firefly-linux-kernel-4.4.55.git
9 years agoMerge branch 'for-linus' into for-next
Al Viro [Sun, 12 Apr 2015 02:29:51 +0000 (22:29 -0400)]
Merge branch 'for-linus' into for-next

9 years agoudf_file_write_iter: reorder and simplify
Al Viro [Tue, 7 Apr 2015 19:26:36 +0000 (15:26 -0400)]
udf_file_write_iter: reorder and simplify

it's easier to do generic_write_checks() first

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
9 years agofuse: ->direct_IO() doesn't need generic_write_checks()
Al Viro [Tue, 7 Apr 2015 19:06:19 +0000 (15:06 -0400)]
fuse: ->direct_IO() doesn't need generic_write_checks()

already done by caller.  We used to call __fuse_direct_write(), which
called generic_write_checks(); now the former got expanded, bringing
the latter to the surface.  It used to be called all along and calling
it from there had been wrong all along...

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
9 years agoext4_file_write_iter: move generic_write_checks() up
Al Viro [Tue, 7 Apr 2015 18:48:22 +0000 (14:48 -0400)]
ext4_file_write_iter: move generic_write_checks() up

simpler that way...

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
9 years agoxfs_file_aio_write_checks: switch to iocb/iov_iter
Al Viro [Tue, 7 Apr 2015 18:25:18 +0000 (14:25 -0400)]
xfs_file_aio_write_checks: switch to iocb/iov_iter

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
9 years agogeneric_write_checks(): drop isblk argument
Al Viro [Sat, 4 Apr 2015 08:05:48 +0000 (04:05 -0400)]
generic_write_checks(): drop isblk argument

all remaining callers are passing 0; some just obscure that fact.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
9 years agoblkdev_write_iter: expand generic_file_checks() call in there
Al Viro [Tue, 7 Apr 2015 15:35:14 +0000 (11:35 -0400)]
blkdev_write_iter: expand generic_file_checks() call in there

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
9 years agolift generic_write_checks() into callers of __generic_file_write_iter()
Al Viro [Tue, 7 Apr 2015 15:28:12 +0000 (11:28 -0400)]
lift generic_write_checks() into callers of __generic_file_write_iter()

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
9 years ago__generic_file_write_iter: keep ->ki_pos and return value consistent
Al Viro [Tue, 7 Apr 2015 14:22:53 +0000 (10:22 -0400)]
__generic_file_write_iter: keep ->ki_pos and return value consistent

A side effect worth noting: in O_APPEND case we set ->ki_pos early,
so if it turns out to be an error or a zero-length write, we'll
end up with ->ki_pos modified.  Safe, since all callers never
look at the ->ki_pos after the call of __generic_file_write_iter()
returning non-positive, all the way to caller of ->write_iter() and
those discard ->ki_pos when getting that.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
9 years agocifs: fold cifs_iovec_write() into the only caller
Al Viro [Tue, 7 Apr 2015 02:44:11 +0000 (22:44 -0400)]
cifs: fold cifs_iovec_write() into the only caller

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
9 years agontfs: move iov_iter_truncate() closer to generic_write_checks()
Al Viro [Sun, 5 Apr 2015 18:06:24 +0000 (14:06 -0400)]
ntfs: move iov_iter_truncate() closer to generic_write_checks()

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
9 years agonew_sync_write(): discard ->ki_pos unless the return value is positive
Al Viro [Tue, 7 Apr 2015 00:50:38 +0000 (20:50 -0400)]
new_sync_write(): discard ->ki_pos unless the return value is positive

That allows ->write_iter() instances much more convenient life wrt
iocb->ki_pos (and fixes several filesystems with borderline POSIX
violations when zero-length write succeeds and changes the current
position).

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
9 years agodirect_IO: remove rw from a_ops->direct_IO()
Omar Sandoval [Mon, 16 Mar 2015 11:33:53 +0000 (04:33 -0700)]
direct_IO: remove rw from a_ops->direct_IO()

Now that no one is using rw, remove it completely.

Signed-off-by: Omar Sandoval <osandov@osandov.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
9 years agodirect_IO: use iov_iter_rw() instead of rw everywhere
Omar Sandoval [Mon, 16 Mar 2015 11:33:52 +0000 (04:33 -0700)]
direct_IO: use iov_iter_rw() instead of rw everywhere

The rw parameter to direct_IO is redundant with iov_iter->type, and
treated slightly differently just about everywhere it's used: some users
do rw & WRITE, and others do rw == WRITE where they should be doing a
bitwise check. Simplify this with the new iov_iter_rw() helper, which
always returns either READ or WRITE.

Signed-off-by: Omar Sandoval <osandov@osandov.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
9 years agoRemove rw from dax_{do_,}io()
Omar Sandoval [Mon, 16 Mar 2015 11:33:51 +0000 (04:33 -0700)]
Remove rw from dax_{do_,}io()

And use iov_iter_rw() instead.

