https://github.com/torvalds/linux
Revision 86d32f9a7c54ad74f4514d7fef7c847883207291 authored by Vasily Averin on 14 April 2020, 20:33:16 UTC, committed by Linus Torvalds on 16 April 2020, 17:10:50 UTC
If seq_file .next function does not change position index, read after some lseek can generate unexpected output: $ dd if=/proc/keys bs=1 # full usual output 0f6bfdf5 I--Q--- 2 perm 3f010000 1000 1000 user 4af2f79ab8848d0a: 740 1fb91b32 I--Q--- 3 perm 1f3f0000 1000 65534 keyring _uid.1000: 2 27589480 I--Q--- 1 perm 0b0b0000 0 0 user invocation_id: 16 2f33ab67 I--Q--- 152 perm 3f030000 0 0 keyring _ses: 2 33f1d8fa I--Q--- 4 perm 3f030000 1000 1000 keyring _ses: 1 3d427fda I--Q--- 2 perm 3f010000 1000 1000 user 69ec44aec7678e5a: 740 3ead4096 I--Q--- 1 perm 1f3f0000 1000 65534 keyring _uid_ses.1000: 1 521+0 records in 521+0 records out 521 bytes copied, 0,00123769 s, 421 kB/s But a read after lseek in middle of last line results in the partial last line and then a repeat of the final line: $ dd if=/proc/keys bs=500 skip=1 dd: /proc/keys: cannot skip to specified offset g _uid_ses.1000: 1 3ead4096 I--Q--- 1 perm 1f3f0000 1000 65534 keyring _uid_ses.1000: 1 0+1 records in 0+1 records out 97 bytes copied, 0,000135035 s, 718 kB/s and a read after lseek beyond end of file results in the last line being shown: $ dd if=/proc/keys bs=1000 skip=1 # read after lseek beyond end of file dd: /proc/keys: cannot skip to specified offset 3ead4096 I--Q--- 1 perm 1f3f0000 1000 65534 keyring _uid_ses.1000: 1 0+1 records in 0+1 records out 76 bytes copied, 0,000119981 s, 633 kB/s See https://bugzilla.kernel.org/show_bug.cgi?id=206283 Fixes: 1f4aace60b0e ("fs/seq_file.c: simplify seq_file iteration code ...") Signed-off-by: Vasily Averin <vvs@virtuozzo.com> Signed-off-by: David Howells <dhowells@redhat.com> Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Cc: stable@vger.kernel.org Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
1 parent 0008633
Tip revision: 86d32f9a7c54ad74f4514d7fef7c847883207291 authored by Vasily Averin on 14 April 2020, 20:33:16 UTC
keys: Fix proc_keys_next to increase position index
keys: Fix proc_keys_next to increase position index
Tip revision: 86d32f9
logic_pio.c
// SPDX-License-Identifier: GPL-2.0+
/*
* Copyright (C) 2017 HiSilicon Limited, All Rights Reserved.
* Author: Gabriele Paoloni <gabriele.paoloni@huawei.com>
* Author: Zhichang Yuan <yuanzhichang@hisilicon.com>
* Author: John Garry <john.garry@huawei.com>
*/
#define pr_fmt(fmt) "LOGIC PIO: " fmt
#include <linux/of.h>
#include <linux/io.h>
#include <linux/logic_pio.h>
#include <linux/mm.h>
#include <linux/rculist.h>
#include <linux/sizes.h>
#include <linux/slab.h>
/* The unique hardware address list */
static LIST_HEAD(io_range_list);
static DEFINE_MUTEX(io_range_mutex);
/* Consider a kernel general helper for this */
#define in_range(b, first, len) ((b) >= (first) && (b) < (first) + (len))
/**
* logic_pio_register_range - register logical PIO range for a host
* @new_range: pointer to the IO range to be registered.
*
* Returns 0 on success, the error code in case of failure.
*
* Register a new IO range node in the IO range list.
*/
int logic_pio_register_range(struct logic_pio_hwaddr *new_range)
{
struct logic_pio_hwaddr *range;
resource_size_t start;
resource_size_t end;
resource_size_t mmio_end = 0;
resource_size_t iio_sz = MMIO_UPPER_LIMIT;
int ret = 0;
if (!new_range || !new_range->fwnode || !new_range->size ||
(new_range->flags == LOGIC_PIO_INDIRECT && !new_range->ops))
return -EINVAL;
start = new_range->hw_start;
end = new_range->hw_start + new_range->size;
mutex_lock(&io_range_mutex);
list_for_each_entry(range, &io_range_list, list) {
if (range->fwnode == new_range->fwnode) {
/* range already there */
goto end_register;
}
if (range->flags == LOGIC_PIO_CPU_MMIO &&
new_range->flags == LOGIC_PIO_CPU_MMIO) {
/* for MMIO ranges we need to check for overlap */
if (start >= range->hw_start + range->size ||
end < range->hw_start) {
mmio_end = range->io_start + range->size;
} else {
ret = -EFAULT;
goto end_register;
}
} else if (range->flags == LOGIC_PIO_INDIRECT &&
new_range->flags == LOGIC_PIO_INDIRECT) {
iio_sz += range->size;
}
}
/* range not registered yet, check for available space */
if (new_range->flags == LOGIC_PIO_CPU_MMIO) {
if (mmio_end + new_range->size - 1 > MMIO_UPPER_LIMIT) {
/* if it's too big check if 64K space can be reserved */
if (mmio_end + SZ_64K - 1 > MMIO_UPPER_LIMIT) {
ret = -E2BIG;
goto end_register;
}
new_range->size = SZ_64K;
pr_warn("Requested IO range too big, new size set to 64K\n");
}
new_range->io_start = mmio_end;
} else if (new_range->flags == LOGIC_PIO_INDIRECT) {
if (iio_sz + new_range->size - 1 > IO_SPACE_LIMIT) {
ret = -E2BIG;
goto end_register;
}
new_range->io_start = iio_sz;
} else {
/* invalid flag */
ret = -EINVAL;
goto end_register;
}
list_add_tail_rcu(&new_range->list, &io_range_list);
end_register:
mutex_unlock(&io_range_mutex);
return ret;
}
/**
* logic_pio_unregister_range - unregister a logical PIO range for a host
* @range: pointer to the IO range which has been already registered.
*
* Unregister a previously-registered IO range node.
*/
void logic_pio_unregister_range(struct logic_pio_hwaddr *range)
{
mutex_lock(&io_range_mutex);
list_del_rcu(&range->list);
mutex_unlock(&io_range_mutex);
synchronize_rcu();
}
/**
* find_io_range_by_fwnode - find logical PIO range for given FW node
* @fwnode: FW node handle associated with logical PIO range
*
* Returns pointer to node on success, NULL otherwise.
*
* Traverse the io_range_list to find the registered node for @fwnode.
*/
struct logic_pio_hwaddr *find_io_range_by_fwnode(struct fwnode_handle *fwnode)
{
struct logic_pio_hwaddr *range, *found_range = NULL;
rcu_read_lock();
list_for_each_entry_rcu(range, &io_range_list, list) {
if (range->fwnode == fwnode) {
found_range = range;
break;
}
}
rcu_read_unlock();
return found_range;
}
/* Return a registered range given an input PIO token */
static struct logic_pio_hwaddr *find_io_range(unsigned long pio)
{
struct logic_pio_hwaddr *range, *found_range = NULL;
rcu_read_lock();
list_for_each_entry_rcu(range, &io_range_list, list) {
if (in_range(pio, range->io_start, range->size)) {
found_range = range;
break;
}
}
rcu_read_unlock();
if (!found_range)
pr_err("PIO entry token 0x%lx invalid\n", pio);
return found_range;
}
/**
* logic_pio_to_hwaddr - translate logical PIO to HW address
* @pio: logical PIO value
*
* Returns HW address if valid, ~0 otherwise.
*
* Translate the input logical PIO to the corresponding hardware address.
* The input PIO should be unique in the whole logical PIO space.
*/
resource_size_t logic_pio_to_hwaddr(unsigned long pio)
{
struct logic_pio_hwaddr *range;
range = find_io_range(pio);
if (range)
return range->hw_start + pio - range->io_start;
return (resource_size_t)~0;
}
/**
* logic_pio_trans_hwaddr - translate HW address to logical PIO
* @fwnode: FW node reference for the host
* @addr: Host-relative HW address
* @size: size to translate
*
* Returns Logical PIO value if successful, ~0UL otherwise
*/
unsigned long logic_pio_trans_hwaddr(struct fwnode_handle *fwnode,
resource_size_t addr, resource_size_t size)
{
struct logic_pio_hwaddr *range;
range = find_io_range_by_fwnode(fwnode);
if (!range || range->flags == LOGIC_PIO_CPU_MMIO) {
pr_err("IO range not found or invalid\n");
return ~0UL;
}
if (range->size < size) {
pr_err("resource size %pa cannot fit in IO range size %pa\n",
&size, &range->size);
return ~0UL;
}
return addr - range->hw_start + range->io_start;
}
unsigned long logic_pio_trans_cpuaddr(resource_size_t addr)
{
struct logic_pio_hwaddr *range;
rcu_read_lock();
list_for_each_entry_rcu(range, &io_range_list, list) {
if (range->flags != LOGIC_PIO_CPU_MMIO)
continue;
if (in_range(addr, range->hw_start, range->size)) {
unsigned long cpuaddr;
cpuaddr = addr - range->hw_start + range->io_start;
rcu_read_unlock();
return cpuaddr;
}
}
rcu_read_unlock();
pr_err("addr %pa not registered in io_range_list\n", &addr);
return ~0UL;
}
#if defined(CONFIG_INDIRECT_PIO) && defined(PCI_IOBASE)
#define BUILD_LOGIC_IO(bw, type) \
type logic_in##bw(unsigned long addr) \
{ \
type ret = (type)~0; \
\
if (addr < MMIO_UPPER_LIMIT) { \
ret = read##bw(PCI_IOBASE + addr); \
} else if (addr >= MMIO_UPPER_LIMIT && addr < IO_SPACE_LIMIT) { \
struct logic_pio_hwaddr *entry = find_io_range(addr); \
\
if (entry) \
ret = entry->ops->in(entry->hostdata, \
addr, sizeof(type)); \
else \
WARN_ON_ONCE(1); \
} \
return ret; \
} \
\
void logic_out##bw(type value, unsigned long addr) \
{ \
if (addr < MMIO_UPPER_LIMIT) { \
write##bw(value, PCI_IOBASE + addr); \
} else if (addr >= MMIO_UPPER_LIMIT && addr < IO_SPACE_LIMIT) { \
struct logic_pio_hwaddr *entry = find_io_range(addr); \
\
if (entry) \
entry->ops->out(entry->hostdata, \
addr, value, sizeof(type)); \
else \
WARN_ON_ONCE(1); \
} \
} \
\
void logic_ins##bw(unsigned long addr, void *buffer, \
unsigned int count) \
{ \
if (addr < MMIO_UPPER_LIMIT) { \
reads##bw(PCI_IOBASE + addr, buffer, count); \
} else if (addr >= MMIO_UPPER_LIMIT && addr < IO_SPACE_LIMIT) { \
struct logic_pio_hwaddr *entry = find_io_range(addr); \
\
if (entry) \
entry->ops->ins(entry->hostdata, \
addr, buffer, sizeof(type), count); \
else \
WARN_ON_ONCE(1); \
} \
\
} \
\
void logic_outs##bw(unsigned long addr, const void *buffer, \
unsigned int count) \
{ \
if (addr < MMIO_UPPER_LIMIT) { \
writes##bw(PCI_IOBASE + addr, buffer, count); \
} else if (addr >= MMIO_UPPER_LIMIT && addr < IO_SPACE_LIMIT) { \
struct logic_pio_hwaddr *entry = find_io_range(addr); \
\
if (entry) \
entry->ops->outs(entry->hostdata, \
addr, buffer, sizeof(type), count); \
else \
WARN_ON_ONCE(1); \
} \
}
BUILD_LOGIC_IO(b, u8)
EXPORT_SYMBOL(logic_inb);
EXPORT_SYMBOL(logic_insb);
EXPORT_SYMBOL(logic_outb);
EXPORT_SYMBOL(logic_outsb);
BUILD_LOGIC_IO(w, u16)
EXPORT_SYMBOL(logic_inw);
EXPORT_SYMBOL(logic_insw);
EXPORT_SYMBOL(logic_outw);
EXPORT_SYMBOL(logic_outsw);
BUILD_LOGIC_IO(l, u32)
EXPORT_SYMBOL(logic_inl);
EXPORT_SYMBOL(logic_insl);
EXPORT_SYMBOL(logic_outl);
EXPORT_SYMBOL(logic_outsl);
#endif /* CONFIG_INDIRECT_PIO && PCI_IOBASE */
Computing file changes ...