From: Al Viro Date: Tue, 31 Mar 2015 15:54:59 +0000 (-0400) Subject: aio_run_iocb(): kill dead check X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=47e393622bbdd48aa21837eb2c55ee1c359e080c;p=GitHub%2Fmoto-9609%2Fandroid_kernel_motorola_exynos9610.git aio_run_iocb(): kill dead check We check if ->ki_pos is positive. However, by that point we have already done rw_verify_area(), which would have rejected such unless the file had been one of /dev/mem, /dev/kmem and /proc/kcore. All of which do not have vectored rw methods, so we would've bailed out even earlier. This check had been introduced before rw_verify_area() had been added there - in fact, it was a subset of checks done on sync paths by rw_verify_area() (back then the /dev/mem exception didn't exist at all). The rest of checks (mandatory locking, etc.) hadn't been added until later. Unfortunately, by the time the call of rw_verify_area() got added, the /dev/mem exception had already appeared, so it wasn't obvious that the older explicit check downstream had become dead code. It *is* a dead code, though, since the few files for which the exception applies do not have ->aio_{read,write}() or ->{read,write}_iter() and for them we won't reach that check anyway. What's more, even if we ever introduce vectored methods for /dev/mem and friends, they'll have to cope with negative positions anyway, since readv(2) and writev(2) are using the same checks as read(2) and write(2) - i.e. rw_verify_area(). Let's bury it. Signed-off-by: Al Viro --- diff --git a/fs/aio.c b/fs/aio.c index 40fddf4217bd..f0b0a2f8a63f 100644 --- a/fs/aio.c +++ b/fs/aio.c @@ -1422,13 +1422,6 @@ rw_common: len = ret; - /* XXX: move/kill - rw_verify_area()? */ - /* This matches the pread()/pwrite() logic */ - if (req->ki_pos < 0) { - ret = -EINVAL; - break; - } - if (rw == WRITE) file_start_write(file);