select.c 35.3 KB
Newer Older
1
// SPDX-License-Identifier: GPL-2.0
Linus Torvalds's avatar
Linus Torvalds committed
2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17
/*
 * This file contains the procedures for the handling of select and poll
 *
 * Created for Linux based loosely upon Mathius Lattner's minix
 * patches by Peter MacDonald. Heavily edited by Linus.
 *
 *  4 February 1994
 *     COFF/ELF binary emulation. If the process has the STICKY_TIMEOUTS
 *     flag set in its personality we do *not* modify the given timeout
 *     parameter to reflect time remaining.
 *
 *  24 January 2000
 *     Changed sys_poll()/do_poll() to use PAGE_SIZE chunk-based allocation 
 *     of fds to overcome nfds < 16390 descriptors limit (Tigran Aivazian).
 */

18
#include <linux/kernel.h>
19 20
#include <linux/sched/signal.h>
#include <linux/sched/rt.h>
Linus Torvalds's avatar
Linus Torvalds committed
21
#include <linux/syscalls.h>
22
#include <linux/export.h>
Linus Torvalds's avatar
Linus Torvalds committed
23 24 25 26
#include <linux/slab.h>
#include <linux/poll.h>
#include <linux/personality.h> /* for STICKY_TIMEOUTS */
#include <linux/file.h>
Al Viro's avatar
Al Viro committed
27
#include <linux/fdtable.h>
Linus Torvalds's avatar
Linus Torvalds committed
28
#include <linux/fs.h>
29
#include <linux/rcupdate.h>
30
#include <linux/hrtimer.h>
31
#include <linux/freezer.h>
32
#include <net/busy_poll.h>
33
#include <linux/vmalloc.h>
Linus Torvalds's avatar
Linus Torvalds committed
34

35
#include <linux/uaccess.h>
Linus Torvalds's avatar
Linus Torvalds committed
36

37 38 39 40 41 42 43 44 45 46 47 48 49

/*
 * Estimate expected accuracy in ns from a timeval.
 *
 * After quite a bit of churning around, we've settled on
 * a simple thing of taking 0.1% of the timeout as the
 * slack, with a cap of 100 msec.
 * "nice" tasks get a 0.5% slack instead.
 *
 * Consider this comment an open invitation to come up with even
 * better solutions..
 */

50 51
#define MAX_SLACK	(100 * NSEC_PER_MSEC)

52
static long __estimate_accuracy(struct timespec64 *tv)
53
{
54
	long slack;
55 56
	int divfactor = 1000;

57 58 59
	if (tv->tv_sec < 0)
		return 0;

60
	if (task_nice(current) > 0)
61 62
		divfactor = divfactor / 5;

63 64 65
	if (tv->tv_sec > MAX_SLACK / (NSEC_PER_SEC/divfactor))
		return MAX_SLACK;

66 67 68
	slack = tv->tv_nsec / divfactor;
	slack += tv->tv_sec * (NSEC_PER_SEC/divfactor);

69 70
	if (slack > MAX_SLACK)
		return MAX_SLACK;
71

72 73 74
	return slack;
}

75
u64 select_estimate_accuracy(struct timespec64 *tv)
76
{
77
	u64 ret;
78
	struct timespec64 now;
79 80 81 82 83

	/*
	 * Realtime tasks get a slack of 0 for obvious reasons.
	 */

84
	if (rt_task(current))
85 86
		return 0;

87 88
	ktime_get_ts64(&now);
	now = timespec64_sub(*tv, now);
89 90 91 92 93 94 95 96
	ret = __estimate_accuracy(&now);
	if (ret < current->timer_slack_ns)
		return current->timer_slack_ns;
	return ret;
}



Linus Torvalds's avatar
Linus Torvalds committed
97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117
struct poll_table_page {
	struct poll_table_page * next;
	struct poll_table_entry * entry;
	struct poll_table_entry entries[0];
};

#define POLL_TABLE_FULL(table) \
	((unsigned long)((table)->entry+1) > PAGE_SIZE + (unsigned long)(table))

/*
 * Ok, Peter made a complicated, but straightforward multiple_wait() function.
 * I have rewritten this, taking some shortcuts: This code may not be easy to
 * follow, but it should be free of race-conditions, and it's practical. If you
 * understand what I'm doing here, then you understand how the linux
 * sleep/wakeup mechanism works.
 *
 * Two very simple procedures, poll_wait() and poll_freewait() make all the
 * work.  poll_wait() is an inline-function defined in <linux/poll.h>,
 * as all select/poll functions have to call it to add an entry to the
 * poll table.
 */
118 119
static void __pollwait(struct file *filp, wait_queue_head_t *wait_address,
		       poll_table *p);
Linus Torvalds's avatar
Linus Torvalds committed
120 121 122 123

void poll_initwait(struct poll_wqueues *pwq)
{
	init_poll_funcptr(&pwq->pt, __pollwait);
124
	pwq->polling_task = current;
125
	pwq->triggered = 0;
Linus Torvalds's avatar
Linus Torvalds committed
126 127
	pwq->error = 0;
	pwq->table = NULL;
128
	pwq->inline_index = 0;
Linus Torvalds's avatar
Linus Torvalds committed
129 130 131
}
EXPORT_SYMBOL(poll_initwait);

132 133
static void free_poll_entry(struct poll_table_entry *entry)
{
WANG Cong's avatar
WANG Cong committed
134
	remove_wait_queue(entry->wait_address, &entry->wait);
135 136 137
	fput(entry->filp);
}

Linus Torvalds's avatar
Linus Torvalds committed
138 139 140
void poll_freewait(struct poll_wqueues *pwq)
{
	struct poll_table_page * p = pwq->table;
141 142 143
	int i;
	for (i = 0; i < pwq->inline_index; i++)
		free_poll_entry(pwq->inline_entries + i);
Linus Torvalds's avatar
Linus Torvalds committed
144 145 146 147 148 149 150
	while (p) {
		struct poll_table_entry * entry;
		struct poll_table_page *old;

		entry = p->entry;
		do {
			entry--;
151
			free_poll_entry(entry);
Linus Torvalds's avatar
Linus Torvalds committed
152 153 154 155 156 157 158 159
		} while (entry > p->entries);
		old = p;
		p = p->next;
		free_page((unsigned long) old);
	}
}
EXPORT_SYMBOL(poll_freewait);

