Fix: increment buffer offset when failing to copy from user-space

[lttng-modules.git] / lib / ringbuffer / backend.h

diff --git a/lib/ringbuffer/backend.h b/lib/ringbuffer/backend.h
index da937f29d6f8cc3c8954ca4be7361e9f7e003139..d811911020d10f0b9d32e9cfaa3ce18a4ad0ae70 100644 (file)
--- a/lib/ringbuffer/backend.h
+++ b/lib/ringbuffer/backend.h
@@ -156,7 +156,7 @@ size_t lib_ring_buffer_do_strcpy(const struct lib_ring_buffer_config *config,
                 * Only read source character once, in case it is
                 * modified concurrently.
                 */
-               c = READ_ONCE(src[count]);
+               c = LTTNG_READ_ONCE(src[count]);
                if (!c)
                        break;
                lib_ring_buffer_do_copy(config, &dest[count], &c, 1);
@@ -277,7 +277,6 @@ void lib_ring_buffer_copy_from_user_inatomic(const struct lib_ring_buffer_config
        size_t offset = ctx->buf_offset;
        struct lib_ring_buffer_backend_pages *backend_pages;
        unsigned long ret;
-       mm_segment_t old_fs = get_fs();
 
        if (unlikely(!len))
                return;
@@ -287,7 +286,6 @@ void lib_ring_buffer_copy_from_user_inatomic(const struct lib_ring_buffer_config
        index = (offset & (chanb->subbuf_size - 1)) >> PAGE_SHIFT;
        pagecpy = min_t(size_t, len, (-offset) & ~PAGE_MASK);
 
-       set_fs(KERNEL_DS);
        pagefault_disable();
        if (unlikely(!lttng_access_ok(VERIFY_READ, src, len)))
                goto fill_buffer;
@@ -304,19 +302,18 @@ void lib_ring_buffer_copy_from_user_inatomic(const struct lib_ring_buffer_config
                _lib_ring_buffer_copy_from_user_inatomic(bufb, offset, src, len, 0);
        }
        pagefault_enable();
-       set_fs(old_fs);
        ctx->buf_offset += len;
 
        return;
 
 fill_buffer:
        pagefault_enable();
-       set_fs(old_fs);
        /*
         * In the error path we call the slow path version to avoid
         * the pollution of static inline code.
         */
        _lib_ring_buffer_memset(bufb, offset, 0, len, 0);
+       ctx->priv.buf_offset += len;
 }
 
 /**
@@ -347,7 +344,6 @@ void lib_ring_buffer_strcpy_from_user_inatomic(const struct lib_ring_buffer_conf
        size_t index, pagecpy;
        size_t offset = ctx->buf_offset;
        struct lib_ring_buffer_backend_pages *backend_pages;
-       mm_segment_t old_fs = get_fs();
 
        if (unlikely(!len))
                return;
@@ -357,7 +353,6 @@ void lib_ring_buffer_strcpy_from_user_inatomic(const struct lib_ring_buffer_conf
        index = (offset & (chanb->subbuf_size - 1)) >> PAGE_SHIFT;
        pagecpy = min_t(size_t, len, (-offset) & ~PAGE_MASK);
 
-       set_fs(KERNEL_DS);
        pagefault_disable();
        if (unlikely(!lttng_access_ok(VERIFY_READ, src, len)))
                goto fill_buffer;
@@ -388,14 +383,12 @@ void lib_ring_buffer_strcpy_from_user_inatomic(const struct lib_ring_buffer_conf
                                        len, 0, pad);
        }
        pagefault_enable();
-       set_fs(old_fs);
        ctx->buf_offset += len;
 
        return;
 
 fill_buffer:
        pagefault_enable();
-       set_fs(old_fs);
        /*
         * In the error path we call the slow path version to avoid
         * the pollution of static inline code.
@@ -403,6 +396,7 @@ fill_buffer:
        _lib_ring_buffer_memset(bufb, offset, pad, len - 1, 0);
        offset += len - 1;
        _lib_ring_buffer_memset(bufb, offset, '\0', 1, 0);
+       ctx->priv.buf_offset += len;
 }
 
 /*
@@ -447,16 +441,12 @@ unsigned long lib_ring_buffer_copy_from_user_check_nofault(void *dest,
                                                unsigned long len)
 {
        unsigned long ret;
-       mm_segment_t old_fs;
 
        if (!lttng_access_ok(VERIFY_READ, src, len))
                return 1;
-       old_fs = get_fs();
-       set_fs(KERNEL_DS);
        pagefault_disable();
        ret = __copy_from_user_inatomic(dest, src, len);
        pagefault_enable();
-       set_fs(old_fs);
        return ret;
 }