Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/roland...

[linux-beck.git] / fs / fuse / file.c
diff --git a/fs/fuse/file.c b/fs/fuse/file.c

index c8224587123f6e2ff84c8933f8d56a50ffd06c80..8b984a2cebbda185af01a6d4d5f8c31c89fc6fbe 100644 (file)
--- a/fs/fuse/file.c
+++ b/fs/fuse/file.c
@@ -13,6 +13,7 @@
  #include <linux/kernel.h>
  #include <linux/sched.h>
  #include <linux/module.h>
+#include <linux/compat.h>
  
  static const struct file_operations fuse_direct_io_file_operations;
  
@@ -134,6 +135,7 @@ EXPORT_SYMBOL_GPL(fuse_do_open);
  void fuse_finish_open(struct inode *inode, struct file *file)
  {
         struct fuse_file *ff = file->private_data;
+       struct fuse_conn *fc = get_fuse_conn(inode);
  
         if (ff->open_flags & FOPEN_DIRECT_IO)
                 file->f_op = &fuse_direct_io_file_operations;
@@ -141,6 +143,15 @@ void fuse_finish_open(struct inode *inode, struct file *file)
                 invalidate_inode_pages2(inode->i_mapping);
         if (ff->open_flags & FOPEN_NONSEEKABLE)
                 nonseekable_open(inode, file);
+       if (fc->atomic_o_trunc && (file->f_flags & O_TRUNC)) {
+               struct fuse_inode *fi = get_fuse_inode(inode);
+
+               spin_lock(&fc->lock);
+               fi->attr_version = ++fc->attr_version;
+               i_size_write(inode, 0);
+               spin_unlock(&fc->lock);
+               fuse_invalidate_attr(inode);
+       }
  }
  
  int fuse_open_common(struct inode *inode, struct file *file, bool isdir)
@@ -1617,6 +1628,58 @@ static int fuse_ioctl_copy_user(struct page **pages, struct iovec *iov,
         return 0;
  }
  
+/*
+ * CUSE servers compiled on 32bit broke on 64bit kernels because the
+ * ABI was defined to be 'struct iovec' which is different on 32bit
+ * and 64bit.  Fortunately we can determine which structure the server
+ * used from the size of the reply.
+ */
+static int fuse_copy_ioctl_iovec(struct iovec *dst, void *src,
+                                size_t transferred, unsigned count,
+                                bool is_compat)
+{
+#ifdef CONFIG_COMPAT
+       if (count * sizeof(struct compat_iovec) == transferred) {
+               struct compat_iovec *ciov = src;
+               unsigned i;
+
+               /*
+                * With this interface a 32bit server cannot support
+                * non-compat (i.e. ones coming from 64bit apps) ioctl
+                * requests
+                */
+               if (!is_compat)
+                       return -EINVAL;
+
+               for (i = 0; i < count; i++) {
+                       dst[i].iov_base = compat_ptr(ciov[i].iov_base);
+                       dst[i].iov_len = ciov[i].iov_len;
+               }
+               return 0;
+       }
+#endif
+
+       if (count * sizeof(struct iovec) != transferred)
+               return -EIO;
+
+       memcpy(dst, src, transferred);
+       return 0;
+}
+
+/* Make sure iov_length() won't overflow */
+static int fuse_verify_ioctl_iov(struct iovec *iov, size_t count)
+{
+       size_t n;
+       u32 max = FUSE_MAX_PAGES_PER_REQ << PAGE_SHIFT;
+
+       for (n = 0; n < count; n++) {
+               if (iov->iov_len > (size_t) max)
+                       return -ENOMEM;
+               max -= iov->iov_len;
+       }
+       return 0;
+}
+
  /*
   * For ioctls, there is no generic way to determine how much memory
   * needs to be read and/or written.  Furthermore, ioctls are allowed
@@ -1798,18 +1861,25 @@ long fuse_do_ioctl(struct file *file, unsigned int cmd, unsigned long arg,
                     in_iovs + out_iovs > FUSE_IOCTL_MAX_IOV)
                         goto out;
  
-               err = -EIO;
-               if ((in_iovs + out_iovs) * sizeof(struct iovec) != transferred)
-                       goto out;
-
-               /* okay, copy in iovs and retry */
                 vaddr = kmap_atomic(pages[0], KM_USER0);
-               memcpy(page_address(iov_page), vaddr, transferred);
+               err = fuse_copy_ioctl_iovec(page_address(iov_page), vaddr,
+                                           transferred, in_iovs + out_iovs,
+                                           (flags & FUSE_IOCTL_COMPAT) != 0);
                 kunmap_atomic(vaddr, KM_USER0);
+               if (err)
+                       goto out;
  
                 in_iov = page_address(iov_page);
                 out_iov = in_iov + in_iovs;
  
+               err = fuse_verify_ioctl_iov(in_iov, in_iovs);
+               if (err)
+                       goto out;
+
+               err = fuse_verify_ioctl_iov(out_iov, out_iovs);
+               if (err)
+                       goto out;
+
                 goto retry;
         }