160
static struct poll_table_entry *poll_get_entry(struct poll_wqueues *p)
Linus Torvalds's avatar
Linus Torvalds committed
161 162 163
{
	struct poll_table_page *table = p->table;

164 165 166
	if (p->inline_index < N_INLINE_POLL_ENTRIES)
		return p->inline_entries + p->inline_index++;

Linus Torvalds's avatar
Linus Torvalds committed
167 168 169 170 171 172
	if (!table || POLL_TABLE_FULL(table)) {
		struct poll_table_page *new_table;

		new_table = (struct poll_table_page *) __get_free_page(GFP_KERNEL);
		if (!new_table) {
			p->error = -ENOMEM;
173
			return NULL;
Linus Torvalds's avatar
Linus Torvalds committed
174 175 176 177 178 179 180
		}
		new_table->entry = new_table->entries;
		new_table->next = table;
		p->table = new_table;
		table = new_table;
	}

181 182 183
	return table->entry++;
}

184
static int __pollwake(wait_queue_entry_t *wait, unsigned mode, int sync, void *key)
185 186 187 188 189 190 191 192 193
{
	struct poll_wqueues *pwq = wait->private;
	DECLARE_WAITQUEUE(dummy_wait, pwq->polling_task);

	/*
	 * Although this function is called under waitqueue lock, LOCK
	 * doesn't imply write barrier and the users expect write
	 * barrier semantics on wakeup functions.  The following
	 * smp_wmb() is equivalent to smp_wmb() in try_to_wake_up()
194
	 * and is paired with smp_store_mb() in poll_schedule_timeout.
195 196 197 198 199 200 201 202 203 204 205 206 207 208 209
	 */
	smp_wmb();
	pwq->triggered = 1;

	/*
	 * Perform the default wake up operation using a dummy
	 * waitqueue.
	 *
	 * TODO: This is hacky but there currently is no interface to
	 * pass in @sync.  @sync is scheduled to be removed and once
	 * that happens, wake_up_process() can be used directly.
	 */
	return default_wake_function(&dummy_wait, mode, sync, key);
}

210
static int pollwake(wait_queue_entry_t *wait, unsigned mode, int sync, void *key)
211 212 213 214
{
	struct poll_table_entry *entry;

	entry = container_of(wait, struct poll_table_entry, wait);
215
	if (key && !(key_to_poll(key) & entry->key))
216 217 218 219
		return 0;
	return __pollwake(wait, mode, sync, key);
}

220 221 222 223
/* Add a new entry */
static void __pollwait(struct file *filp, wait_queue_head_t *wait_address,
				poll_table *p)
{
224 225
	struct poll_wqueues *pwq = container_of(p, struct poll_wqueues, pt);
	struct poll_table_entry *entry = poll_get_entry(pwq);
226 227
	if (!entry)
		return;
228
	entry->filp = get_file(filp);
229
	entry->wait_address = wait_address;
230
	entry->key = p->_key;
231 232
	init_waitqueue_func_entry(&entry->wait, pollwake);
	entry->wait.private = pwq;
WANG Cong's avatar
WANG Cong committed
233
	add_wait_queue(wait_address, &entry->wait);
Linus Torvalds's avatar
Linus Torvalds committed
234 235
}

236
static int poll_schedule_timeout(struct poll_wqueues *pwq, int state,
237 238 239 240 241 242
			  ktime_t *expires, unsigned long slack)
{
	int rc = -EINTR;

	set_current_state(state);
	if (!pwq->triggered)
243
		rc = schedule_hrtimeout_range(expires, slack, HRTIMER_MODE_ABS);
244 245 246 247 248
	__set_current_state(TASK_RUNNING);

	/*
	 * Prepare for the next iteration.
	 *
249
	 * The following smp_store_mb() serves two purposes.  First, it's
250 251 252 253 254 255 256
	 * the counterpart rmb of the wmb in pollwake() such that data
	 * written before wake up is always visible after wake up.
	 * Second, the full barrier guarantees that triggered clearing
	 * doesn't pass event check of the next iteration.  Note that
	 * this problem doesn't exist for the first iteration as
	 * add_wait_queue() has full barrier semantics.
	 */
257
	smp_store_mb(pwq->triggered, 0);
258 259 260 261

	return rc;
}

262 263
/**
 * poll_select_set_timeout - helper function to setup the timeout value
264
 * @to:		pointer to timespec64 variable for the final timeout
265 266 267 268 269 270 271 272
 * @sec:	seconds (from user space)
 * @nsec:	nanoseconds (from user space)
 *
 * Note, we do not use a timespec for the user space value here, That
 * way we can use the function for timeval and compat interfaces as well.
 *
 * Returns -EINVAL if sec/nsec are not normalized. Otherwise 0.
 */
273
int poll_select_set_timeout(struct timespec64 *to, time64_t sec, long nsec)
274
{
275
	struct timespec64 ts = {.tv_sec = sec, .tv_nsec = nsec};
276

277
	if (!timespec64_valid(&ts))
278 279 280 281 282 283
		return -EINVAL;

	/* Optimize for the zero timeout value here */
	if (!sec && !nsec) {
		to->tv_sec = to->tv_nsec = 0;
	} else {
284 285
		ktime_get_ts64(to);
		*to = timespec64_add_safe(*to, ts);
286 287 288 289
	}
	return 0;
}

290 291 292 293 294 295 296
enum poll_time_type {
	PT_TIMEVAL = 0,
	PT_OLD_TIMEVAL = 1,
	PT_TIMESPEC = 2,
	PT_OLD_TIMESPEC = 3,
};