Signed-off-by: Omar Sandoval <osandov@osandov.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
9 years agoRemove rw from {,__,do_}blockdev_direct_IO()
Omar Sandoval [Mon, 16 Mar 2015 11:33:50 +0000 (04:33 -0700)]
Remove rw from {,__,do_}blockdev_direct_IO()

Most filesystems call through to these at some point, so we'll start
here.

Signed-off-by: Omar Sandoval <osandov@osandov.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
9 years agonew helper: iov_iter_rw()
Omar Sandoval [Tue, 17 Mar 2015 21:04:02 +0000 (14:04 -0700)]
new helper: iov_iter_rw()

Get either READ or WRITE out of iter->type.

Signed-off-by: Omar Sandoval <osandov@osandov.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
9 years ago->aio_read and ->aio_write removed
Al Viro [Sat, 4 Apr 2015 05:14:53 +0000 (01:14 -0400)]
->aio_read and ->aio_write removed

no remaining users

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
9 years agopcm: another weird API abuse
Al Viro [Sat, 4 Apr 2015 04:19:32 +0000 (00:19 -0400)]
pcm: another weird API abuse

readv() and writev() should _not_ ignore all but the first ->iov_len,
among other things.  Really weird abuse of those syscalls - it
expects a vector element per channel, with identical lengths (it
actually assumes them to be identical - no checking is done).
readv() and writev() are really bad match for that.  Unfortunately,
userland API is userland API and we can't do anything about them.

Converted to ->read_iter/->write_iter.  Please, _please_ don't do
anything of that kind when designing new interfaces.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
9 years agoinfinibad: weird APIs switched to ->write_iter()
Al Viro [Sat, 4 Apr 2015 04:11:32 +0000 (00:11 -0400)]
infinibad: weird APIs switched to ->write_iter()

Things Not To Do When Writing A Driver, part 1001st:
have writev() and write() on the same file doing completely
different things.  As in, "interpret very different sets of
commands".

We _can_ handle that, but it's a bloody bad idea.
Don't do that in new drivers.  Ever.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
9 years agokill do_sync_read/do_sync_write
Al Viro [Sat, 4 Apr 2015 02:10:20 +0000 (22:10 -0400)]
kill do_sync_read/do_sync_write

all remaining instances of aio_{read,write} (all 4 of them) have explicit
->read and ->write resp.; do_sync_read/do_sync_write is never called by
__vfs_read/__vfs_write anymore and no other users had been left.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
9 years agofuse: use iov_iter_get_pages() for non-splice path
Al Viro [Sat, 4 Apr 2015 02:06:08 +0000 (22:06 -0400)]
fuse: use iov_iter_get_pages() for non-splice path

store reference to iter instead of that to iovec

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
9 years agofuse: switch to ->read_iter/->write_iter
Al Viro [Sat, 4 Apr 2015 01:53:39 +0000 (21:53 -0400)]
fuse: switch to ->read_iter/->write_iter

we just change the calling conventions here; more work to follow.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
9 years agoswitch drivers/char/mem.c to ->read_iter/->write_iter
Al Viro [Fri, 3 Apr 2015 19:57:04 +0000 (15:57 -0400)]
switch drivers/char/mem.c to ->read_iter/->write_iter

Note that _these_ guys have ->read() and ->write() left in place - they are
eqiuvalent to what we'd get if we replaced those with NULL, but we are
talking about hot paths here.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
9 years agomake new_sync_{read,write}() static
Al Viro [Fri, 3 Apr 2015 19:41:18 +0000 (15:41 -0400)]
make new_sync_{read,write}() static

All places outside of core VFS that checked ->read and ->write for being NULL or
called the methods directly are gone now, so NULL {read,write} with non-NULL
{read,write}_iter will do the right thing in all cases.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
9 years agocoredump: accept any write method
Al Viro [Fri, 3 Apr 2015 19:23:17 +0000 (15:23 -0400)]
coredump: accept any write method

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
9 years agoswitch /dev/loop to vfs_iter_write()
Al Viro [Fri, 3 Apr 2015 19:21:59 +0000 (15:21 -0400)]
switch /dev/loop to vfs_iter_write()

all writable files that might be used as backing store for /dev/loop
already support ->write_iter()

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
9 years agoserial2002: switch to __vfs_read/__vfs_write
Al Viro [Fri, 3 Apr 2015 19:14:42 +0000 (15:14 -0400)]
serial2002: switch to __vfs_read/__vfs_write

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
9 years agoashmem: use __vfs_read()
Al Viro [Fri, 3 Apr 2015 19:09:38 +0000 (15:09 -0400)]
ashmem: use __vfs_read()

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
9 years agoexport __vfs_read()
Al Viro [Fri, 3 Apr 2015 19:09:18 +0000 (15:09 -0400)]
export __vfs_read()

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
9 years agoautofs: switch to __vfs_write()
Al Viro [Fri, 3 Apr 2015 19:07:48 +0000 (15:07 -0400)]
autofs: switch to __vfs_write()

