aio: rewrite aio_thread_op_foo_at to avoid 64-bit get_user

Message ID	1458077950-500866-1-git-send-email-arnd@arndb.de
State	New
Headers	show Delivered-To: patch@linaro.org Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; From: Arnd Bergmann <arnd@arndb.de> To: Benjamin LaHaise <bcrl@kvack.org> Cc: Arnd Bergmann <arnd@arndb.de>, Alexander Viro <viro@zeniv.linux.org.uk>, linux-fsdevel@vger.kernel.org, linux-aio@kvack.org, linux-kernel@vger.kernel.org Subject: [PATCH] aio: rewrite aio_thread_op_foo_at to avoid 64-bit get_user Date: Tue, 15 Mar 2016 22:38:51 +0100 Message-Id: <1458077950-500866-1-git-send-email-arnd@arndb.de> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk

Message ID

1458077950-500866-1-git-send-email-arnd@arndb.de

State

New

Headers

Received-SPF: pass (google.com: best guess record for domain of
	linux-kernel-owner@vger.kernel.org designates 209.132.180.67
	as permitted sender) client-ip=209.132.180.67; 
From: Arnd Bergmann <arnd@arndb.de>
To: Benjamin LaHaise <bcrl@kvack.org>
Cc: Arnd Bergmann <arnd@arndb.de>, Alexander Viro <viro@zeniv.linux.org.uk>,
	linux-fsdevel@vger.kernel.org, linux-aio@kvack.org,
	linux-kernel@vger.kernel.org
Subject: [PATCH] aio: rewrite aio_thread_op_foo_at to avoid 64-bit get_user
Date: Tue, 15 Mar 2016 22:38:51 +0100
Message-Id: <1458077950-500866-1-git-send-email-arnd@arndb.de>
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk

Commit Message

Arnd Bergmann March 15, 2016, 9:38 p.m. UTC

Most architectures cannot access 64-bit integers using get_user
or __get_user, so we get a build error in the new aio_thread_op_foo_at
function:

fs/built-in.o: In function `aio_thread_op_foo_at':
aio.c:(.text+0x252de): undefined reference to `__get_user_bad'
aio.c:(.text+0x252e4): undefined reference to `__get_user_bad'

This replaces the function with a different implementation using
copy_from_user() on the iocb, to avoid the problem. As there are
already three calls to get_user() in the function, this likely
ends up being more efficient in particular on architectures that
have strong memory protection between kernel and user space
and now only need to switch access modes once.

I've also tried to make the function more readable overall,
with local variable names matching the callback function
arguments in both type and name, rather than matching what
we get from user space.

Signed-off-by: Arnd Bergmann <arnd@arndb.de>

Fixes: d2f7a973e11e ("aio: don't use __get_user() for 64 bit values")
---
 fs/aio.c | 32 +++++++++++++++-----------------
 1 file changed, 15 insertions(+), 17 deletions(-)

-- 
2.7.0

diff --git a/fs/aio.c b/fs/aio.c
index 72a7e8a2f67e..1748fb97d991 100644
--- a/fs/aio.c
+++ b/fs/aio.c
@@ -1777,25 +1777,23 @@  static long aio_do_unlinkat(int fd, const char *filename, int flags, int mode)
 
 static long aio_thread_op_foo_at(struct aio_kiocb *req)
 {
-	u64 buf, offset;
-	long ret;
-	u32 fd;
+	struct iocb iocb;
+	int fd;
+	const char __user *filename;
+	int flags, mode;
+	do_foo_at_t do_foo_at;
 
-	if (unlikely(get_user(fd, &req->ki_user_iocb->aio_fildes)))
-		ret = -EFAULT;
-	else if (unlikely(get_user(buf, &req->ki_user_iocb->aio_buf)))
-		ret = -EFAULT;
-	else if (unlikely(get_user(offset, &req->ki_user_iocb->aio_offset)))
-		ret = -EFAULT;
-	else {
-		do_foo_at_t do_foo_at = (void *)req->ki_data;
+	if (copy_from_user(&iocb, req->ki_user_iocb, sizeof(struct iocb)))
+		return -EFAULT;
 
-		ret = do_foo_at((s32)fd,
-				(const char __user *)(long)buf,
-				(int)offset,
-				(unsigned short)(offset >> 32));
-	}
-	return ret;
+	fd = (s32)iocb.aio_fildes;
+	filename = (const char __user *)(uintptr_t)iocb.aio_buf;
+	flags = (int)lower_32_bits(iocb.aio_offset);
+	mode = (unsigned short)upper_32_bits(iocb.aio_offset);
+
+	do_foo_at = (void *)req->ki_data;
+
+	return do_foo_at(fd, filename, flags, mode);
 }
 
 static void openat_destruct(struct aio_kiocb *req)

aio: rewrite aio_thread_op_foo_at to avoid 64-bit get_user

Commit Message

Patch