projects / deliverable / linux.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
net: Fix use after free by removing length arg from sk_data_ready callbacks.
[deliverable/linux.git] / fs / ncpfs / file.c
1 /*
2 * file.c
3 *
4 * Copyright (C) 1995, 1996 by Volker Lendecke
5 * Modified 1997 Peter Waltenberg, Bill Hawes, David Woodhouse for 2.1 dcache
6 *
7 */
8
9 #include <asm/uaccess.h>
10
11 #include <linux/time.h>
12 #include <linux/kernel.h>
13 #include <linux/errno.h>
14 #include <linux/fcntl.h>
15 #include <linux/stat.h>
16 #include <linux/mm.h>
17 #include <linux/vmalloc.h>
18 #include <linux/sched.h>
19
20 #include "ncp_fs.h"
21
22 static int ncp_fsync(struct file *file, loff_t start, loff_t end, int datasync)
23 {
24 return filemap_write_and_wait_range(file->f_mapping, start, end);
25 }
26
27 /*
28 * Open a file with the specified read/write mode.
29 */
30 int ncp_make_open(struct inode *inode, int right)
31 {
32 int error;
33 int access;
34
35 error = -EINVAL;
36 if (!inode) {
37 printk(KERN_ERR "ncp_make_open: got NULL inode\n");
38 goto out;
39 }
40
41 DPRINTK("ncp_make_open: opened=%d, volume # %u, dir entry # %u\n",
42 atomic_read(&NCP_FINFO(inode)->opened),
43 NCP_FINFO(inode)->volNumber,
44 NCP_FINFO(inode)->dirEntNum);
45 error = -EACCES;
46 mutex_lock(&NCP_FINFO(inode)->open_mutex);
47 if (!atomic_read(&NCP_FINFO(inode)->opened)) {
48 struct ncp_entry_info finfo;
49 int result;
50
51 /* tries max. rights */
52 finfo.access = O_RDWR;
53 result = ncp_open_create_file_or_subdir(NCP_SERVER(inode),
54 inode, NULL, OC_MODE_OPEN,
55 0, AR_READ | AR_WRITE, &finfo);
56 if (!result)
57 goto update;
58 /* RDWR did not succeeded, try readonly or writeonly as requested */
59 switch (right) {
60 case O_RDONLY:
61 finfo.access = O_RDONLY;
62 result = ncp_open_create_file_or_subdir(NCP_SERVER(inode),
63 inode, NULL, OC_MODE_OPEN,
64 0, AR_READ, &finfo);
65 break;
66 case O_WRONLY:
67 finfo.access = O_WRONLY;
68 result = ncp_open_create_file_or_subdir(NCP_SERVER(inode),
69 inode, NULL, OC_MODE_OPEN,
70 0, AR_WRITE, &finfo);
71 break;
72 }
73 if (result) {
74 PPRINTK("ncp_make_open: failed, result=%d\n", result);
75 goto out_unlock;
76 }
77 /*
78 * Update the inode information.
79 */
80 update:
81 ncp_update_inode(inode, &finfo);
82 atomic_set(&NCP_FINFO(inode)->opened, 1);
83 }
84
85 access = NCP_FINFO(inode)->access;
86 PPRINTK("ncp_make_open: file open, access=%x\n", access);
87 if (access == right || access == O_RDWR) {
88 atomic_inc(&NCP_FINFO(inode)->opened);
89 error = 0;
90 }
91
92 out_unlock:
93 mutex_unlock(&NCP_FINFO(inode)->open_mutex);
94 out:
95 return error;
96 }
97
98 static ssize_t
99 ncp_file_read(struct file *file, char __user *buf, size_t count, loff_t *ppos)
100 {
101 struct dentry *dentry = file->f_path.dentry;
102 struct inode *inode = dentry->d_inode;
103 size_t already_read = 0;
104 off_t pos;
105 size_t bufsize;
106 int error;
107 void* freepage;
108 size_t freelen;
109
110 DPRINTK("ncp_file_read: enter %pd2\n", dentry);
111
112 pos = *ppos;
113
114 if ((ssize_t) count < 0) {
115 return -EINVAL;
116 }
117 if (!count)
118 return 0;
119 if (pos > inode->i_sb->s_maxbytes)
120 return 0;
121 if (pos + count > inode->i_sb->s_maxbytes) {
122 count = inode->i_sb->s_maxbytes - pos;
123 }
124
125 error = ncp_make_open(inode, O_RDONLY);
126 if (error) {
127 DPRINTK(KERN_ERR "ncp_file_read: open failed, error=%d\n", error);
128 return error;
129 }
130
131 bufsize = NCP_SERVER(inode)->buffer_size;
132
133 error = -EIO;
134 freelen = ncp_read_bounce_size(bufsize);
135 freepage = vmalloc(freelen);
136 if (!freepage)
137 goto outrel;
138 error = 0;
139 /* First read in as much as possible for each bufsize. */
140 while (already_read < count) {
141 int read_this_time;
142 size_t to_read = min_t(unsigned int,