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
9 years agonew helper: __vfs_write()
Al Viro [Fri, 3 Apr 2015 19:06:43 +0000 (15:06 -0400)]
new helper: __vfs_write()

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
9 years agoMerge branch '9p-iov_iter' into for-next
Al Viro [Sun, 12 Apr 2015 02:28:58 +0000 (22:28 -0400)]
Merge branch '9p-iov_iter' into for-next

9 years agoswitch hugetlbfs to ->read_iter()
Al Viro [Fri, 3 Apr 2015 15:31:35 +0000 (11:31 -0400)]
switch hugetlbfs to ->read_iter()

... and fix the case when the area we are asked to read crosses
a hugepage boundary

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
9 years agocoda: switch to ->read_iter/->write_iter
Al Viro [Fri, 3 Apr 2015 14:58:11 +0000 (10:58 -0400)]
coda: switch to ->read_iter/->write_iter

... and request the same from the local cache - all filesystems with
anything usable for that support those already.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
9 years agoncpfs: switch to ->read_iter/->write_iter
Al Viro [Fri, 3 Apr 2015 03:30:18 +0000 (23:30 -0400)]
ncpfs: switch to ->read_iter/->write_iter

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
9 years agonet/9p: remove (now-)unused helpers
Al Viro [Fri, 3 Apr 2015 03:11:36 +0000 (23:11 -0400)]
net/9p: remove (now-)unused helpers

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
9 years agop9_client_attach(): set fid->uid correctly
Al Viro [Fri, 3 Apr 2015 01:47:49 +0000 (21:47 -0400)]
p9_client_attach(): set fid->uid correctly

it's almost always equal to current_fsuid(), but there's an exception -
if the first writeback fid is opened by non-root *and* that happens before
root has done any lookups in /, we end up doing attach for root.  The
current code leaves the resulting FID owned by root from the server POV
and by non-root from the client one.  Unfortunately, it means that e.g.
massive dcache eviction will leave that user buggered - they'll end
up redoing walks from / *and* picking that FID every time.  As soon as
they try to create something, the things will get nasty.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
9 years ago9p: we are leaking glock.client_id in v9fs_file_getlock()
Al Viro [Thu, 2 Apr 2015 16:02:03 +0000 (12:02 -0400)]
9p: we are leaking glock.client_id in v9fs_file_getlock()

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
9 years ago9p: switch to ->read_iter/->write_iter
Al Viro [Thu, 2 Apr 2015 03:59:57 +0000 (23:59 -0400)]
9p: switch to ->read_iter/->write_iter

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
9 years ago9p: get rid of v9fs_direct_file_read()
Al Viro [Thu, 2 Apr 2015 03:49:24 +0000 (23:49 -0400)]
9p: get rid of v9fs_direct_file_read()

do it in ->direct_IO()...

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
9 years ago9p: switch p9_client_read() to passing struct iov_iter *
Al Viro [Thu, 2 Apr 2015 03:42:28 +0000 (23:42 -0400)]
9p: switch p9_client_read() to passing struct iov_iter *

... and make it loop

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
9 years ago9p: get rid of v9fs_direct_file_write()
Al Viro [Thu, 2 Apr 2015 02:32:23 +0000 (22:32 -0400)]
9p: get rid of v9fs_direct_file_write()

just handle it in ->direct_IO()

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
9 years ago9p: fold v9fs_file_write_internal() into the caller
Al Viro [Thu, 2 Apr 2015 02:04:46 +0000 (22:04 -0400)]
9p: fold v9fs_file_write_internal() into the caller

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
9 years ago9p: switch ->writepage() to direct use of p9_client_write()
Al Viro [Thu, 2 Apr 2015 01:54:42 +0000 (21:54 -0400)]
9p: switch ->writepage() to direct use of p9_client_write()

Don't mess with kmap() - just use ITER_BVEC.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
9 years ago9p: switch p9_client_write() to passing it struct iov_iter *
Al Viro [Thu, 2 Apr 2015 00:17:51 +0000 (20:17 -0400)]
9p: switch p9_client_write() to passing it struct iov_iter *

... and make it loop until it's done

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
9 years agonet/9p: switch the guts of p9_client_{read,write}() to iov_iter
Al Viro [Wed, 1 Apr 2015 23:57:53 +0000 (19:57 -0400)]
net/9p: switch the guts of p9_client_{read,write}() to iov_iter

... and have get_user_pages_fast() mapping fewer pages than requested
to generate a short read/write.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
9 years agonommu: use __vfs_read()
Al Viro [Tue, 31 Mar 2015 16:35:13 +0000 (12:35 -0400)]
nommu: use __vfs_read()

... instead of open-coding the call of ->read()

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
9 years agoacct: check FMODE_CAN_WRITE
Al Viro [Tue, 31 Mar 2015 16:30:48 +0000 (12:30 -0400)]
acct: check FMODE_CAN_WRITE

it's not calling ->write() directly anymore.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
9 years agoaio_run_iocb(): kill dead check
Al Viro [Tue, 31 Mar 2015 15:54:59 +0000 (11:54 -0400)]
aio_run_iocb(): kill dead check

We check if ->ki_pos is positive.  However, by that point we have
already done rw_verify_area(), which would have rejected such
unless the file had been one of /dev/mem, /dev/kmem and /proc/kcore.
All of which do not have vectored rw methods, so we would've bailed
out even earlier.

