Commit ad0f3236 authored by Miklos Szeredi's avatar Miklos Szeredi Committed by Luis Henriques

fuse: honour max_read and max_write in direct_io mode

commit 2c80929c upstream.

The third argument of fuse_get_user_pages() "nbytesp" refers to the number of
bytes a caller asked to pack into fuse request. This value may be lesser
than capacity of fuse request or iov_iter.  So fuse_get_user_pages() must
ensure that *nbytesp won't grow.

Now, when helper iov_iter_get_pages() performs all hard work of extracting
pages from iov_iter, it can be done by passing properly calculated
"maxsize" to the helper.

The other caller of iov_iter_get_pages() (dio_refill_pages()) doesn't need
this capability, so pass LONG_MAX as the maxsize argument here.

Fixes: c9c37e2e ("fuse: switch to iov_iter_get_pages()")
Reported-by: default avatarWerner Baumann <werner.baumann@onlinehome.de>
Tested-by: default avatarMaxim Patlasov <mpatlasov@parallels.com>
Signed-off-by: default avatarMiklos Szeredi <mszeredi@suse.cz>
Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
Signed-off-by: default avatarLuis Henriques <luis.henriques@canonical.com>
parent 88157ce3
...@@ -158,7 +158,7 @@ static inline int dio_refill_pages(struct dio *dio, struct dio_submit *sdio) ...@@ -158,7 +158,7 @@ static inline int dio_refill_pages(struct dio *dio, struct dio_submit *sdio)
{ {
ssize_t ret; ssize_t ret;
ret = iov_iter_get_pages(sdio->iter, dio->pages, DIO_PAGES, ret = iov_iter_get_pages(sdio->iter, dio->pages, LONG_MAX, DIO_PAGES,
&sdio->from); &sdio->from);
if (ret < 0 && sdio->blocks_available && (dio->rw & WRITE)) { if (ret < 0 && sdio->blocks_available && (dio->rw & WRITE)) {
......
...@@ -1305,6 +1305,7 @@ static int fuse_get_user_pages(struct fuse_req *req, struct iov_iter *ii, ...@@ -1305,6 +1305,7 @@ static int fuse_get_user_pages(struct fuse_req *req, struct iov_iter *ii,
size_t start; size_t start;
ssize_t ret = iov_iter_get_pages(ii, ssize_t ret = iov_iter_get_pages(ii,
&req->pages[req->num_pages], &req->pages[req->num_pages],
*nbytesp - nbytes,
req->max_pages - req->num_pages, req->max_pages - req->num_pages,
&start); &start);
if (ret < 0) if (ret < 0)
......
...@@ -84,7 +84,7 @@ unsigned long iov_iter_alignment(const struct iov_iter *i); ...@@ -84,7 +84,7 @@ unsigned long iov_iter_alignment(const struct iov_iter *i);
void iov_iter_init(struct iov_iter *i, int direction, const struct iovec *iov, void iov_iter_init(struct iov_iter *i, int direction, const struct iovec *iov,
unsigned long nr_segs, size_t count); unsigned long nr_segs, size_t count);
ssize_t iov_iter_get_pages(struct iov_iter *i, struct page **pages, ssize_t iov_iter_get_pages(struct iov_iter *i, struct page **pages,
unsigned maxpages, size_t *start); size_t maxsize, unsigned maxpages, size_t *start);
ssize_t iov_iter_get_pages_alloc(struct iov_iter *i, struct page ***pages, ssize_t iov_iter_get_pages_alloc(struct iov_iter *i, struct page ***pages,
size_t maxsize, size_t *start); size_t maxsize, size_t *start);
int iov_iter_npages(const struct iov_iter *i, int maxpages); int iov_iter_npages(const struct iov_iter *i, int maxpages);
......
...@@ -310,7 +310,7 @@ void iov_iter_init(struct iov_iter *i, int direction, ...@@ -310,7 +310,7 @@ void iov_iter_init(struct iov_iter *i, int direction,
EXPORT_SYMBOL(iov_iter_init); EXPORT_SYMBOL(iov_iter_init);
static ssize_t get_pages_iovec(struct iov_iter *i, static ssize_t get_pages_iovec(struct iov_iter *i,
struct page **pages, unsigned maxpages, struct page **pages, size_t maxsize, unsigned maxpages,
size_t *start) size_t *start)
{ {
size_t offset = i->iov_offset; size_t offset = i->iov_offset;
...@@ -323,6 +323,8 @@ static ssize_t get_pages_iovec(struct iov_iter *i, ...@@ -323,6 +323,8 @@ static ssize_t get_pages_iovec(struct iov_iter *i,
len = iov->iov_len - offset; len = iov->iov_len - offset;
if (len > i->count) if (len > i->count)
len = i->count; len = i->count;
if (len > maxsize)
len = maxsize;
addr = (unsigned long)iov->iov_base + offset; addr = (unsigned long)iov->iov_base + offset;
len += *start = addr & (PAGE_SIZE - 1); len += *start = addr & (PAGE_SIZE - 1);
if (len > maxpages * PAGE_SIZE) if (len > maxpages * PAGE_SIZE)
...@@ -588,13 +590,15 @@ static unsigned long alignment_bvec(const struct iov_iter *i) ...@@ -588,13 +590,15 @@ static unsigned long alignment_bvec(const struct iov_iter *i)
} }
static ssize_t get_pages_bvec(struct iov_iter *i, static ssize_t get_pages_bvec(struct iov_iter *i,
struct page **pages, unsigned maxpages, struct page **pages, size_t maxsize, unsigned maxpages,
size_t *start) size_t *start)
{ {
const struct bio_vec *bvec = i->bvec; const struct bio_vec *bvec = i->bvec;
size_t len = bvec->bv_len - i->iov_offset; size_t len = bvec->bv_len - i->iov_offset;
if (len > i->count) if (len > i->count)
len = i->count; len = i->count;
if (len > maxsize)
len = maxsize;
/* can't be more than PAGE_SIZE */ /* can't be more than PAGE_SIZE */
*start = bvec->bv_offset + i->iov_offset; *start = bvec->bv_offset + i->iov_offset;
...@@ -711,13 +715,13 @@ unsigned long iov_iter_alignment(const struct iov_iter *i) ...@@ -711,13 +715,13 @@ unsigned long iov_iter_alignment(const struct iov_iter *i)
EXPORT_SYMBOL(iov_iter_alignment); EXPORT_SYMBOL(iov_iter_alignment);
ssize_t iov_iter_get_pages(struct iov_iter *i, ssize_t iov_iter_get_pages(struct iov_iter *i,
struct page **pages, unsigned maxpages, struct page **pages, size_t maxsize, unsigned maxpages,
size_t *start) size_t *start)
{ {
if (i->type & ITER_BVEC) if (i->type & ITER_BVEC)
return get_pages_bvec(i, pages, maxpages, start); return get_pages_bvec(i, pages, maxsize, maxpages, start);
else else
return get_pages_iovec(i, pages, maxpages, start); return get_pages_iovec(i, pages, maxsize, maxpages, start);
} }
EXPORT_SYMBOL(iov_iter_get_pages); EXPORT_SYMBOL(iov_iter_get_pages);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment