[SCSI] gdth: Prevent negative offsets in ioctl CVE-2009-3080
[linux-2.6/linux-acpi-2.6/ibm-acpi-2.6.git] / fs / sync.c
blobd104591b066bf474f62f665e87e04154c4da5da1
1 /*
2 * High-level sync()-related operations
3 */
5 #include <linux/kernel.h>
6 #include <linux/file.h>
7 #include <linux/fs.h>
8 #include <linux/module.h>
9 #include <linux/sched.h>
10 #include <linux/writeback.h>
11 #include <linux/syscalls.h>
12 #include <linux/linkage.h>
13 #include <linux/pagemap.h>
14 #include <linux/quotaops.h>
15 #include <linux/buffer_head.h>
16 #include "internal.h"
18 #define VALID_FLAGS (SYNC_FILE_RANGE_WAIT_BEFORE|SYNC_FILE_RANGE_WRITE| \
19 SYNC_FILE_RANGE_WAIT_AFTER)
22 * Do the filesystem syncing work. For simple filesystems
23 * writeback_inodes_sb(sb) just dirties buffers with inodes so we have to
24 * submit IO for these buffers via __sync_blockdev(). This also speeds up the
25 * wait == 1 case since in that case write_inode() functions do
26 * sync_dirty_buffer() and thus effectively write one block at a time.
28 static int __sync_filesystem(struct super_block *sb, int wait)
31 * This should be safe, as we require bdi backing to actually
32 * write out data in the first place
34 if (!sb->s_bdi)
35 return 0;
37 /* Avoid doing twice syncing and cache pruning for quota sync */
38 if (!wait) {
39 writeout_quota_sb(sb, -1);
40 writeback_inodes_sb(sb);
41 } else {
42 sync_quota_sb(sb, -1);
43 sync_inodes_sb(sb);
45 if (sb->s_op->sync_fs)
46 sb->s_op->sync_fs(sb, wait);
47 return __sync_blockdev(sb->s_bdev, wait);
51 * Write out and wait upon all dirty data associated with this
52 * superblock. Filesystem data as well as the underlying block
53 * device. Takes the superblock lock.
55 int sync_filesystem(struct super_block *sb)
57 int ret;
60 * We need to be protected against the filesystem going from
61 * r/o to r/w or vice versa.
63 WARN_ON(!rwsem_is_locked(&sb->s_umount));
66 * No point in syncing out anything if the filesystem is read-only.
68 if (sb->s_flags & MS_RDONLY)
69 return 0;
71 ret = __sync_filesystem(sb, 0);
72 if (ret < 0)
73 return ret;
74 return __sync_filesystem(sb, 1);
76 EXPORT_SYMBOL_GPL(sync_filesystem);
79 * Sync all the data for all the filesystems (called by sys_sync() and
80 * emergency sync)
82 * This operation is careful to avoid the livelock which could easily happen
83 * if two or more filesystems are being continuously dirtied. s_need_sync
84 * is used only here. We set it against all filesystems and then clear it as
85 * we sync them. So redirtied filesystems are skipped.
87 * But if process A is currently running sync_filesystems and then process B
88 * calls sync_filesystems as well, process B will set all the s_need_sync
89 * flags again, which will cause process A to resync everything. Fix that with
90 * a local mutex.
92 static void sync_filesystems(int wait)
94 struct super_block *sb;
95 static DEFINE_MUTEX(mutex);
97 mutex_lock(&mutex); /* Could be down_interruptible */
98 spin_lock(&sb_lock);
99 list_for_each_entry(sb, &super_blocks, s_list)
100 sb->s_need_sync = 1;
102 restart:
103 list_for_each_entry(sb, &super_blocks, s_list) {
104 if (!sb->s_need_sync)
105 continue;
106 sb->s_need_sync = 0;
107 sb->s_count++;
108 spin_unlock(&sb_lock);
110 down_read(&sb->s_umount);
111 if (!(sb->s_flags & MS_RDONLY) && sb->s_root && sb->s_bdi)
112 __sync_filesystem(sb, wait);
113 up_read(&sb->s_umount);
115 /* restart only when sb is no longer on the list */
116 spin_lock(&sb_lock);
117 if (__put_super_and_need_restart(sb))
118 goto restart;
120 spin_unlock(&sb_lock);
121 mutex_unlock(&mutex);
125 * sync everything. Start out by waking pdflush, because that writes back
126 * all queues in parallel.