This check had been introduced before rw_verify_area() had been added there
- in fact, it was a subset of checks done on sync paths by rw_verify_area()
(back then the /dev/mem exception didn't exist at all).  The rest of checks
(mandatory locking, etc.) hadn't been added until later.  Unfortunately,
by the time the call of rw_verify_area() got added, the /dev/mem exception
had already appeared, so it wasn't obvious that the older explicit check
downstream had become dead code.  It *is* a dead code, though, since the few
files for which the exception applies do not have ->aio_{read,write}() or
->{read,write}_iter() and for them we won't reach that check anyway.

What's more, even if we ever introduce vectored methods for /dev/mem
and friends, they'll have to cope with negative positions anyway, since
readv(2) and writev(2) are using the same checks as read(2) and write(2) -
i.e. rw_verify_area().

Let's bury it.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
9 years agoioctx_alloc(): remove pointless check
Al Viro [Tue, 31 Mar 2015 15:43:52 +0000 (11:43 -0400)]
ioctx_alloc(): remove pointless check

Way, way back kiocb used to be picked from arrays, so ioctx_alloc()
checked for multiplication overflow when calculating the size of
such array.  By the time fs/aio.c went into the tree (in 2002) they
were already allocated one-by-one by kmem_cache_alloc(), so that
check had already become pointless.  Let's bury it...

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
9 years agolustre: kill unused members of struct vvp_thread_info
Al Viro [Tue, 31 Mar 2015 03:39:16 +0000 (23:39 -0400)]
lustre: kill unused members of struct vvp_thread_info

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
9 years agoexpand __fuse_direct_write() in both callers
Al Viro [Tue, 31 Mar 2015 02:15:58 +0000 (22:15 -0400)]
expand __fuse_direct_write() in both callers

it's actually shorter that way *and* later we'll want iocb in scope
of generic_write_check() caller.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
9 years agofuse: switch fuse_direct_io_file_operations to ->{read,write}_iter()
Al Viro [Tue, 31 Mar 2015 02:08:36 +0000 (22:08 -0400)]
fuse: switch fuse_direct_io_file_operations to ->{read,write}_iter()

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
9 years agocuse: switch to iov_iter
Al Viro [Sat, 21 Mar 2015 13:01:45 +0000 (09:01 -0400)]
cuse: switch to iov_iter

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
9 years agoMerge branch 'for-davem' into for-next
Al Viro [Sun, 12 Apr 2015 02:27:19 +0000 (22:27 -0400)]
Merge branch 'for-davem' into for-next

9 years agosg_start_req(): use import_iovec()
Al Viro [Sun, 22 Mar 2015 00:25:30 +0000 (20:25 -0400)]
sg_start_req(): use import_iovec()

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
9 years agosg_start_req(): make sure that there's not too many elements in iovec
Al Viro [Sun, 22 Mar 2015 00:08:18 +0000 (20:08 -0400)]
sg_start_req(): make sure that there's not too many elements in iovec

unfortunately, allowing an arbitrary 16bit value means a possibility of
overflow in the calculation of total number of pages in bio_map_user_iov() -
we rely on there being no more than PAGE_SIZE members of sum in the
first loop there.  If that sum wraps around, we end up allocating
too small array of pointers to pages and it's easy to overflow it in
the second loop.

X-Coverup: TINC (and there's no lumber cartel either)
Cc: stable@vger.kernel.org # way, way back
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
9 years agoblk_rq_map_user(): use import_single_range()
Al Viro [Sun, 22 Mar 2015 00:06:04 +0000 (20:06 -0400)]
blk_rq_map_user(): use import_single_range()

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
9 years agosg_io(): use import_iovec()
Al Viro [Sun, 22 Mar 2015 00:02:55 +0000 (20:02 -0400)]
sg_io(): use import_iovec()

... and don't skip access_ok() validation.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
9 years agoprocess_vm_access: switch to {compat_,}import_iovec()
Al Viro [Sat, 21 Mar 2015 18:47:11 +0000 (14:47 -0400)]
process_vm_access: switch to {compat_,}import_iovec()

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
9 years agoswitch keyctl_instantiate_key_common() to iov_iter
Al Viro [Tue, 17 Mar 2015 13:59:38 +0000 (09:59 -0400)]
switch keyctl_instantiate_key_common() to iov_iter

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
9 years agoswitch {compat_,}do_readv_writev() to {compat_,}import_iovec()
Al Viro [Sat, 21 Mar 2015 23:40:11 +0000 (19:40 -0400)]
switch {compat_,}do_readv_writev() to {compat_,}import_iovec()