143 bufsize - (pos % bufsize),
144 count - already_read);
145
146 error = ncp_read_bounce(NCP_SERVER(inode),
147 NCP_FINFO(inode)->file_handle,
148 pos, to_read, buf, &read_this_time,
149 freepage, freelen);
150 if (error) {
151 error = -EIO; /* NW errno -> Linux errno */
152 break;
153 }
154 pos += read_this_time;
155 buf += read_this_time;
156 already_read += read_this_time;
157
158 if (read_this_time != to_read) {
159 break;
160 }
161 }
162 vfree(freepage);
163
164 *ppos = pos;
165
166 file_accessed(file);
167
168 DPRINTK("ncp_file_read: exit %pd2\n", dentry);
169 outrel:
170 ncp_inode_close(inode);
171 return already_read ? already_read : error;
172 }
173
174 static ssize_t
175 ncp_file_write(struct file *file, const char __user *buf, size_t count, loff_t *ppos)
176 {
177 struct dentry *dentry = file->f_path.dentry;
178 struct inode *inode = dentry->d_inode;
179 size_t already_written = 0;
180 off_t pos;
181 size_t bufsize;
182 int errno;
183 void* bouncebuffer;
184
185 DPRINTK("ncp_file_write: enter %pd2\n", dentry);
186 if ((ssize_t) count < 0)
187 return -EINVAL;
188 pos = *ppos;
189 if (file->f_flags & O_APPEND) {
190 pos = i_size_read(inode);
191 }
192
193 if (pos + count > MAX_NON_LFS && !(file->f_flags&O_LARGEFILE)) {
194 if (pos >= MAX_NON_LFS) {
195 return -EFBIG;
196 }
197 if (count > MAX_NON_LFS - (u32)pos) {
198 count = MAX_NON_LFS - (u32)pos;
199 }
200 }
201 if (pos >= inode->i_sb->s_maxbytes) {
202 if (count || pos > inode->i_sb->s_maxbytes) {
203 return -EFBIG;
204 }
205 }
206 if (pos + count > inode->i_sb->s_maxbytes) {
207 count = inode->i_sb->s_maxbytes - pos;
208 }
209
210 if (!count)
211 return 0;
212 errno = ncp_make_open(inode, O_WRONLY);
213 if (errno) {
214 DPRINTK(KERN_ERR "ncp_file_write: open failed, error=%d\n", errno);
215 return errno;
216 }
217 bufsize = NCP_SERVER(inode)->buffer_size;
218
219 already_written = 0;
220
221 errno = file_update_time(file);
222 if (errno)
223 goto outrel;
224
225 bouncebuffer = vmalloc(bufsize);
226 if (!bouncebuffer) {
227 errno = -EIO; /* -ENOMEM */
228 goto outrel;
229 }
230 while (already_written < count) {
231 int written_this_time;
232 size_t to_write = min_t(unsigned int,
233 bufsize - (pos % bufsize),
234 count - already_written);
235
236 if (copy_from_user(bouncebuffer, buf, to_write)) {
237 errno = -EFAULT;
238 break;
239 }
240 if (ncp_write_kernel(NCP_SERVER(inode),
241 NCP_FINFO(inode)->file_handle,
242 pos, to_write, bouncebuffer, &written_this_time) != 0) {
243 errno = -EIO;
244 break;
245 }
246 pos += written_this_time;
247 buf += written_this_time;
248 already_written += written_this_time;
249
250 if (written_this_time != to_write) {
251 break;
252 }
253 }
254 vfree(bouncebuffer);
255
256 *ppos = pos;
257
258 if (pos > i_size_read(inode)) {
259 mutex_lock(&inode->i_mutex);
260 if (pos > i_size_read(inode))
261 i_size_write(inode, pos);
262 mutex_unlock(&inode->i_mutex);
263 }
264 DPRINTK("ncp_file_write: exit %pd2\n", dentry);
265 outrel:
266 ncp_inode_close(inode);
267 return already_written ? already_written : errno;
268 }
269
270 static int ncp_release(struct inode *inode, struct file *file) {
271 if (ncp_make_closed(inode)) {
272 DPRINTK("ncp_release: failed to close\n");
273 }
274 return 0;
275 }
276
277 const struct file_operations ncp_file_operations =
278 {
279 .llseek = generic_file_llseek,
280 .read = ncp_file_read,
281 .write = ncp_file_write,
282 .unlocked_ioctl = ncp_ioctl,
283 #ifdef CONFIG_COMPAT
284 .compat_ioctl = ncp_compat_ioctl,
285 #endif
286 .mmap = ncp_mmap,
287 .release = ncp_release,
288 .fsync = ncp_fsync,
289 };
290
291 const struct inode_operations ncp_file_inode_operations =
292 {
293 .setattr = ncp_notify_change,
294 };
Linux kernel - Deliverables
This page took 0.078194 seconds and 5 git commands to generate.