128 SYSCALL_DEFINE0(sync)
130 wakeup_flusher_threads(0);
131 sync_filesystems(0);
132 sync_filesystems(1);
133 if (unlikely(laptop_mode))
134 laptop_sync_completion();
135 return 0;
138 static void do_sync_work(struct work_struct *work)
141 * Sync twice to reduce the possibility we skipped some inodes / pages
142 * because they were temporarily locked
144 sync_filesystems(0);
145 sync_filesystems(0);
146 printk("Emergency Sync complete\n");
147 kfree(work);
150 void emergency_sync(void)
152 struct work_struct *work;
154 work = kmalloc(sizeof(*work), GFP_ATOMIC);
155 if (work) {
156 INIT_WORK(work, do_sync_work);
157 schedule_work(work);
162 * Generic function to fsync a file.
164 * filp may be NULL if called via the msync of a vma.
166 int file_fsync(struct file *filp, struct dentry *dentry, int datasync)
168 struct inode * inode = dentry->d_inode;
169 struct super_block * sb;
170 int ret, err;
172 /* sync the inode to buffers */
173 ret = write_inode_now(inode, 0);
175 /* sync the superblock to buffers */
176 sb = inode->i_sb;
177 if (sb->s_dirt && sb->s_op->write_super)
178 sb->s_op->write_super(sb);
180 /* .. finally sync the buffers to disk */
181 err = sync_blockdev(sb->s_bdev);
182 if (!ret)
183 ret = err;
184 return ret;
186 EXPORT_SYMBOL(file_fsync);
189 * vfs_fsync_range - helper to sync a range of data & metadata to disk
190 * @file: file to sync
191 * @dentry: dentry of @file
192 * @start: offset in bytes of the beginning of data range to sync
193 * @end: offset in bytes of the end of data range (inclusive)
194 * @datasync: perform only datasync
196 * Write back data in range @start..@end and metadata for @file to disk. If
197 * @datasync is set only metadata needed to access modified file data is
198 * written.
200 * In case this function is called from nfsd @file may be %NULL and
201 * only @dentry is set. This can only happen when the filesystem
202 * implements the export_operations API.
204 int vfs_fsync_range(struct file *file, struct dentry *dentry, loff_t start,
205 loff_t end, int datasync)
207 const struct file_operations *fop;
208 struct address_space *mapping;
209 int err, ret;
212 * Get mapping and operations from the file in case we have
213 * as file, or get the default values for them in case we
214 * don't have a struct file available. Damn nfsd..
216 if (file) {
217 mapping = file->f_mapping;
218 fop = file->f_op;
219 } else {
220 mapping = dentry->d_inode->i_mapping;
221 fop = dentry->d_inode->i_fop;
224 if (!fop || !fop->fsync) {
225 ret = -EINVAL;
226 goto out;
229 ret = filemap_write_and_wait_range(mapping, start, end);
232 * We need to protect against concurrent writers, which could cause
233 * livelocks in fsync_buffers_list().
235 mutex_lock(&mapping->host->i_mutex);
236 err = fop->fsync(file, dentry, datasync);
237 if (!ret)
238 ret = err;
239 mutex_unlock(&mapping->host->i_mutex);
241 out:
242 return ret;
244 EXPORT_SYMBOL(vfs_fsync_range);
247 * vfs_fsync - perform a fsync or fdatasync on a file
248 * @file: file to sync
249 * @dentry: dentry of @file
250 * @datasync: only perform a fdatasync operation
252 * Write back data and metadata for @file to disk. If @datasync is
253 * set only metadata needed to access modified file data is written.