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
9 years agoaio_setup_vectored_rw(): switch to {compat_,}import_iovec()
Al Viro [Sat, 21 Mar 2015 23:34:53 +0000 (19:34 -0400)]
aio_setup_vectored_rw(): switch to {compat_,}import_iovec()

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
9 years agovmsplice_to_user(): switch to import_iovec()
Al Viro [Sat, 21 Mar 2015 23:17:55 +0000 (19:17 -0400)]
vmsplice_to_user(): switch to import_iovec()

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
9 years agokill aio_setup_single_vector()
Al Viro [Sat, 21 Mar 2015 23:11:55 +0000 (19:11 -0400)]
kill aio_setup_single_vector()

identical to import_single_range()

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
9 years agoMerge branch 'iov_iter' into for-next
Al Viro [Sun, 12 Apr 2015 02:26:51 +0000 (22:26 -0400)]
Merge branch 'iov_iter' into for-next

9 years agoaio: simplify arguments of aio_setup_..._rw()
Al Viro [Sat, 21 Mar 2015 00:40:18 +0000 (20:40 -0400)]
aio: simplify arguments of aio_setup_..._rw()

We don't need req in either of those.  We don't need nr_segs in caller.
We don't really need len in caller either - iov_iter_count(&iter) will do.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
9 years agoaio: lift iov_iter_init() into aio_setup_..._rw()
Al Viro [Sat, 21 Mar 2015 00:17:32 +0000 (20:17 -0400)]
aio: lift iov_iter_init() into aio_setup_..._rw()

the only non-trivial detail is that we do it before rw_verify_area(),
so we'd better cap the length ourselves in aio_setup_single_rw()
case (for vectored case rw_copy_check_uvector() will do that for us).

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
9 years agolift iov_iter into {compat_,}do_readv_writev()
Al Viro [Sat, 21 Mar 2015 00:10:21 +0000 (20:10 -0400)]
lift iov_iter into {compat_,}do_readv_writev()

get it closer to matching {compat_,}rw_copy_check_uvector().

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
9 years agoMerge branch 'iocb' into for-next
Al Viro [Sun, 12 Apr 2015 02:24:41 +0000 (22:24 -0400)]
Merge branch 'iocb' into for-next

9 years agoNFS: fix BUG() crash in notify_change() with patch to chown_common()
Andrew Elble [Mon, 23 Feb 2015 13:51:24 +0000 (08:51 -0500)]
NFS: fix BUG() crash in notify_change() with patch to chown_common()

We have observed a BUG() crash in fs/attr.c:notify_change(). The crash
occurs during an rsync into a filesystem that is exported via NFS.

1.) fs/attr.c:notify_change() modifies the caller's version of attr.
2.) 6de0ec00ba8d ("VFS: make notify_change pass ATTR_KILL_S*ID to
    setattr operations") introduced a BUG() restriction such that "no
    function will ever call notify_change() with both ATTR_MODE and
    ATTR_KILL_S*ID set". Under some circumstances though, it will have
    assisted in setting the caller's version of attr to this very
    combination.
3.) 27ac0ffeac80 ("locks: break delegations on any attribute
    modification") introduced code to handle breaking
    delegations. This can result in notify_change() being re-called. attr
    _must_ be explicitly reset to avoid triggering the BUG() established
    in #2.
4.) The path that that triggers this is via fs/open.c:chmod_common().
    The combination of attr flags set here and in the first call to
    notify_change() along with a later failed break_deleg_wait()
    results in notify_change() being called again via retry_deleg
    without resetting attr.

Solution is to move retry_deleg in chmod_common() a bit further up to
ensure attr is completely reset.

There are other places where this seemingly could occur, such as
fs/utimes.c:utimes_common(), but the attr flags are not initially
set in such a way to trigger this.

Fixes: 27ac0ffeac80 ("locks: break delegations on any attribute modification")
Reported-by: Eric Meddaugh <etmsys@rit.edu>
Tested-by: Eric Meddaugh <etmsys@rit.edu>
Signed-off-by: Andrew Elble <aweits@rit.edu>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
9 years agodcache: return -ESTALE not -EBUSY on distributed fs race
J. Bruce Fields [Tue, 10 Feb 2015 15:55:53 +0000 (10:55 -0500)]
dcache: return -ESTALE not -EBUSY on distributed fs race

On a distributed filesystem it's possible for lookup to discover that a
directory it just found is already cached elsewhere in the directory
heirarchy.  The dcache won't let us keep the directory in both places,
so we have to move the dentry to the new location from the place we
previously had it cached.

If the parent has changed, then this requires all the same locks as we'd
need to do a cross-directory rename.  But we're already in lookup
holding one parent's i_mutex, so it's too late to acquire those locks in
the right order.

The (unreliable) solution in __d_unalias is to trylock() the required
locks and return -EBUSY if it fails.

