From patchwork Tue Mar 15 21:38:51 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Arnd Bergmann <arnd@arndb.de>
X-Patchwork-Id: 102567
Delivered-To: patch@linaro.org
Received: by 10.112.199.169 with SMTP id jl9csp933388lbc;
 Tue, 15 Mar 2016 14:39:21 -0700 (PDT)
X-Received: by 10.66.222.199 with SMTP id qo7mr464714pac.38.1458077961396;
 Tue, 15 Mar 2016 14:39:21 -0700 (PDT)
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
 by mx.google.com with ESMTP id n3si183937pfb.123.2016.03.15.14.39.21; 
 Tue, 15 Mar 2016 14:39:21 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of
 linux-kernel-owner@vger.kernel.org designates 209.132.180.67
 as permitted sender) client-ip=209.132.180.67; 
Authentication-Results: mx.google.com;
 spf=pass (google.com: best guess record for domain of
 linux-kernel-owner@vger.kernel.org designates 209.132.180.67
 as permitted sender)
 smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
 id S1753912AbcCOVjU (ORCPT <rfc822;pramod.gurav@linaro.org>
 + 31 others); Tue, 15 Mar 2016 17:39:20 -0400
Received: from mout.kundenserver.de ([212.227.126.130]:59505 "EHLO
 mout.kundenserver.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
 with ESMTP id S1753331AbcCOVjS (ORCPT
 <rfc822;linux-kernel@vger.kernel.org>);
 Tue, 15 Mar 2016 17:39:18 -0400
Received: from wuerfel.lan. ([78.42.132.4]) by mrelayeu.kundenserver.de
 (mreue005) with ESMTPA (Nemesis) id 0MbLW4-1aPWIH1DbY-00ImGx;
 Tue, 15 Mar 2016 22:39:13 +0100
From: Arnd Bergmann <arnd@arndb.de>
To: Benjamin LaHaise <bcrl@kvack.org>
Cc: Arnd Bergmann <arnd@arndb.de>, Alexander Viro <viro@zeniv.linux.org.uk>,
 linux-fsdevel@vger.kernel.org, linux-aio@kvack.org,
 linux-kernel@vger.kernel.org
Subject: [PATCH] aio: rewrite aio_thread_op_foo_at to avoid 64-bit get_user
Date: Tue, 15 Mar 2016 22:38:51 +0100
Message-Id: <1458077950-500866-1-git-send-email-arnd@arndb.de>
X-Mailer: git-send-email 2.7.0
X-Provags-ID: V03:K0:q6oa1yTa4RN4S5mCrsyHtgnBpxw8J+jc3l2n0OgpqvVrJTvXGEX
 u2U101tcZ+aAICWg9WdcGR7Sl9caBp+IfWrMp1lnpWmv6n0EFT0lnwZsoGxZRpRLH8RthIJ
 NlWa5QfX9PLlqvKSsaAT1luVcZ0SGe5Jw5HYFuOv4lnrJ0Gd+RJ9mU2rFWDo8+klIJ6QsNq
 WU1FINQ+bQPdTbE28DArg==
X-UI-Out-Filterresults: notjunk:1; V01:K0:L2/Atw/acAM=:jJGFSw0aXX6xCGysKk6i7e
 eyHaymOr4RjFDyAUU6zBurZZ1gtRzd69ttA6DkK+QrMjLafYkh6uHPINxEcc6SsiPsRgILPda
 lV2cJZjyoRNcf0U89jyR9dQM/5DZCCXoLPx1wx533hqrjegARKR5xHHuj3g6HppOuT28un/ri
 EDGnPGLsHhV5NtvLk+CdjZZymtRIkF5uMUQ73AMzhmhKy1GoEpnMe7uNuv/vE9NbaJZZIrpqq
 ACvPgO0bw/+zDfQwcplsA/uPxD4tG5X7oU+sjf/zVEyFHR31OLDVV7k+I/6GqCJ6aP/0ERYjl
 8P3ChiYl/Jh5svOnK5YkoHhLxXeZ904UKYA/EDZ5SYs5t2qiO/QfUsw7f3N1+/SfetAgWL71h
 gwZpKdzoG+4yN6I2fCJAZSNmv495SYwJ0+ISYjZLL0S+xKHXKc+pFQ40e1IGN5eXad/93mL1R
 aWIA5UUxFfCTXj1HTo0f6OVURQEBcpY7RYdnfgo1WtHxATQTLxdrj/x0tU6yTu22kyPcbIbAd
 2JeJvqhGSBdB+FKUXsIHztgQ3hhXxUpTsOn2IrDbxaRHPp5YRMiFw3FWNrS2k978d3VWhFEkm
 hXH7gbvUPxmBhXkEZ1oz0Pznt7r+anbR80UBVAEq/+dmOLCvYpa2AcwK3owpE8EijaKZ2Nm2V
 t/uKTIbfAcLS0H2x7xRfdLGMwdEirCvWhkrXPYDcXgoviCmTwguOMyCmrKVkHuGirrSI=
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Most architectures cannot access 64-bit integers using get_user
or __get_user, so we get a build error in the new aio_thread_op_foo_at
function:

