[PATCH] uml: hostfs - fix possible PAGE_CACHE_SHIFT overflows

[safe/jmp/linux-2.6] / fs / read_write.c

diff --git a/fs/read_write.c b/fs/read_write.c
index c4c2bee..a091ee4 100644 (file)
--- a/fs/read_write.c
+++ b/fs/read_write.c
@@ -10,7 +10,7 @@
 #include <linux/file.h>
 #include <linux/uio.h>
 #include <linux/smp_lock.h>
-#include <linux/dnotify.h>
+#include <linux/fsnotify.h>
 #include <linux/security.h>
 #include <linux/module.h>
 #include <linux/syscalls.h>
@@ -188,7 +188,7 @@ int rw_verify_area(int read_write, struct file *file, loff_t *ppos, size_t count
        struct inode *inode;
        loff_t pos;
 
-       if (unlikely(count > file->f_maxcount))
+       if (unlikely(count > INT_MAX))
                goto Einval;
        pos = *ppos;
        if (unlikely((pos < 0) || (loff_t) (pos + count) < 0))
@@ -203,6 +203,16 @@ Einval:
        return -EINVAL;
 }
 
+static void wait_on_retry_sync_kiocb(struct kiocb *iocb)
+{
+       set_current_state(TASK_UNINTERRUPTIBLE);
+       if (!kiocbIsKicked(iocb))
+               schedule();
+       else
+               kiocbClearKicked(iocb);
+       __set_current_state(TASK_RUNNING);
+}
+
 ssize_t do_sync_read(struct file *filp, char __user *buf, size_t len, loff_t *ppos)
 {
        struct kiocb kiocb;
@@ -210,7 +220,10 @@ ssize_t do_sync_read(struct file *filp, char __user *buf, size_t len, loff_t *pp
 
        init_sync_kiocb(&kiocb, filp);
        kiocb.ki_pos = *ppos;
-       ret = filp->f_op->aio_read(&kiocb, buf, len, kiocb.ki_pos);
+       while (-EIOCBRETRY ==
+               (ret = filp->f_op->aio_read(&kiocb, buf, len, kiocb.ki_pos)))
+               wait_on_retry_sync_kiocb(&kiocb);
+
        if (-EIOCBQUEUED == ret)
                ret = wait_on_sync_kiocb(&kiocb);
        *ppos = kiocb.ki_pos;
@@ -239,7 +252,7 @@ ssize_t vfs_read(struct file *file, char __user *buf, size_t count, loff_t *pos)
                        else
                                ret = do_sync_read(file, buf, count, pos);
                        if (ret > 0) {
-                               dnotify_parent(file->f_dentry, DN_ACCESS);
+                               fsnotify_access(file->f_dentry);
                                current->rchar += ret;
                        }
                        current->syscr++;
@@ -258,7 +271,10 @@ ssize_t do_sync_write(struct file *filp, const char __user *buf, size_t len, lof
 
        init_sync_kiocb(&kiocb, filp);
        kiocb.ki_pos = *ppos;
-       ret = filp->f_op->aio_write(&kiocb, buf, len, kiocb.ki_pos);
+       while (-EIOCBRETRY ==
+              (ret = filp->f_op->aio_write(&kiocb, buf, len, kiocb.ki_pos)))
+               wait_on_retry_sync_kiocb(&kiocb);
+
        if (-EIOCBQUEUED == ret)
                ret = wait_on_sync_kiocb(&kiocb);
        *ppos = kiocb.ki_pos;
@@ -287,7 +303,7 @@ ssize_t vfs_write(struct file *file, const char __user *buf, size_t count, loff_
                        else
                                ret = do_sync_write(file, buf, count, pos);
                        if (ret > 0) {
-                               dnotify_parent(file->f_dentry, DN_MODIFY);
+                               fsnotify_modify(file->f_dentry);
                                current->wchar += ret;
                        }
                        current->syscw++;
@@ -483,6 +499,9 @@ static ssize_t do_readv_writev(int type, struct file *file,
        ret = rw_verify_area(type, file, pos, tot_len);
        if (ret)
                goto out;
+       ret = security_file_permission(file, type == READ ? MAY_READ : MAY_WRITE);
+       if (ret)
+               goto out;
 
        fnv = NULL;
        if (type == READ) {
@@ -523,9 +542,12 @@ static ssize_t do_readv_writev(int type, struct file *file,
 out:
        if (iov != iovstack)
                kfree(iov);
-       if ((ret + (type == READ)) > 0)
-               dnotify_parent(file->f_dentry,
-                               (type == READ) ? DN_ACCESS : DN_MODIFY);
+       if ((ret + (type == READ)) > 0) {
+               if (type == READ)
+                       fsnotify_access(file->f_dentry);
+               else
+                       fsnotify_modify(file->f_dentry);
+       }
        return ret;
 Efault:
        ret = -EFAULT;