I see no particular reason for returning -EBUSY, and -ESTALE is already
the result of some other lookup races on NFS.  I think -ESTALE is the
more helpful error return.  It also allows us to take advantage of the
logic Jeff Layton added in c6a9428401c0 "vfs: fix renameat to retry on
ESTALE errors" and ancestors, which hopefully resolves some of these
errors before they're returned to userspace.

I can reproduce these cases using NFS with:

ssh root@$client '
mount -olookupcache=pos '$server':'$export' /mnt/
mkdir /mnt/TO
mkdir /mnt/DIR
touch /mnt/DIR/test.txt
while true; do
strace -e open cat /mnt/DIR/test.txt 2>&1 | grep EBUSY
done
'
ssh root@$server '
while true; do
mv $export/DIR $export/TO/DIR
mv $export/TO/DIR $export/DIR
done
'

It also helps to add some other concurrent use of the directory on the
client (e.g., "ls /mnt/TO").  And you can replace the server-side mv's
by client-side mv's that are repeatedly killed.  (If the client is
interrupted while waiting for the RENAME response then it's left with a
dentry that has to go under one parent or the other, but it doesn't yet
know which.)

Acked-by: Jeff Layton <jlayton@primarydata.com>
Signed-off-by: J. Bruce Fields <bfields@redhat.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
9 years agoNTFS: Version 2.1.32 - Update file write from aio_write to write_iter.
Anton Altaparmakov [Wed, 11 Mar 2015 14:43:32 +0000 (10:43 -0400)]
NTFS: Version 2.1.32 - Update file write from aio_write to write_iter.

Signed-off-by: Anton Altaparmakov <anton@tuxera.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
9 years agoVFS: Add iov_iter_fault_in_multipages_readable()
Anton Altaparmakov [Wed, 11 Mar 2015 14:43:31 +0000 (10:43 -0400)]
VFS: Add iov_iter_fault_in_multipages_readable()

simillar to iov_iter_fault_in_readable() but differs in that it is
not limited to faulting in the first iovec and instead faults in
"bytes" bytes iterating over the iovecs as necessary.

Also, instead of only faulting in the first and last page of the
range, all pages are faulted in.

This function is needed by NTFS when it does multi page file
writes.

Signed-off-by: Anton Altaparmakov <anton@tuxera.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
9 years agodrop bogus check in file_open_root()
Al Viro [Mon, 9 Mar 2015 03:36:51 +0000 (23:36 -0400)]
drop bogus check in file_open_root()

For one thing, LOOKUP_DIRECTORY will be dealt with in do_last().
For another, name can be an empty string, but not NULL - no callers
pass that and it would oops immediately if they would.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
9 years agoswitch security_inode_getattr() to struct path *
Al Viro [Sun, 8 Mar 2015 23:28:30 +0000 (19:28 -0400)]
switch security_inode_getattr() to struct path *

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
9 years agoconstify tomoyo_realpath_from_path()
Al Viro [Sun, 8 Mar 2015 23:24:30 +0000 (19:24 -0400)]
constify tomoyo_realpath_from_path()

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
9 years agowhack-a-mole: there's no point doing set_fs(USER_DS) in sigframe setup
Al Viro [Mon, 23 Feb 2015 10:46:21 +0000 (05:46 -0500)]
whack-a-mole: there's no point doing set_fs(USER_DS) in sigframe setup

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
9 years agowhack-a-mole: no need to set_fs(USER_DS) in {start,flush}_thread()
Al Viro [Mon, 23 Feb 2015 08:21:31 +0000 (03:21 -0500)]
whack-a-mole: no need to set_fs(USER_DS) in {start,flush}_thread()

flush_old_exec() has already done that.  Back on 2011 a bunch of
instances like that had been kicked out, but that hadn't taken
care of then-out-of-tree architectures, obviously, and they served
as reinfection vector...

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
9 years agoremove incorrect comment in lookup_one_len()
Al Viro [Mon, 23 Feb 2015 07:49:48 +0000 (02:49 -0500)]
remove incorrect comment in lookup_one_len()

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
9 years agonamei.c: fold do_path_lookup() into both callers
Al Viro [Mon, 23 Feb 2015 07:44:36 +0000 (02:44 -0500)]
namei.c: fold do_path_lookup() into both callers

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
9 years agokill struct filename.separate
Al Viro [Mon, 23 Feb 2015 01:07:13 +0000 (20:07 -0500)]
kill struct filename.separate

just make const char iname[] the last member and compare name->name with
name->iname instead of checking name->separate

We need to make sure that out-of-line name doesn't end up allocated adjacent
to struct filename refering to it; fortunately, it's easy to achieve - just
allocate that struct filename with one byte in ->iname[], so that ->iname[0]
will be inside the same object and thus have an address different from that
of out-of-line name [spotted by Boqun Feng <boqun.feng@gmail.com>]