fs/built-in.o: In function `aio_thread_op_foo_at':
aio.c:(.text+0x252de): undefined reference to `__get_user_bad'
aio.c:(.text+0x252e4): undefined reference to `__get_user_bad'

This replaces the function with a different implementation using
copy_from_user() on the iocb, to avoid the problem. As there are
already three calls to get_user() in the function, this likely
ends up being more efficient in particular on architectures that
have strong memory protection between kernel and user space
and now only need to switch access modes once.

I've also tried to make the function more readable overall,
with local variable names matching the callback function
arguments in both type and name, rather than matching what
we get from user space.

Signed-off-by: Arnd Bergmann <arnd@arndb.de>
Fixes: d2f7a973e11e ("aio: don't use __get_user() for 64 bit values")
---
 fs/aio.c | 32 +++++++++++++++-----------------
 1 file changed, 15 insertions(+), 17 deletions(-)

-- 
2.7.0

diff --git a/fs/aio.c b/fs/aio.c
index 72a7e8a2f67e..1748fb97d991 100644
--- a/fs/aio.c
+++ b/fs/aio.c
@@ -1777,25 +1777,23 @@ static long aio_do_unlinkat(int fd, const char *filename, int flags, int mode)
 
 static long aio_thread_op_foo_at(struct aio_kiocb *req)
 {
-	u64 buf, offset;
-	long ret;
-	u32 fd;
+	struct iocb iocb;
+	int fd;
+	const char __user *filename;
+	int flags, mode;
+	do_foo_at_t do_foo_at;
 
-	if (unlikely(get_user(fd, &req->ki_user_iocb->aio_fildes)))
-		ret = -EFAULT;
-	else if (unlikely(get_user(buf, &req->ki_user_iocb->aio_buf)))
-		ret = -EFAULT;
-	else if (unlikely(get_user(offset, &req->ki_user_iocb->aio_offset)))
-		ret = -EFAULT;
-	else {
-		do_foo_at_t do_foo_at = (void *)req->ki_data;
+	if (copy_from_user(&iocb, req->ki_user_iocb, sizeof(struct iocb)))
+		return -EFAULT;
 
-		ret = do_foo_at((s32)fd,
-				(const char __user *)(long)buf,
-				(int)offset,
-				(unsigned short)(offset >> 32));
-	}
-	return ret;
+	fd = (s32)iocb.aio_fildes;
+	filename = (const char __user *)(uintptr_t)iocb.aio_buf;
+	flags = (int)lower_32_bits(iocb.aio_offset);
+	mode = (unsigned short)upper_32_bits(iocb.aio_offset);
+
+	do_foo_at = (void *)req->ki_data;
+
+	return do_foo_at(fd, filename, flags, mode);
 }
 
 static void openat_destruct(struct aio_kiocb *req)