Re: [RFC] unifying write variants for filesystems

[Al Viro <viro@ZenIV.linux.org.uk>]

	BTW, why do we still have generic_segment_checks()?
AFAICS, *all* paths leading to any ->aio_read/->aio_write
instances are either
	1) with KERNEL_DS (and base/len are verifiably sane in those
cases), or
	2) have iovec come from successful {compat,}rw_copy_check_uvector()
and through rw_verify_area(), or
	3) have single-element iovec with access_ok()/rw_verify_area()
checked directly, or
	4) have single-element iovec with base/len unchanged from
what had been passed to some ->read() or ->write() instance, in which
case the caller of that ->read() or ->write() has done access_ok/rw_verify_area

And yes, I can prove that for the current tree, modulo a couple of dumb
bugs with unchecked values coming via read_code().  Which is called
a couple of times per a.out execve() and should be using vfs_read() instead
of blindly calling ->read() - it's *not* a hot path and never had been one.
With that fixed, we have the following: and call of any instance of
->read()/->write()/->aio_read()/->aio_write() (be it direct or via method)
is guaranteed that
	* all segments it's asked to read/write will satisfy access_ok().
	* all segments it's asked to read/write will have non-negative
lengths.
	* total size of all segments will be at most MAX_RW_COUNT.
	* file offset won't go from negative to zero in the combined area;
unless the file has FMODE_UNSIGNED_OFFSET in ->f_mode, it won't go from
positive to negative either.

So what exactly does generic_segments_check() give us?  Is it just that
everybody went "well, maybe there's some weird path where we don't do
validation; let's leave it there"?  Linus?

_______________________________________________
xfs mailing list
xfs@oss.sgi.com
http://oss.sgi.com/mailman/listinfo/xfs