297 298
static int poll_select_copy_remaining(struct timespec64 *end_time,
				      void __user *p,
299
				      enum poll_time_type pt_type, int ret)
300
{
301
	struct timespec64 rts;
302 303 304 305 306 307 308 309 310 311 312

	if (!p)
		return ret;

	if (current->personality & STICKY_TIMEOUTS)
		goto sticky;

	/* No update for zero timeout */
	if (!end_time->tv_sec && !end_time->tv_nsec)
		return ret;

313 314 315 316
	ktime_get_ts64(&rts);
	rts = timespec64_sub(*end_time, rts);
	if (rts.tv_sec < 0)
		rts.tv_sec = rts.tv_nsec = 0;
317

318

319 320 321 322
	switch (pt_type) {
	case PT_TIMEVAL:
		{
			struct timeval rtv;
323

324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343
			if (sizeof(rtv) > sizeof(rtv.tv_sec) + sizeof(rtv.tv_usec))
				memset(&rtv, 0, sizeof(rtv));
			rtv.tv_sec = rts.tv_sec;
			rtv.tv_usec = rts.tv_nsec / NSEC_PER_USEC;
			if (!copy_to_user(p, &rtv, sizeof(rtv)))
				return ret;
		}
		break;
	case PT_OLD_TIMEVAL:
		{
			struct old_timeval32 rtv;

			rtv.tv_sec = rts.tv_sec;
			rtv.tv_usec = rts.tv_nsec / NSEC_PER_USEC;
			if (!copy_to_user(p, &rtv, sizeof(rtv)))
				return ret;
		}
		break;
	case PT_TIMESPEC:
		if (!put_timespec64(&rts, p))
344
			return ret;
345 346 347 348 349 350 351 352
		break;
	case PT_OLD_TIMESPEC:
		if (!put_old_timespec32(&rts, p))
			return ret;
		break;
	default:
		BUG();
	}
353 354 355 356 357 358 359 360 361 362 363 364 365 366
	/*
	 * If an application puts its timeval in read-only memory, we
	 * don't want the Linux-specific update to the timeval to
	 * cause a fault after the select has completed
	 * successfully. However, because we're not updating the
	 * timeval, we can't restart the system call.
	 */

sticky:
	if (ret == -ERESTARTNOHAND)
		ret = -EINTR;
	return ret;
}

367 368 369 370 371 372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410
/*
 * Scalable version of the fd_set.
 */

typedef struct {
	unsigned long *in, *out, *ex;
	unsigned long *res_in, *res_out, *res_ex;
} fd_set_bits;

/*
 * How many longwords for "nr" bits?
 */
#define FDS_BITPERLONG	(8*sizeof(long))
#define FDS_LONGS(nr)	(((nr)+FDS_BITPERLONG-1)/FDS_BITPERLONG)
#define FDS_BYTES(nr)	(FDS_LONGS(nr)*sizeof(long))

/*
 * Use "unsigned long" accesses to let user-mode fd_set's be long-aligned.
 */
static inline
int get_fd_set(unsigned long nr, void __user *ufdset, unsigned long *fdset)
{
	nr = FDS_BYTES(nr);
	if (ufdset)
		return copy_from_user(fdset, ufdset, nr) ? -EFAULT : 0;

	memset(fdset, 0, nr);
	return 0;
}

static inline unsigned long __must_check
set_fd_set(unsigned long nr, void __user *ufdset, unsigned long *fdset)
{
	if (ufdset)
		return __copy_to_user(ufdset, fdset, FDS_BYTES(nr));
	return 0;
}

static inline
void zero_fd_set(unsigned long nr, unsigned long *fdset)
{
	memset(fdset, 0, FDS_BYTES(nr));
}

Linus Torvalds's avatar
Linus Torvalds committed
411 412 413 414 415 416 417 418 419 420 421
#define FDS_IN(fds, n)		(fds->in + n)
#define FDS_OUT(fds, n)		(fds->out + n)
#define FDS_EX(fds, n)		(fds->ex + n)

#define BITS(fds, n)	(*FDS_IN(fds, n)|*FDS_OUT(fds, n)|*FDS_EX(fds, n))

static int max_select_fd(unsigned long n, fd_set_bits *fds)
{
	unsigned long *open_fds;
	unsigned long set;
	int max;
422
	struct fdtable *fdt;
Linus Torvalds's avatar
Linus Torvalds committed
423 424

	/* handle last in-complete long-word first */
425 426
	set = ~(~0UL << (n & (BITS_PER_LONG-1)));
	n /= BITS_PER_LONG;
427
	fdt = files_fdtable(current->files);
428
	open_fds = fdt->open_fds + n;
Linus Torvalds's avatar
Linus Torvalds committed
429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452
	max = 0;
	if (set) {
		set &= BITS(fds, n);
		if (set) {
			if (!(set & ~*open_fds))
				goto get_max;
			return -EBADF;
		}
	}
	while (n) {
		open_fds--;
		n--;
		set = BITS(fds, n);
		if (!set)
			continue;
		if (set & ~*open_fds)
			return -EBADF;
		if (max)
			continue;
get_max:
		do {
			max++;
			set >>= 1;
		} while (set);
453
		max += n * BITS_PER_LONG;
Linus Torvalds's avatar
Linus Torvalds committed
454 455 456 457 458
	}

	return max;
}

459 460 461
#define POLLIN_SET (EPOLLRDNORM | EPOLLRDBAND | EPOLLIN | EPOLLHUP | EPOLLERR)
#define POLLOUT_SET (EPOLLWRBAND | EPOLLWRNORM | EPOLLOUT | EPOLLERR)
#define POLLEX_SET (EPOLLPRI)
Linus Torvalds's avatar
Linus Torvalds committed
462

463
static inline void wait_key_set(poll_table *wait, unsigned long in,
464
				unsigned long out, unsigned long bit,
465
				__poll_t ll_flag)
466
{
467
	wait->_key = POLLEX_SET | ll_flag;
468 469 470 471
	if (in & bit)
		wait->_key |= POLLIN_SET;
	if (out & bit)
		wait->_key |= POLLOUT_SET;
472 473
}

