compat_sys_io_submit() cleanup Cleanup compat_sys_io_submit by duplicating some of the native syscall logic in the compat layer and directly calling io_submit_one() instead of fooling the syscall into thinking it is called from a native 64-bit caller. This eliminates: - the overhead of copying the nr iocb pointers on the userspace stack - the PAGE_SIZE/(sizeof(void *)) limit on the number of iocbs that can be submitted. This is also needed for the completion notification patch to avoid having to rewrite each iocb on the caller stack for io_submit_one() to find the sigevents.
From: Sébastien Dugué <sebastien.dugue@xxxxxxxx> Cleanup compat_sys_io_submit by duplicating some of the native syscall logic in the compat layer and directly calling io_submit_one() instead of fooling the syscall into thinking it is called from a native 64-bit caller. This eliminates: - the overhead of copying the nr iocb pointers on the userspace stack - the PAGE_SIZE/(sizeof(void *)) limit on the number of iocbs that can be submitted. This is also needed for the completion notification patch to avoid having to rewrite each iocb on the caller stack for io_submit_one() to find the sigevents. Signed-off-by: Sébastien Dugué <sebastien.dugue@xxxxxxxx> Signed-off-by: Bharata B Rao <bharata@xxxxxxxxxx> --- fs/compat.c | 61 +++++++++++++++++++++++++++++++++--------------------------- 1 files changed, 34 insertions(+), 27 deletions(-) diff -puN fs/compat.c~rework-compat-sys-io-submit fs/compat.c --- linux-2.6.20-rc2/fs/compat.c~rework-compat-sys-io-submit 2007-01-03 10:15:03.000000000 +0530 +++ linux-2.6.20-rc2-bharata/fs/compat.c 2007-01-04 13:21:28.000000000 +0530 @@ -644,40 +644,47 @@ out: return ret; } -static inline long -copy_iocb(long nr, u32 __user *ptr32, struct iocb __user * __user *ptr64) -{ - compat_uptr_t uptr; - int i; - - for (i = 0; i < nr; ++i) { - if (get_user(uptr, ptr32 + i)) - return -EFAULT; - if (put_user(compat_ptr(uptr), ptr64 + i)) - return -EFAULT; - } - return 0; -} - -#define MAX_AIO_SUBMITS (PAGE_SIZE/sizeof(struct iocb *)) - asmlinkage long compat_sys_io_submit(aio_context_t ctx_id, int nr, u32 __user *iocb) { - struct iocb __user * __user *iocb64; - long ret; + struct kioctx *ctx; + long ret = 0; + int i; if (unlikely(nr < 0)) return -EINVAL; - if (nr > MAX_AIO_SUBMITS) - nr = MAX_AIO_SUBMITS; - - iocb64 = compat_alloc_user_space(nr * sizeof(*iocb64)); - ret = copy_iocb(nr, iocb, iocb64); - if (!ret) - ret = sys_io_submit(ctx_id, nr, iocb64); - return ret; + if (unlikely(!access_ok(VERIFY_READ, iocb, (nr * sizeof(u32))))) + return -EFAULT; + + ctx = lookup_ioctx(ctx_id); + if (unlikely(!ctx)) + return -EINVAL; + + for (i=0; i<nr; i++) { + compat_uptr_t uptr; + struct iocb __user *user_iocb; + struct iocb tmp; + + if (unlikely(get_user(uptr, iocb + i))) { + ret = -EFAULT; + break; + } + + user_iocb = compat_ptr(uptr); + + if (unlikely(copy_from_user(&tmp, user_iocb, sizeof(tmp)))) { + ret = -EFAULT; + break; + } + + ret = io_submit_one(ctx, user_iocb, &tmp); + if (ret) + break; + } + + put_ioctx(ctx); + return i ? i: ret; } struct compat_ncp_mount_data { _