@@ -379,6 +379,42 @@ v9fs_file_readn(struct file *filp, char *data, char __user *udata, u32 count,
}
/**
+ * Helper function to check if the write if going to be done outside the
+ * accessible address space.
+ *
+ */
+
+ssize_t p9_check_if_accessible(const char __user *data,
+ size_t count, loff_t *offset)
+{
+ struct iovec iov = { .iov_base = (void __user *)data,
+ .iov_len = count };
+ struct iov_iter i;
+ unsigned long nr_segs = 1;
+ size_t fcount, ocount = 0;
+ ssize_t err;
+ pgoff_t index;
+ unsigned long diff, bytes;
+
+ err = generic_segment_checks(&iov, &nr_segs, &ocount, VERIFY_READ);
+
+ if (err)
+ return err;
+
+ fcount = ocount;
+ iov_iter_init(&i, &iov, nr_segs, fcount, 0);
+ diff = (*offset & (PAGE_CACHE_SIZE - 1));
+ index = *offset >> PAGE_CACHE_SHIFT;
+ bytes = min_t(unsigned long, PAGE_CACHE_SIZE - diff,
+ iov_iter_count(&i));
+
+ if (iov_iter_fault_in_readable(&i, bytes))
+ return -EFAULT;
+
+ return 0;
+}
+
+/**
* v9fs_file_read - read from a file
* @filp: file pointer to read
* @udata: user data buffer to read data into
@@ -394,8 +430,15 @@ v9fs_file_read(struct file *filp, char __user *udata, size_t count,
int ret;
struct p9_fid *fid;
size_t size;
+ ssize_t err;
P9_DPRINTK(P9_DEBUG_VFS, "count %zu offset %lld\n", count, *offset);
+
+ err = p9_check_if_accessible(udata, count, offset);
+
+ if (err < 0)
+ return err;
+
fid = filp->private_data;
size = fid->iounit ? fid->iounit : fid->clnt->msize - P9_IOHDRSZ;
@@ -431,10 +474,16 @@ v9fs_file_write(struct file *filp, const char __user * data,
struct inode *inode = filp->f_path.dentry->d_inode;
loff_t origin = *offset;
unsigned long pg_start, pg_end;
+ ssize_t err;
P9_DPRINTK(P9_DEBUG_VFS, "data %p count %d offset %x\n", data,
(int)count, (int)*offset);
+ err = p9_check_if_accessible(data, count, offset);
+
+ if (err < 0)
+ return err;
+
fid = filp->private_data;
clnt = fid->clnt;