474
static int do_select(int n, fd_set_bits *fds, struct timespec64 *end_time)
Linus Torvalds's avatar
Linus Torvalds committed
475
{
476
	ktime_t expire, *to = NULL;
Linus Torvalds's avatar
Linus Torvalds committed
477 478
	struct poll_wqueues table;
	poll_table *wait;
479
	int retval, i, timed_out = 0;
480
	u64 slack = 0;
481
	__poll_t busy_flag = net_busy_loop_on() ? POLL_BUSY_LOOP : 0;
482
	unsigned long busy_start = 0;
Linus Torvalds's avatar
Linus Torvalds committed
483

484
	rcu_read_lock();
Linus Torvalds's avatar
Linus Torvalds committed
485
	retval = max_select_fd(n, fds);
486
	rcu_read_unlock();
Linus Torvalds's avatar
Linus Torvalds committed
487 488 489 490 491 492 493

	if (retval < 0)
		return retval;
	n = retval;

	poll_initwait(&table);
	wait = &table.pt;
494
	if (end_time && !end_time->tv_sec && !end_time->tv_nsec) {
495
		wait->_qproc = NULL;
496 497 498
		timed_out = 1;
	}

499
	if (end_time && !timed_out)
500
		slack = select_estimate_accuracy(end_time);
501

Linus Torvalds's avatar
Linus Torvalds committed
502 503 504
	retval = 0;
	for (;;) {
		unsigned long *rinp, *routp, *rexp, *inp, *outp, *exp;
505
		bool can_busy_loop = false;
Linus Torvalds's avatar
Linus Torvalds committed
506 507 508 509 510

		inp = fds->in; outp = fds->out; exp = fds->ex;
		rinp = fds->res_in; routp = fds->res_out; rexp = fds->res_ex;

		for (i = 0; i < n; ++rinp, ++routp, ++rexp) {
511
			unsigned long in, out, ex, all_bits, bit = 1, j;
Linus Torvalds's avatar
Linus Torvalds committed
512
			unsigned long res_in = 0, res_out = 0, res_ex = 0;
513
			__poll_t mask;
Linus Torvalds's avatar
Linus Torvalds committed
514 515 516 517

			in = *inp++; out = *outp++; ex = *exp++;
			all_bits = in | out | ex;
			if (all_bits == 0) {
518
				i += BITS_PER_LONG;
Linus Torvalds's avatar
Linus Torvalds committed
519 520 521
				continue;
			}

522
			for (j = 0; j < BITS_PER_LONG; ++j, ++i, bit <<= 1) {
523
				struct fd f;
Linus Torvalds's avatar
Linus Torvalds committed
524 525 526 527
				if (i >= n)
					break;
				if (!(bit & all_bits))
					continue;
528 529
				f = fdget(i);
				if (f.file) {
530 531 532 533
					wait_key_set(wait, in, out, bit,
						     busy_flag);
					mask = vfs_poll(f.file, wait);

534
					fdput(f);
Linus Torvalds's avatar
Linus Torvalds committed
535 536 537
					if ((mask & POLLIN_SET) && (in & bit)) {
						res_in |= bit;
						retval++;
538
						wait->_qproc = NULL;
Linus Torvalds's avatar
Linus Torvalds committed
539 540 541 542
					}
					if ((mask & POLLOUT_SET) && (out & bit)) {
						res_out |= bit;
						retval++;
543
						wait->_qproc = NULL;
Linus Torvalds's avatar
Linus Torvalds committed
544 545 546 547
					}
					if ((mask & POLLEX_SET) && (ex & bit)) {
						res_ex |= bit;
						retval++;
548
						wait->_qproc = NULL;
Linus Torvalds's avatar
Linus Torvalds committed
549
					}
550
					/* got something, stop busy polling */
551 552 553 554 555 556 557 558 559 560 561
					if (retval) {
						can_busy_loop = false;
						busy_flag = 0;

					/*
					 * only remember a returned
					 * POLL_BUSY_LOOP if we asked for it
					 */
					} else if (busy_flag & mask)
						can_busy_loop = true;

Linus Torvalds's avatar
Linus Torvalds committed
562 563 564 565 566 567 568 569
				}
			}
			if (res_in)
				*rinp = res_in;
			if (res_out)
				*routp = res_out;
			if (res_ex)
				*rexp = res_ex;
570
			cond_resched();
Linus Torvalds's avatar
Linus Torvalds committed
571
		}
572
		wait->_qproc = NULL;
573
		if (retval || timed_out || signal_pending(current))
Linus Torvalds's avatar
Linus Torvalds committed
574
			break;
Pavel Machek's avatar
Pavel Machek committed
575
		if (table.error) {
Linus Torvalds's avatar
Linus Torvalds committed
576 577 578
			retval = table.error;
			break;
		}
579

580
		/* only if found POLL_BUSY_LOOP sockets && not out of time */
581
		if (can_busy_loop && !need_resched()) {
582 583
			if (!busy_start) {
				busy_start = busy_loop_current_time();
584 585
				continue;
			}
586
			if (!busy_loop_timeout(busy_start))
587 588 589
				continue;
		}
		busy_flag = 0;
590

591 592 593 594 595 596
		/*
		 * If this is the first loop and we have a timeout
		 * given, then we convert to ktime_t and set the to
		 * pointer to the expiry value.
		 */
		if (end_time && !to) {
597
			expire = timespec64_to_ktime(*end_time);
598
			to = &expire;
599
		}
600