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
9 years agonew helper: msg_data_left()
Al Viro [Tue, 16 Dec 2014 02:39:31 +0000 (21:39 -0500)]
new helper: msg_data_left()

convert open-coded instances

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
9 years agoMerge remote-tracking branch 'dh/afs' into for-davem
Al Viro [Sat, 11 Apr 2015 19:51:09 +0000 (15:51 -0400)]
Merge remote-tracking branch 'dh/afs' into for-davem

9 years agoget rid of the size argument of sock_sendmsg()
Al Viro [Thu, 11 Dec 2014 05:02:50 +0000 (00:02 -0500)]
get rid of the size argument of sock_sendmsg()

it's equal to iov_iter_count(&msg->msg_iter) in all cases

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
9 years agoocfs2: _really_ sync the right range
Al Viro [Wed, 8 Apr 2015 21:00:32 +0000 (17:00 -0400)]
ocfs2: _really_ sync the right range

"ocfs2 syncs the wrong range" had been broken; prior to it the
code was doing the wrong thing in case of O_APPEND, all right,
but _after_ it we were syncing the wrong range in 100% cases.
*ppos, aka iocb->ki_pos is incremented prior to that point,
so we are always doing sync on the area _after_ the one we'd
written to.

Spotted by Joseph Qi <joseph.qi@huawei.com> back in January;
unfortunately, I'd missed his mail back then ;-/

Cc: stable@vger.kernel.org
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
9 years agoswitch kernel_sendmsg() and kernel_recvmsg() to iov_iter_kvec()
Al Viro [Sat, 21 Mar 2015 23:56:16 +0000 (19:56 -0400)]
switch kernel_sendmsg() and kernel_recvmsg() to iov_iter_kvec()

For kernel_sendmsg() that eliminates the need to play with setfs();
for kernel_recvmsg() it does *not* - a couple of callers are using
it with non-NULL ->msg_control, which would be treated as userland
address on recvmsg side of things.

In all cases we are really setting a kvec-backed iov_iter, though.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
9 years agonet: switch importing msghdr from userland to {compat_,}import_iovec()
Al Viro [Sat, 21 Mar 2015 23:29:06 +0000 (19:29 -0400)]
net: switch importing msghdr from userland to {compat_,}import_iovec()

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
9 years agonet: switch sendto() and recvfrom() to import_single_range()
Al Viro [Sat, 21 Mar 2015 23:12:32 +0000 (19:12 -0400)]
net: switch sendto() and recvfrom() to import_single_range()

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
9 years agoMerge branch 'iov_iter' into for-davem
Al Viro [Thu, 9 Apr 2015 04:02:06 +0000 (00:02 -0400)]
Merge branch 'iov_iter' into for-davem

9 years agoMerge branch 'iocb' into for-davem
Al Viro [Thu, 9 Apr 2015 04:00:30 +0000 (00:00 -0400)]
Merge branch 'iocb' into for-davem

trivial conflict in net/socket.c and non-trivial one in crypto -
that one had evaded aio_complete() removal.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
9 years agoocfs2_file_write_iter: keep return value and current position update in sync
Al Viro [Wed, 8 Apr 2015 19:45:02 +0000 (15:45 -0400)]
ocfs2_file_write_iter: keep return value and current position update in sync

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
9 years ago[regression] ocfs2: do *not* increment ->ki_pos twice
Al Viro [Wed, 8 Apr 2015 19:41:17 +0000 (15:41 -0400)]
[regression] ocfs2: do *not* increment ->ki_pos twice

generic_file_direct_write() already does that.  Broken by
"ocfs2: do not fallback to buffer I/O write if appending"

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
9 years agoMerge branch 'for-upstream' of git://git.kernel.org/pub/scm/linux/kernel/git/bluetoot...
David S. Miller [Tue, 7 Apr 2015 15:47:52 +0000 (11:47 -0400)]
Merge branch 'for-upstream' of git://git./linux/kernel/git/bluetooth/bluetooth-next

Johan Hedberg says:

====================
pull request: bluetooth-next 2015-04-04

Here's what's probably the last bluetooth-next pull request for 4.1:

 - Fixes for LE advertising data & advertising parameters
 - Fix for race condition with HCI_RESET flag
 - New BNEPGETSUPPFEAT ioctl, needed for certification
 - New HCI request callback type to get the resulting skb
 - Cleanups to use BIT() macro wherever possible
 - Consolidate Broadcom device entries in the btusb HCI driver
 - Check for valid flags in CMTP, HIDP & BNEP
 - Disallow local privacy & OOB data combo to prevent a potential race
 - Expose SMP & ECDH selftest results through debugfs
 - Expose current Device ID info through debugfs

Please let me know if there are any issues pulling. Thanks.
====================

Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agoMerge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
David S. Miller [Tue, 7 Apr 2015 01:52:19 +0000 (21:52 -0400)]
Merge git://git./linux/kernel/git/davem/net

Conflicts:
drivers/net/ethernet/mellanox/mlx4/cmd.c
net/core/fib_rules.c
net/ipv4/fib_frontend.c

The fib_rules.c and fib_frontend.c conflicts were locking adjustments
in 'net' overlapping addition and removal of code in 'net-next'.

