> +static int io_setup_rw(int rw, struct io_kiocb *kiocb,
> + const struct io_uring_iocb *iocb, struct iovec **iovec,
> + struct iov_iter *iter, bool kaddr)
> {
> void __user *buf = (void __user *)(uintptr_t)iocb->addr;
> size_t ret;
>
> - ret = import_single_range(rw, buf, iocb->len, *iovec, iter);
> + if (!kaddr) {
> + ret = import_single_range(rw, buf, iocb->len, *iovec, iter);
> + } else {
> + struct io_ring_ctx *ctx = kiocb->ki_ctx;
> + struct io_mapped_ubuf *imu;
> + size_t len = iocb->len;
> + size_t offset;
> + int index;
> +
> + /* __io_submit_one() already validated the index */
> + index = array_index_nospec(kiocb->ki_index,
> + ctx->max_reqs);
> + imu = &ctx->user_bufs[index];
> + if ((unsigned long) iocb->addr < imu->ubuf ||
> + (unsigned long) iocb->addr + len > imu->ubuf + imu->len) {
> + ret = -EFAULT;
> + goto err;
> + }
> +
> + /*
> + * May not be a start of buffer, set size appropriately
> + * and advance us to the beginning.
> + */
> + offset = (unsigned long) iocb->addr - imu->ubuf;
> + iov_iter_bvec(iter, rw, imu->bvec, imu->nr_bvecs,
> + offset + len);
> + if (offset)
> + iov_iter_advance(iter, offset);
> + ret = 0;
> +
Please split this code in a separate helper.
> if (unlikely(!file->f_op->read_iter))
> goto out_fput;
>
> - ret = io_setup_rw(READ, iocb, &iovec, &iter);
> + ret = io_setup_rw(READ, kiocb, iocb, &iovec, &iter, kaddr);
And I'd personally just call that helper here based on the opcode and
avoid magic bool arguments.
> + down_write(¤t->mm->mmap_sem);
> + pret = get_user_pages(ubuf, nr_pages, 1, pages, NULL);
> + up_write(¤t->mm->mmap_sem);
This needs to be get_user_pages_longterm.
> + * We don't use the iovecs without fixed buffers being asked for.
> + * Error out if they don't match.
> + */
> + if (!(p->flags & IORING_SETUP_FIXEDBUFS) && iovecs)
> + return -EINVAL;
I don't think we need the IORING_SETUP_FIXEDBUFS flag at all, as a
non-zero iovecs pointer is enough of an indication.