601 602
		if (!poll_schedule_timeout(&table, TASK_INTERRUPTIBLE,
					   to, slack))
603
			timed_out = 1;
Linus Torvalds's avatar
Linus Torvalds committed
604 605 606 607 608 609 610 611 612 613 614 615 616 617 618
	}

	poll_freewait(&table);

	return retval;
}

/*
 * We can actually return ERESTARTSYS instead of EINTR, but I'd
 * like to be certain this leads to no problems. So I return
 * EINTR just for safety.
 *
 * Update: ERESTARTSYS breaks at least the xview clock binary, so
 * I'm trying ERESTARTNOHAND which restart only when you want to.
 */
619
int core_sys_select(int n, fd_set __user *inp, fd_set __user *outp,
620
			   fd_set __user *exp, struct timespec64 *end_time)
Linus Torvalds's avatar
Linus Torvalds committed
621 622
{
	fd_set_bits fds;
623
	void *bits;
624
	int ret, max_fds;
625
	size_t size, alloc_size;
626
	struct fdtable *fdt;
627
	/* Allocate small arguments on the stack to save memory and be faster */
628
	long stack_fds[SELECT_STACK_ALLOC/sizeof(long)];
Linus Torvalds's avatar
Linus Torvalds committed
629 630 631 632 633

	ret = -EINVAL;
	if (n < 0)
		goto out_nofds;

634
	/* max_fds can increase, so grab it once to avoid race */
635
	rcu_read_lock();
636
	fdt = files_fdtable(current->files);
637
	max_fds = fdt->max_fds;
638
	rcu_read_unlock();
639 640
	if (n > max_fds)
		n = max_fds;
Linus Torvalds's avatar
Linus Torvalds committed
641 642 643 644 645 646 647

	/*
	 * We need 6 bitmaps (in/out/ex for both incoming and outgoing),
	 * since we used fdset we need to allocate memory in units of
	 * long-words. 
	 */
	size = FDS_BYTES(n);
648 649 650 651
	bits = stack_fds;
	if (size > sizeof(stack_fds) / 6) {
		/* Not enough space in on-stack array; must use kmalloc */
		ret = -ENOMEM;
652 653 654 655
		if (size > (SIZE_MAX / 6))
			goto out_nofds;

		alloc_size = 6 * size;
656
		bits = kvmalloc(alloc_size, GFP_KERNEL);
657 658 659
		if (!bits)
			goto out_nofds;
	}
660 661 662 663 664 665
	fds.in      = bits;
	fds.out     = bits +   size;
	fds.ex      = bits + 2*size;
	fds.res_in  = bits + 3*size;
	fds.res_out = bits + 4*size;
	fds.res_ex  = bits + 5*size;
Linus Torvalds's avatar
Linus Torvalds committed
666 667 668 669 670 671 672 673 674

	if ((ret = get_fd_set(n, inp, fds.in)) ||
	    (ret = get_fd_set(n, outp, fds.out)) ||
	    (ret = get_fd_set(n, exp, fds.ex)))
		goto out;
	zero_fd_set(n, fds.res_in);
	zero_fd_set(n, fds.res_out);
	zero_fd_set(n, fds.res_ex);

675
	ret = do_select(n, &fds, end_time);
Linus Torvalds's avatar
Linus Torvalds committed
676 677 678 679 680 681 682 683 684 685 686 687 688 689 690 691

	if (ret < 0)
		goto out;
	if (!ret) {
		ret = -ERESTARTNOHAND;
		if (signal_pending(current))
			goto out;
		ret = 0;
	}

	if (set_fd_set(n, inp, fds.res_in) ||
	    set_fd_set(n, outp, fds.res_out) ||
	    set_fd_set(n, exp, fds.res_ex))
		ret = -EFAULT;

out:
692
	if (bits != stack_fds)
693
		kvfree(bits);
Linus Torvalds's avatar
Linus Torvalds committed
694 695 696 697
out_nofds:
	return ret;
}

698 699
static int kern_select(int n, fd_set __user *inp, fd_set __user *outp,
		       fd_set __user *exp, struct timeval __user *tvp)
700
{
701
	struct timespec64 end_time, *to = NULL;
702 703 704 705 706 707 708
	struct timeval tv;
	int ret;

	if (tvp) {
		if (copy_from_user(&tv, tvp, sizeof(tv)))
			return -EFAULT;

709
		to = &end_time;
710 711 712
		if (poll_select_set_timeout(to,
				tv.tv_sec + (tv.tv_usec / USEC_PER_SEC),
				(tv.tv_usec % USEC_PER_SEC) * NSEC_PER_USEC))
713 714 715
			return -EINVAL;
	}

716
	ret = core_sys_select(n, inp, outp, exp, to);
717
	ret = poll_select_copy_remaining(&end_time, tvp, PT_TIMEVAL, ret);
718 719 720 721

	return ret;
}

722 723 724 725 726 727
SYSCALL_DEFINE5(select, int, n, fd_set __user *, inp, fd_set __user *, outp,
		fd_set __user *, exp, struct timeval __user *, tvp)
{
	return kern_select(n, inp, outp, exp, tvp);
}

728
static long do_pselect(int n, fd_set __user *inp, fd_set __user *outp,
729 730 731
		       fd_set __user *exp, void __user *tsp,
		       const sigset_t __user *sigmask, size_t sigsetsize,
		       enum poll_time_type type)
732 733
{
	sigset_t ksigmask, sigsaved;
734
	struct timespec64 ts, end_time, *to = NULL;
735 736 737
	int ret;

	if (tsp) {
738 739 740 741 742 743 744 745 746 747 748 749
		switch (type) {
		case PT_TIMESPEC:
			if (get_timespec64(&ts, tsp))
				return -EFAULT;
			break;
		case PT_OLD_TIMESPEC:
			if (get_old_timespec32(&ts, tsp))
				return -EFAULT;
			break;
		default:
			BUG();
		}
750

751
		to = &end_time;
752
		if (poll_select_set_timeout(to, ts.tv_sec, ts.tv_nsec))
753 754 755
			return -EINVAL;
	}

756 757 758
	ret = set_user_sigmask(sigmask, &ksigmask, &sigsaved, sigsetsize);
	if (ret)
		return ret;
759

760
	ret = core_sys_select(n, inp, outp, exp, to);
761
	ret = poll_select_copy_remaining(&end_time, tsp, type, ret);
762

763
	restore_user_sigmask(sigmask, &sigsaved);
764 765 766 767 768 769 770 771 772 773

	return ret;
}

/*
 * Most architectures can't handle 7-argument syscalls. So we provide a
 * 6-argument version where the sixth argument is a pointer to a structure
 * which has a pointer to the sigset_t itself followed by a size_t containing
 * the sigset size.
 */
774
SYSCALL_DEFINE6(pselect6, int, n, fd_set __user *, inp, fd_set __user *, outp,
775 776 777 778 779 780 781
		fd_set __user *, exp, struct __kernel_timespec __user *, tsp,
		void __user *, sig)
{
	size_t sigsetsize = 0;
	sigset_t __user *up = NULL;

	if (sig) {
782
		if (!access_ok(sig, sizeof(void *)+sizeof(size_t))
783 784 785 786 787 788 789 790 791 792 793 794 795
		    || __get_user(up, (sigset_t __user * __user *)sig)
		    || __get_user(sigsetsize,
				(size_t __user *)(sig+sizeof(void *))))
			return -EFAULT;
	}

	return do_pselect(n, inp, outp, exp, tsp, up, sigsetsize, PT_TIMESPEC);
}

#if defined(CONFIG_COMPAT_32BIT_TIME) && !defined(CONFIG_64BIT)

SYSCALL_DEFINE6(pselect6_time32, int, n, fd_set __user *, inp, fd_set __user *, outp,
		fd_set __user *, exp, struct old_timespec32 __user *, tsp,
796
		void __user *, sig)
797 798 799 800 801
{
	size_t sigsetsize = 0;
	sigset_t __user *up = NULL;

	if (sig) {
802
		if (!access_ok(sig, sizeof(void *)+sizeof(size_t))
803
		    || __get_user(up, (sigset_t __user * __user *)sig)
804
		    || __get_user(sigsetsize,
805
				(size_t __user *)(sig+sizeof(void *))))
806 807 808
			return -EFAULT;
	}

809
	return do_pselect(n, inp, outp, exp, tsp, up, sigsetsize, PT_OLD_TIMESPEC);
810 811
}

812 813
#endif

814 815 816 817 818 819 820 821 822 823 824 825 826
#ifdef __ARCH_WANT_SYS_OLD_SELECT
struct sel_arg_struct {
	unsigned long n;
	fd_set __user *inp, *outp, *exp;
	struct timeval __user *tvp;
};

SYSCALL_DEFINE1(old_select, struct sel_arg_struct __user *, arg)
{
	struct sel_arg_struct a;

	if (copy_from_user(&a, arg, sizeof(a)))
		return -EFAULT;
827
	return kern_select(a.n, a.inp, a.outp, a.exp, a.tvp);
828 829 830
}
#endif

Linus Torvalds's avatar
Linus Torvalds committed
831 832 833 834 835 836 837 838
struct poll_list {
	struct poll_list *next;
	int len;
	struct pollfd entries[0];
};

#define POLLFD_PER_PAGE  ((PAGE_SIZE-sizeof(struct poll_list)) / sizeof(struct pollfd))

839 840 841 842 843
/*
 * Fish for pollable events on the pollfd->fd file descriptor. We're only
 * interested in events matching the pollfd->events mask, and the result
 * matching that mask is both recorded in pollfd->revents and returned. The
 * pwait poll_table will be used by the fd-provided poll handler for waiting,
844
 * if pwait->_qproc is non-NULL.
845
 */
Al Viro's avatar
Al Viro committed
846
static inline __poll_t do_pollfd(struct pollfd *pollfd, poll_table *pwait,
847
				     bool *can_busy_poll,
Al Viro's avatar
Al Viro committed
848
				     __poll_t busy_flag)
Linus Torvalds's avatar
Linus Torvalds committed
849
{
850 851 852 853 854 855 856 857 858 859 860 861 862
	int fd = pollfd->fd;
	__poll_t mask = 0, filter;
	struct fd f;

	if (fd < 0)
		goto out;
	mask = EPOLLNVAL;
	f = fdget(fd);
	if (!f.file)
		goto out;

	/* userland u16 ->events contains POLL... bitmap */
	filter = demangle_poll(pollfd->events) | EPOLLERR | EPOLLHUP;
863 864 865 866
	pwait->_key = filter | busy_flag;
	mask = vfs_poll(f.file, pwait);
	if (mask & busy_flag)
		*can_busy_poll = true;
867 868 869 870
	mask &= filter;		/* Mask out unneeded events. */
	fdput(f);

out:
Al Viro's avatar
Al Viro committed
871
	/* ... and so does ->revents */
872
	pollfd->revents = mangle_poll(mask);
873
	return mask;
Linus Torvalds's avatar
Linus Torvalds committed
874 875
}

876
static int do_poll(struct poll_list *list, struct poll_wqueues *wait,
877
		   struct timespec64 *end_time)
Linus Torvalds's avatar
Linus Torvalds committed
878 879
{
	poll_table* pt = &wait->pt;
880 881
	ktime_t expire, *to = NULL;
	int timed_out = 0, count = 0;
882
	u64 slack = 0;
Al Viro's avatar
Al Viro committed
883
	__poll_t busy_flag = net_busy_loop_on() ? POLL_BUSY_LOOP : 0;
884
	unsigned long busy_start = 0;
Linus Torvalds's avatar
Linus Torvalds committed
885

886
	/* Optimise the no-wait case */
887
	if (end_time && !end_time->tv_sec && !end_time->tv_nsec) {
888
		pt->_qproc = NULL;
889 890
		timed_out = 1;
	}
891

892
	if (end_time && !timed_out)
893
		slack = select_estimate_accuracy(end_time);
894

Linus Torvalds's avatar
Linus Torvalds committed
895 896
	for (;;) {
		struct poll_list *walk;
897
		bool can_busy_loop = false;
898

899 900 901 902 903 904 905 906
		for (walk = list; walk != NULL; walk = walk->next) {
			struct pollfd * pfd, * pfd_end;

			pfd = walk->entries;
			pfd_end = pfd + walk->len;
			for (; pfd != pfd_end; pfd++) {
				/*
				 * Fish for events. If we found one, record it
907
				 * and kill poll_table->_qproc, so we don't
908 909 910 911
				 * needlessly register any other waiters after
				 * this. They'll get immediately deregistered
				 * when we break out and return.
				 */
912 913
				if (do_pollfd(pfd, pt, &can_busy_loop,
					      busy_flag)) {
914
					count++;
915
					pt->_qproc = NULL;
916 917 918
					/* found something, stop busy polling */
					busy_flag = 0;
					can_busy_loop = false;
919 920
				}
			}
Linus Torvalds's avatar
Linus Torvalds committed
921
		}
922 923
		/*
		 * All waiters have already been registered, so don't provide
924
		 * a poll_table->_qproc to them on the next loop iteration.
925
		 */
926
		pt->_qproc = NULL;
927 928 929 930 931
		if (!count) {
			count = wait->error;
			if (signal_pending(current))
				count = -EINTR;
		}
932
		if (count || timed_out)
Linus Torvalds's avatar
Linus Torvalds committed
933
			break;
934

935
		/* only if found POLL_BUSY_LOOP sockets && not out of time */
936
		if (can_busy_loop && !need_resched()) {
937 938
			if (!busy_start) {
				busy_start = busy_loop_current_time();
939 940
				continue;
			}
941
			if (!busy_loop_timeout(busy_start))
942 943 944
				continue;
		}
		busy_flag = 0;
945

946 947 948 949 950 951
		/*
		 * If this is the first loop and we have a timeout
		 * given, then we convert to ktime_t and set the to
		 * pointer to the expiry value.
		 */
		if (end_time && !to) {
952
			expire = timespec64_to_ktime(*end_time);
953
			to = &expire;
954 955
		}

956
		if (!poll_schedule_timeout(wait, TASK_INTERRUPTIBLE, to, slack))
957
			timed_out = 1;
Linus Torvalds's avatar
Linus Torvalds committed
958 959 960 961
	}
	return count;
}

962 963 964
#define N_STACK_PPS ((sizeof(stack_pps) - sizeof(struct poll_list))  / \
			sizeof(struct pollfd))

965
static int do_sys_poll(struct pollfd __user *ufds, unsigned int nfds,
966
		struct timespec64 *end_time)
Linus Torvalds's avatar
Linus Torvalds committed
967 968
{
	struct poll_wqueues table;
969
 	int err = -EFAULT, fdcount, len, size;
970 971 972 973
	/* Allocate small arguments on the stack to save memory and be
	   faster - use long to make sure the buffer is aligned properly
	   on 64 bit archs to avoid unaligned access */
	long stack_pps[POLL_STACK_ALLOC/sizeof(long)];
974 975 976
	struct poll_list *const head = (struct poll_list *)stack_pps;
 	struct poll_list *walk = head;
 	unsigned long todo = nfds;
Linus Torvalds's avatar
Linus Torvalds committed
977

Jiri Slaby's avatar
Jiri Slaby committed
978
	if (nfds > rlimit(RLIMIT_NOFILE))
Linus Torvalds's avatar
Linus Torvalds committed
979 980
		return -EINVAL;

981 982 983 984 985 986
	len = min_t(unsigned int, nfds, N_STACK_PPS);
	for (;;) {
		walk->next = NULL;
		walk->len = len;
		if (!len)
			break;
Linus Torvalds's avatar
Linus Torvalds committed
987

988 989 990 991 992 993 994
		if (copy_from_user(walk->entries, ufds + nfds-todo,
					sizeof(struct pollfd) * walk->len))
			goto out_fds;

		todo -= walk->len;
		if (!todo)
			break;
Linus Torvalds's avatar
Linus Torvalds committed
995

996 997 998 999 1000
		len = min(todo, POLLFD_PER_PAGE);
		size = sizeof(struct poll_list) + sizeof(struct pollfd) * len;
		walk = walk->next = kmalloc(size, GFP_KERNEL);
		if (!walk) {
			err = -ENOMEM;
Linus Torvalds's avatar
Linus Torvalds committed
1001 1002 1003
			goto out_fds;
		}
	}
1004

1005
	poll_initwait(&table);
1006
	fdcount = do_poll(head, &table, end_time);
1007
	poll_freewait(&table);
Linus Torvalds's avatar
Linus Torvalds committed
1008

1009
	for (walk = head; walk; walk = walk->next) {
Linus Torvalds's avatar
Linus Torvalds committed
1010 1011 1012
		struct pollfd *fds = walk->entries;
		int j;

1013 1014
		for (j = 0; j < walk->len; j++, ufds++)
			if (__put_user(fds[j].revents, &ufds->revents))
Linus Torvalds's avatar
Linus Torvalds committed
1015 1016
				goto out_fds;
  	}
1017

Linus Torvalds's avatar
Linus Torvalds committed
1018 1019
	err = fdcount;
out_fds:
1020 1021 1022 1023 1024
	walk = head->next;
	while (walk) {
		struct poll_list *pos = walk;
		walk = walk->next;
		kfree(pos);
Linus Torvalds's avatar
Linus Torvalds committed
1025
	}
1026

Linus Torvalds's avatar
Linus Torvalds committed
1027 1028
	return err;
}
1029

1030 1031
static long do_restart_poll(struct restart_block *restart_block)
{
1032 1033
	struct pollfd __user *ufds = restart_block->poll.ufds;
	int nfds = restart_block->poll.nfds;
1034
	struct timespec64 *to = NULL, end_time;
1035 1036
	int ret;

1037 1038 1039 1040 1041 1042 1043 1044
	if (restart_block->poll.has_timeout) {
		end_time.tv_sec = restart_block->poll.tv_sec;
		end_time.tv_nsec = restart_block->poll.tv_nsec;
		to = &end_time;
	}

	ret = do_sys_poll(ufds, nfds, to);

1045 1046 1047 1048 1049 1050 1051
	if (ret == -EINTR) {
		restart_block->fn = do_restart_poll;
		ret = -ERESTART_RESTARTBLOCK;
	}
	return ret;
}