The mlx4 conflict was a bug fix in 'net' happening in the same
place a constant was being replaced with a more suitable macro.

Signed-off-by: David S. Miller <davem@davemloft.net>
9 years agoLinux 4.0-rc7
Linus Torvalds [Mon, 6 Apr 2015 22:39:45 +0000 (15:39 -0700)]
Linux 4.0-rc7

9 years agoMerge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
Linus Torvalds [Mon, 6 Apr 2015 22:19:59 +0000 (15:19 -0700)]
Merge git://git./linux/kernel/git/davem/net

Pull networking fixes from David Miller:

 1) In TCP, don't register an FRTO for cumulatively ACK'd data that was
    previously SACK'd, from Neal Cardwell.

 2) Need to hold RNL mutex in ipv4 multicast code namespace cleanup,
    from Cong WANG.

 3) Similarly we have to hold RNL mutex for fib_rules_unregister(), also
    from Cong WANG.

 4) Revert and rework netns nsid allocation fix, from Nicolas Dichtel.

 5) When we encapsulate for a tunnel device, skb->sk still points to the
    user socket.  So this leads to cases where we retraverse the
    ipv4/ipv6 output path with skb->sk being of some other address
    family (f.e. AF_PACKET).  This can cause things to crash since the
    ipv4 output path is dereferencing an AF_PACKET socket as if it were
    an ipv4 one.

    The short term fix for 'net' and -stable is to elide these socket
    checks once we've entered an encapsulation sequence by testing
    xmit_recursion.

    Longer term we have a better solution wherein we pass the tunnel's
    socket down through the output paths, but that is way too invasive
    for 'net' and -stable.

    From Hannes Frederic Sowa.

 6) l2tp_init() failure path forgets to unregister per-net ops, from
    Cong WANG.

* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net:
  net/mlx4_core: Fix error message deprecation for ConnectX-2 cards
  net: dsa: fix filling routing table from OF description
  l2tp: unregister l2tp_net_ops on failure path
  mvneta: dont call mvneta_adjust_link() manually
  ipv6: protect skb->sk accesses from recursive dereference inside the stack
  netns: don't allocate an id for dead netns
  Revert "netns: don't clear nsid too early on removal"
  ip6mr: call del_timer_sync() in ip6mr_free_table()
  net: move fib_rules_unregister() under rtnl lock
  ipv4: take rtnl_lock and mark mrt table as freed on namespace cleanup
  tcp: fix FRTO undo on cumulative ACK of SACKed range
  xen-netfront: transmit fully GSO-sized packets

9 years agoioctx_alloc(): fix vma (and file) leak on failure
Al Viro [Mon, 6 Apr 2015 21:57:44 +0000 (17:57 -0400)]
ioctx_alloc(): fix vma (and file) leak on failure

If we fail past the aio_setup_ring(), we need to destroy the
mapping.  We don't need to care about anybody having found ctx,
or added requests to it, since the last failure exit is exactly
the failure to make ctx visible to lookups.

Reproducer (based on one by Joe Mario <jmario@redhat.com>):

void count(char *p)
{
char s[80];
printf("%s: ", p);
fflush(stdout);
sprintf(s, "/bin/cat /proc/%d/maps|/bin/fgrep -c '/[aio] (deleted)'", getpid());
system(s);
}

int main()
{
io_context_t *ctx;
int created, limit, i, destroyed;
FILE *f;

count("before");
if ((f = fopen("/proc/sys/fs/aio-max-nr", "r")) == NULL)
perror("opening aio-max-nr");
else if (fscanf(f, "%d", &limit) != 1)
fprintf(stderr, "can't parse aio-max-nr\n");
else if ((ctx = calloc(limit, sizeof(io_context_t))) == NULL)
perror("allocating aio_context_t array");
else {
for (i = 0, created = 0; i < limit; i++) {
if (io_setup(1000, ctx + created) == 0)
created++;
}
for (i = 0, destroyed = 0; i < created; i++)
if (io_destroy(ctx[i]) == 0)
destroyed++;
printf("created %d, failed %d, destroyed %d\n",
created, limit - created, destroyed);
count("after");
}
}

Found-by: Joe Mario <jmario@redhat.com>
Cc: stable@vger.kernel.org
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
9 years agofix mremap() vs. ioctx_kill() race
Al Viro [Mon, 6 Apr 2015 21:48:54 +0000 (17:48 -0400)]
fix mremap() vs. ioctx_kill() race

teach ->mremap() method to return an error and have it fail for
aio mappings in process of being killed

Note that in case of ->mremap() failure we need to undo move_page_tables()
we'd already done; we could call ->mremap() first, but then the failure of
move_page_tables() would require undoing whatever _successful_ ->mremap()
has done, which would be a lot more headache in general.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>