From patchwork Thu Jan 30 00:27:30 2014
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Gerhard Heift <gerhard@heift.name>
X-Patchwork-Id: 3555431
Return-Path: <linux-btrfs-owner@kernel.org>
X-Original-To: patchwork-linux-btrfs@patchwork.kernel.org
Delivered-To: patchwork-parsemail@patchwork2.web.kernel.org
Received: from mail.kernel.org (mail.kernel.org [198.145.19.201])
	by patchwork2.web.kernel.org (Postfix) with ESMTP id 8873BC02DC
	for <patchwork-linux-btrfs@patchwork.kernel.org>;
	Thu, 30 Jan 2014 00:28:16 +0000 (UTC)
Received: from mail.kernel.org (localhost [127.0.0.1])
	by mail.kernel.org (Postfix) with ESMTP id AB472201B9
	for <patchwork-linux-btrfs@patchwork.kernel.org>;
	Thu, 30 Jan 2014 00:28:15 +0000 (UTC)
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.kernel.org (Postfix) with ESMTP id B2DFD2018E
	for <patchwork-linux-btrfs@patchwork.kernel.org>;
	Thu, 30 Jan 2014 00:28:14 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1752379AbaA3A2K (ORCPT
	<rfc822;patchwork-linux-btrfs@patchwork.kernel.org>);
	Wed, 29 Jan 2014 19:28:10 -0500
Received: from mail-ee0-f50.google.com ([74.125.83.50]:41505 "EHLO
	mail-ee0-f50.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1752159AbaA3A1y (ORCPT
	<rfc822;linux-btrfs@vger.kernel.org>);
	Wed, 29 Jan 2014 19:27:54 -0500
Received: by mail-ee0-f50.google.com with SMTP id d17so1243943eek.37
	for <linux-btrfs@vger.kernel.org>;
	Wed, 29 Jan 2014 16:27:53 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20130820;
	h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to
	:references;
	bh=LdeFAyVQZn9j2F/2dfiaJ9BGoI26vP0x8qxdZ32Zf44=;
	b=ICtXS7qsLzzHsVQNfgmQDeybAAb1WFsASZoo+y4c47p3/NdhfcqliLQWh0zjWCPvMv
	MTxPP71mnQpjYYrnp4HUitlo/h3Ms5eik/blk8fCFmE5CSJzddkrcsk4OIxG94HeOJ6m
	LBvetFrf+FA5gYiIPOnlYHux3JsN8M91gj2vy4DgpnufQDRzWIKkT19wc+FIfMHT5376
	/W3dJXgfEB7msjRqj5HNABoPi1tjh7EIQ7ucbYtm/VtHLzQrVPXQZFSdjrvBmS0r2f41
	VrOEq8tZv4eGVxIAT72Ew7EfJmZ3ghTb/IKAyiwvVMuv50ZxUwn5+KC/C+KGwm07ryxY
	cImA==
X-Gm-Message-State: 
 ALoCoQkGK46v/Rwqlrf6TOajYYWdaVh+SYlCUBzIZ4i2T83S4moLQXcv5Hkrh+kIZbaJnGFTYyDh
X-Received: by 10.14.214.65 with SMTP id b41mr62317eep.105.1391041673520;
	Wed, 29 Jan 2014 16:27:53 -0800 (PST)
Received: from localhost (host-115-115.kawo1.rwth-aachen.de.
	[134.130.115.115]) by mx.google.com with ESMTPSA id
	l4sm15358321een.13.2014.01.29.16.27.52
	for <linux-btrfs@vger.kernel.org>
	(version=TLSv1.2 cipher=RC4-SHA bits=128/128);
	Wed, 29 Jan 2014 16:27:52 -0800 (PST)
From: Gerhard Heift <gerhard@heift.name>
To: linux-btrfs@vger.kernel.org
Subject: [PATCH RFCv3 5/6] btrfs: search_ioctl: direct copy to userspace
Date: Thu, 30 Jan 2014 01:27:30 +0100
Message-Id: <1391041651-15689-6-git-send-email-Gerhard@Heift.Name>
X-Mailer: git-send-email 1.8.5.3
In-Reply-To: <1391041651-15689-1-git-send-email-Gerhard@Heift.Name>
References: <1391041651-15689-1-git-send-email-Gerhard@Heift.Name>
Sender: linux-btrfs-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-btrfs.vger.kernel.org>
X-Mailing-List: linux-btrfs@vger.kernel.org
X-Spam-Status: No, score=-7.4 required=5.0 tests=BAYES_00, RCVD_IN_DNSWL_HI,
	RP_MATCHES_RCVD, UNPARSEABLE_RELAY autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

By copying each found item seperatly to userspace, we do not need extra
memory in the kernel. This allows to run a large search inside of a single call.

Signed-off-by: Gerhard Heift <Gerhard@Heift.Name>
---
 fs/btrfs/ioctl.c | 52 ++++++++++++++++++++++++++++++++++++----------------
 1 file changed, 36 insertions(+), 16 deletions(-)

diff --git a/fs/btrfs/ioctl.c b/fs/btrfs/ioctl.c
index 10b9931..6daf23b 100644
--- a/fs/btrfs/ioctl.c
+++ b/fs/btrfs/ioctl.c
@@ -1855,7 +1855,7 @@ static noinline int copy_to_sk(struct btrfs_root *root,
 			       struct btrfs_key *key,
 			       struct btrfs_ioctl_search_key *sk,
 			       size_t *buf_size,
-			       char *buf,
+			       char __user *buf,
 			       unsigned long *sk_offset,
 			       int *num_found)
 {
@@ -1890,7 +1890,7 @@ static noinline int copy_to_sk(struct btrfs_root *root,
 		if (sizeof(sh) + item_len > *buf_size) {
 			if (*num_found) {
 				ret = 1;
-				goto overflow;
+				goto err;
 			}
 
 			/*
@@ -1905,7 +1905,7 @@ static noinline int copy_to_sk(struct btrfs_root *root,
 
 		if (sizeof(sh) + item_len + *sk_offset > *buf_size) {
 			ret = 1;
-			goto overflow;
+			goto err;
 		}
 
 		sh.objectid = key->objectid;
@@ -1915,20 +1915,28 @@ static noinline int copy_to_sk(struct btrfs_root *root,
 		sh.transid = found_transid;
 
 		/* copy search result header */
-		memcpy(buf + *sk_offset, &sh, sizeof(sh));
+		if (copy_to_user(buf + *sk_offset, &sh, sizeof(sh))) {
+			ret = -EFAULT;
+			goto err;
+		}
+
 		*sk_offset += sizeof(sh);
 
 		if (item_len) {
-			char *p = buf + *sk_offset;
+			char __user *p = buf + *sk_offset;
 			/* copy the item */
-			read_extent_buffer(leaf, p,
-					   item_off, item_len);
+			if (read_extent_buffer_to_user(leaf, p,
+						       item_off, item_len)) {
+				ret = -EFAULT;
+				goto err;
+			}
+
 			*sk_offset += item_len;
 		}
 		(*num_found)++;
 
 		if (ret) /* -EOVERFLOW from above */
-			goto overflow;
+			goto err;
 
 		if (*num_found >= sk->nr_items)
 			break;
@@ -1946,14 +1954,24 @@ advance_key:
 		key->objectid++;
 	} else
 		ret = 1;
-overflow:
+err:
+	/*
+	 *  0: all items from this leaf copied, continue with next
+	 *  1: * more items can be copied, but unused buffer is too small
+	 *     * all items were found
+	 *     Either way, it will stops the loop which iterates to the next
+	 *     leaf
+	 *  -EOVERFLOW: item was to large for buffer
+	 *  -EFAULT: could not copy extent buffer back to userspace
+	 */
+
 	return ret;
 }
 
 static noinline int search_ioctl(struct inode *inode,
 				 struct btrfs_ioctl_search_key *sk,
 				 size_t *buf_size,
-				 char *buf)
+				 char __user *buf)
 {
 	struct btrfs_root *root;
 	struct btrfs_key key;
@@ -2004,6 +2022,7 @@ static noinline int search_ioctl(struct inode *inode,
 		ret = copy_to_sk(root, path, &key, sk, buf_size, buf,
 				 &sk_offset, &num_found);
 		btrfs_release_path(path);
+
 		if (ret || num_found >= sk->nr_items)
 			break;
 
@@ -2019,7 +2038,8 @@ err:
 static noinline int btrfs_ioctl_tree_search(struct file *file,
 					   void __user *argp)
 {
-	struct btrfs_ioctl_search_args *args;
+	struct btrfs_ioctl_search_args __user *args;
+	struct btrfs_ioctl_search_key sk;
 	struct inode *inode;
 	int ret;
 	size_t buf_size;
@@ -2027,14 +2047,15 @@ static noinline int btrfs_ioctl_tree_search(struct file *file,
 	if (!capable(CAP_SYS_ADMIN))
 		return -EPERM;
 
-	args = memdup_user(argp, sizeof(*args));
-	if (IS_ERR(args))
-		return PTR_ERR(args);
+	args = (struct btrfs_ioctl_search_args __user *)argp;
+
+	if (copy_from_user(&sk, &args->key, sizeof(sk)))
+		return -EFAULT;
 
 	buf_size = sizeof(args->buf);
 
 	inode = file_inode(file);
-	ret = search_ioctl(inode, &args->key, &buf_size, args->buf);
+	ret = search_ioctl(inode, &sk, &buf_size, args->buf);
 
 	/*
 	 * In the origin implementation an overflow is handled by returning a
@@ -2045,7 +2066,6 @@ static noinline int btrfs_ioctl_tree_search(struct file *file,
 
 	if (ret == 0 && copy_to_user(argp, args, sizeof(*args)))
 		ret = -EFAULT;
-	kfree(args);
 	return ret;
 }