Skip to content

Commit 1013d4a

Browse files
torvaldstorvalds
committed
Merge tag 'configfs-5.13-1' of git://git.infradead.org/users/hch/configfs
Pull configfs fix from Christoph Hellwig: - fix the read and write iterators (Bart Van Assche) * tag 'configfs-5.13-1' of git://git.infradead.org/users/hch/configfs: configfs: fix the read and write iterators
2 parents 7612872 + 420405e commit 1013d4a

File tree

1 file changed

+22
-7
lines changed

1 file changed

+22
-7
lines changed

fs/configfs/file.c

Lines changed: 22 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -91,7 +91,10 @@ static ssize_t configfs_read_iter(struct kiocb *iocb, struct iov_iter *to)
9191
}
9292
pr_debug("%s: count = %zd, pos = %lld, buf = %s\n",
9393
__func__, iov_iter_count(to), iocb->ki_pos, buffer->page);
94-
retval = copy_to_iter(buffer->page, buffer->count, to);
94+
if (iocb->ki_pos >= buffer->count)
95+
goto out;
96+
retval = copy_to_iter(buffer->page + iocb->ki_pos,
97+
buffer->count - iocb->ki_pos, to);
9598
iocb->ki_pos += retval;
9699
if (retval == 0)
97100
retval = -EFAULT;
@@ -162,7 +165,10 @@ static ssize_t configfs_bin_read_iter(struct kiocb *iocb, struct iov_iter *to)
162165
buffer->needs_read_fill = 0;
163166
}
164167

165-
retval = copy_to_iter(buffer->bin_buffer, buffer->bin_buffer_size, to);
168+
if (iocb->ki_pos >= buffer->bin_buffer_size)
169+
goto out;
170+
retval = copy_to_iter(buffer->bin_buffer + iocb->ki_pos,
171+
buffer->bin_buffer_size - iocb->ki_pos, to);
166172
iocb->ki_pos += retval;
167173
if (retval == 0)
168174
retval = -EFAULT;
@@ -171,21 +177,28 @@ static ssize_t configfs_bin_read_iter(struct kiocb *iocb, struct iov_iter *to)
171177
return retval;
172178
}
173179

174-
static int fill_write_buffer(struct configfs_buffer *buffer,
180+
/* Fill [buffer, buffer + pos) with data coming from @from. */
181+
static int fill_write_buffer(struct configfs_buffer *buffer, loff_t pos,
175182
struct iov_iter *from)
176183
{
184+
loff_t to_copy;
177185
int copied;
186+
u8 *to;
178187

179188
if (!buffer->page)
180189
buffer->page = (char *)__get_free_pages(GFP_KERNEL, 0);
181190
if (!buffer->page)
182191
return -ENOMEM;
183192

184-
copied = copy_from_iter(buffer->page, SIMPLE_ATTR_SIZE - 1, from);
193+
to_copy = SIMPLE_ATTR_SIZE - 1 - pos;
194+
if (to_copy <= 0)
195+
return 0;
196+
to = buffer->page + pos;
197+
copied = copy_from_iter(to, to_copy, from);
185198
buffer->needs_read_fill = 1;
186199
/* if buf is assumed to contain a string, terminate it by \0,
187200
* so e.g. sscanf() can scan the string easily */
188-
buffer->page[copied] = 0;
201+
to[copied] = 0;
189202
return copied ? : -EFAULT;
190203
}
191204

@@ -217,7 +230,7 @@ static ssize_t configfs_write_iter(struct kiocb *iocb, struct iov_iter *from)
217230
ssize_t len;
218231

219232
mutex_lock(&buffer->mutex);
220-
len = fill_write_buffer(buffer, from);
233+
len = fill_write_buffer(buffer, iocb->ki_pos, from);
221234
if (len > 0)
222235
len = flush_write_buffer(file, buffer, len);
223236
if (len > 0)
@@ -272,7 +285,9 @@ static ssize_t configfs_bin_write_iter(struct kiocb *iocb,
272285
buffer->bin_buffer_size = end_offset;
273286
}
274287

275-
len = copy_from_iter(buffer->bin_buffer, buffer->bin_buffer_size, from);
288+
len = copy_from_iter(buffer->bin_buffer + iocb->ki_pos,
289+
buffer->bin_buffer_size - iocb->ki_pos, from);
290+
iocb->ki_pos += len;
276291
out:
277292
mutex_unlock(&buffer->mutex);
278293
return len ? : -EFAULT;

0 commit comments

Comments
 (0)