255 * In case this function is called from nfsd @file may be %NULL and
256 * only @dentry is set. This can only happen when the filesystem
257 * implements the export_operations API.
259 int vfs_fsync(struct file *file, struct dentry *dentry, int datasync)
261 return vfs_fsync_range(file, dentry, 0, LLONG_MAX, datasync);
263 EXPORT_SYMBOL(vfs_fsync);
265 static int do_fsync(unsigned int fd, int datasync)
267 struct file *file;
268 int ret = -EBADF;
270 file = fget(fd);
271 if (file) {
272 ret = vfs_fsync(file, file->f_path.dentry, datasync);
273 fput(file);
275 return ret;
278 SYSCALL_DEFINE1(fsync, unsigned int, fd)
280 return do_fsync(fd, 0);
283 SYSCALL_DEFINE1(fdatasync, unsigned int, fd)
285 return do_fsync(fd, 1);
289 * generic_write_sync - perform syncing after a write if file / inode is sync
290 * @file: file to which the write happened
291 * @pos: offset where the write started
292 * @count: length of the write
294 * This is just a simple wrapper about our general syncing function.
296 int generic_write_sync(struct file *file, loff_t pos, loff_t count)
298 if (!(file->f_flags & O_SYNC) && !IS_SYNC(file->f_mapping->host))
299 return 0;
300 return vfs_fsync_range(file, file->f_path.dentry, pos,
301 pos + count - 1, 1);
303 EXPORT_SYMBOL(generic_write_sync);
306 * sys_sync_file_range() permits finely controlled syncing over a segment of
307 * a file in the range offset .. (offset+nbytes-1) inclusive. If nbytes is
308 * zero then sys_sync_file_range() will operate from offset out to EOF.
310 * The flag bits are:
312 * SYNC_FILE_RANGE_WAIT_BEFORE: wait upon writeout of all pages in the range
313 * before performing the write.
315 * SYNC_FILE_RANGE_WRITE: initiate writeout of all those dirty pages in the
316 * range which are not presently under writeback. Note that this may block for
317 * significant periods due to exhaustion of disk request structures.
319 * SYNC_FILE_RANGE_WAIT_AFTER: wait upon writeout of all pages in the range
320 * after performing the write.
322 * Useful combinations of the flag bits are:
324 * SYNC_FILE_RANGE_WAIT_BEFORE|SYNC_FILE_RANGE_WRITE: ensures that all pages
325 * in the range which were dirty on entry to sys_sync_file_range() are placed
326 * under writeout. This is a start-write-for-data-integrity operation.
328 * SYNC_FILE_RANGE_WRITE: start writeout of all dirty pages in the range which
329 * are not presently under writeout. This is an asynchronous flush-to-disk
330 * operation. Not suitable for data integrity operations.
332 * SYNC_FILE_RANGE_WAIT_BEFORE (or SYNC_FILE_RANGE_WAIT_AFTER): wait for
333 * completion of writeout of all pages in the range. This will be used after an
334 * earlier SYNC_FILE_RANGE_WAIT_BEFORE|SYNC_FILE_RANGE_WRITE operation to wait
335 * for that operation to complete and to return the result.
337 * SYNC_FILE_RANGE_WAIT_BEFORE|SYNC_FILE_RANGE_WRITE|SYNC_FILE_RANGE_WAIT_AFTER:
338 * a traditional sync() operation. This is a write-for-data-integrity operation
339 * which will ensure that all pages in the range which were dirty on entry to
340 * sys_sync_file_range() are committed to disk.
343 * SYNC_FILE_RANGE_WAIT_BEFORE and SYNC_FILE_RANGE_WAIT_AFTER will detect any
344 * I/O errors or ENOSPC conditions and will return those to the caller, after
345 * clearing the EIO and ENOSPC flags in the address_space.
347 * It should be noted that none of these operations write out the file's
348 * metadata. So unless the application is strictly performing overwrites of
349 * already-instantiated disk blocks, there are no guarantees here that the data
350 * will be available after a crash.
