime = substream->runtime; if (runtime->status->state == SNDRV_PCM_STATE_OPEN) return -EBADFD; - if (nr_segs > 128 || nr_segs != runtime->channels || - !frame_aligned(runtime, iov->iov_len)) + if (!iter_is_iovec(from)) + return -EINVAL; + if (from->nr_segs > 128 || from->nr_segs != runtime->channels || + !frame_aligned(runtime, from->iov->iov_len)) return -EINVAL; - frames = bytes_to_samples(runtime, iov->iov_len); - bufs = kmalloc(sizeof(void *) * nr_segs, GFP_KERNEL); + frames = bytes_to_samples(runtime, from->iov->iov_len); + bufs = kmalloc(sizeof(void *) * from->nr_segs, GFP_KERNEL); if (bufs == NULL) return -ENOMEM; - for (i = 0; i < nr_segs; ++i) - bufs[i] = iov[i].iov_base; + for (i = 0; i < from->nr_segs; ++i) + bufs[i] = from->iov[i].iov_base; result = snd_pcm_lib_writev(substream, bufs, frames); if (result > 0) result = frames_to_bytes(runtime, result); @@ -3633,7 +3634,7 @@ const struct file_operations snd_pcm_f_ops[2] = { { .owner = THIS_MODULE, .write = snd_pcm_write, - .aio_write = snd_pcm_aio_write, + .write_iter = snd_pcm_writev, .open = snd_pcm_playback_open, .release = snd_pcm_release, .llseek = no_llseek, @@ -3647,7 +3648,7 @@ const struct file_operations snd_pcm_f_ops[2] = { { .owner = THIS_MODULE, .read = snd_pcm_read, - .aio_read = snd_pcm_aio_read, + .read_iter = snd_pcm_readv, .open = snd_pcm_capture_open, .release = snd_pcm_release, .llseek = no_llseek,