352 SYSCALL_DEFINE(sync_file_range)(int fd, loff_t offset, loff_t nbytes,
353 unsigned int flags)
355 int ret;
356 struct file *file;
357 loff_t endbyte; /* inclusive */
358 int fput_needed;
359 umode_t i_mode;
361 ret = -EINVAL;
362 if (flags & ~VALID_FLAGS)
363 goto out;
365 endbyte = offset + nbytes;
367 if ((s64)offset < 0)
368 goto out;
369 if ((s64)endbyte < 0)
370 goto out;
371 if (endbyte < offset)
372 goto out;
374 if (sizeof(pgoff_t) == 4) {
375 if (offset >= (0x100000000ULL << PAGE_CACHE_SHIFT)) {
377 * The range starts outside a 32 bit machine's
378 * pagecache addressing capabilities. Let it "succeed"
380 ret = 0;
381 goto out;
383 if (endbyte >= (0x100000000ULL << PAGE_CACHE_SHIFT)) {
385 * Out to EOF
387 nbytes = 0;
391 if (nbytes == 0)
392 endbyte = LLONG_MAX;
393 else
394 endbyte--; /* inclusive */
396 ret = -EBADF;
397 file = fget_light(fd, &fput_needed);
398 if (!file)
399 goto out;
401 i_mode = file->f_path.dentry->d_inode->i_mode;
402 ret = -ESPIPE;
403 if (!S_ISREG(i_mode) && !S_ISBLK(i_mode) && !S_ISDIR(i_mode) &&
404 !S_ISLNK(i_mode))
405 goto out_put;
407 ret = do_sync_mapping_range(file->f_mapping, offset, endbyte, flags);
408 out_put:
409 fput_light(file, fput_needed);
410 out:
411 return ret;
413 #ifdef CONFIG_HAVE_SYSCALL_WRAPPERS
414 asmlinkage long SyS_sync_file_range(long fd, loff_t offset, loff_t nbytes,
415 long flags)
417 return SYSC_sync_file_range((int) fd, offset, nbytes,
418 (unsigned int) flags);
420 SYSCALL_ALIAS(sys_sync_file_range, SyS_sync_file_range);
421 #endif
423 /* It would be nice if people remember that not all the world's an i386
424 when they introduce new system calls */
425 SYSCALL_DEFINE(sync_file_range2)(int fd, unsigned int flags,
426 loff_t offset, loff_t nbytes)
428 return sys_sync_file_range(fd, offset, nbytes, flags);
430 #ifdef CONFIG_HAVE_SYSCALL_WRAPPERS
431 asmlinkage long SyS_sync_file_range2(long fd, long flags,
432 loff_t offset, loff_t nbytes)
434 return SYSC_sync_file_range2((int) fd, (unsigned int) flags,
435 offset, nbytes);
437 SYSCALL_ALIAS(sys_sync_file_range2, SyS_sync_file_range2);
438 #endif
441 * `endbyte' is inclusive
443 int do_sync_mapping_range(struct address_space *mapping, loff_t offset,
444 loff_t endbyte, unsigned int flags)
446 int ret;
448 if (!mapping) {
449 ret = -EINVAL;
450 goto out;
453 ret = 0;
454 if (flags & SYNC_FILE_RANGE_WAIT_BEFORE) {
455 ret = wait_on_page_writeback_range(mapping,
456 offset >> PAGE_CACHE_SHIFT,
457 endbyte >> PAGE_CACHE_SHIFT);
458 if (ret < 0)
459 goto out;
462 if (flags & SYNC_FILE_RANGE_WRITE) {
463 ret = __filemap_fdatawrite_range(mapping, offset, endbyte,
464 WB_SYNC_ALL);
465 if (ret < 0)
466 goto out;
469 if (flags & SYNC_FILE_RANGE_WAIT_AFTER) {
470 ret = wait_on_page_writeback_range(mapping,
471 offset >> PAGE_CACHE_SHIFT,
472 endbyte >> PAGE_CACHE_SHIFT);
474 out:
475 return ret;
477 EXPORT_SYMBOL_GPL(do_sync_mapping_range);