1052
SYSCALL_DEFINE3(poll, struct pollfd __user *, ufds, unsigned int, nfds,
1053
		int, timeout_msecs)
1054
{
1055
	struct timespec64 end_time, *to = NULL;
1056
	int ret;
1057

1058 1059 1060 1061
	if (timeout_msecs >= 0) {
		to = &end_time;
		poll_select_set_timeout(to, timeout_msecs / MSEC_PER_SEC,
			NSEC_PER_MSEC * (timeout_msecs % MSEC_PER_SEC));
1062 1063
	}

1064 1065
	ret = do_sys_poll(ufds, nfds, to);

1066 1067
	if (ret == -EINTR) {
		struct restart_block *restart_block;
1068

1069
		restart_block = &current->restart_block;
1070
		restart_block->fn = do_restart_poll;
1071 1072 1073 1074 1075 1076 1077 1078 1079 1080
		restart_block->poll.ufds = ufds;
		restart_block->poll.nfds = nfds;

		if (timeout_msecs >= 0) {
			restart_block->poll.tv_sec = end_time.tv_sec;
			restart_block->poll.tv_nsec = end_time.tv_nsec;
			restart_block->poll.has_timeout = 1;
		} else
			restart_block->poll.has_timeout = 0;

1081 1082 1083
		ret = -ERESTART_RESTARTBLOCK;
	}
	return ret;
1084 1085
}

1086
SYSCALL_DEFINE5(ppoll, struct pollfd __user *, ufds, unsigned int, nfds,
1087
		struct __kernel_timespec __user *, tsp, const sigset_t __user *, sigmask,
1088
		size_t, sigsetsize)
1089 1090
{
	sigset_t ksigmask, sigsaved;
1091
	struct timespec64 ts, end_time, *to = NULL;
1092 1093 1094
	int ret;

	if (tsp) {
1095
		if (get_timespec64(&ts, tsp))
1096 1097
			return -EFAULT;

1098 1099 1100
		to = &end_time;
		if (poll_select_set_timeout(to, ts.tv_sec, ts.tv_nsec))
			return -EINVAL;
1101 1102
	}

1103 1104 1105
	ret = set_user_sigmask(sigmask, &ksigmask, &sigsaved, sigsetsize);
	if (ret)
		return ret;
1106

1107
	ret = do_sys_poll(ufds, nfds, to);
1108

1109 1110
	restore_user_sigmask(sigmask, &sigsaved);

1111
	/* We can restart this syscall, usually */
1112
	if (ret == -EINTR)
1113 1114
		ret = -ERESTARTNOHAND;

1115
	ret = poll_select_copy_remaining(&end_time, tsp, PT_TIMESPEC, ret);
1116 1117 1118

	return ret;
}
1119

1120
#if defined(CONFIG_COMPAT_32BIT_TIME) && !defined(CONFIG_64BIT)
1121

1122 1123 1124
SYSCALL_DEFINE5(ppoll_time32, struct pollfd __user *, ufds, unsigned int, nfds,
		struct old_timespec32 __user *, tsp, const sigset_t __user *, sigmask,
		size_t, sigsetsize)
1125
{
1126 1127 1128
	sigset_t ksigmask, sigsaved;
	struct timespec64 ts, end_time, *to = NULL;
	int ret;
1129

1130 1131 1132
	if (tsp) {
		if (get_old_timespec32(&ts, tsp))
			return -EFAULT;
1133

1134 1135 1136 1137
		to = &end_time;
		if (poll_select_set_timeout(to, ts.tv_sec, ts.tv_nsec))
			return -EINVAL;
	}
1138

1139 1140
	ret = set_user_sigmask(sigmask, &ksigmask, &sigsaved, sigsetsize);
	if (ret)
1141 1142
		return ret;

1143
	ret = do_sys_poll(ufds, nfds, to);
1144

1145
	restore_user_sigmask(sigmask, &sigsaved);
1146

1147 1148 1149
	/* We can restart this syscall, usually */
	if (ret == -EINTR)
		ret = -ERESTARTNOHAND;
1150

1151
	ret = poll_select_copy_remaining(&end_time, tsp, PT_OLD_TIMESPEC, ret);
1152 1153 1154

	return ret;
}
1155 1156 1157 1158
#endif

#ifdef CONFIG_COMPAT
#define __COMPAT_NFDBITS       (8 * sizeof(compat_ulong_t))
1159 1160 1161 1162 1163 1164 1165 1166 1167 1168

/*
 * Ooo, nasty.  We need here to frob 32-bit unsigned longs to
 * 64-bit unsigned longs.
 */
static
int compat_get_fd_set(unsigned long nr, compat_ulong_t __user *ufdset,
			unsigned long *fdset)
{
	if (ufdset) {
1169
		return compat_get_bitmap(fdset, ufdset, nr);
1170
	} else {
1171
		zero_fd_set(nr, fdset);
1172
		return 0;
1173 1174 1175 1176 1177 1178 1179 1180 1181
	}
}

static
int compat_set_fd_set(unsigned long nr, compat_ulong_t __user *ufdset,
		      unsigned long *fdset)
{
	if (!ufdset)
		return 0;
1182
	return compat_put_bitmap(ufdset, fdset, nr);
1183 1184 1185 1186 1187 1188 1189 1190 1191 1192 1193 1194 1195 1196 1197 1198 1199 1200
}


/*
 * This is a virtual copy of sys_select from fs/select.c and probably
 * should be compared to it from time to time
 */

/*
 * We can actually return ERESTARTSYS instead of EINTR, but I'd
 * like to be certain this leads to no problems. So I return
 * EINTR just for safety.
 *
 * Update: ERESTARTSYS breaks at least the xview clock binary, so
 * I'm trying ERESTARTNOHAND which restart only when you want to.
 */
static int compat_core_sys_select(int n, compat_ulong_t __user *inp,
	compat_ulong_t __user *outp, compat_ulong_t __user *exp,
1201
	struct timespec64 *end_time)
1202 1203 1204 1205 1206 1207 1208 1209 1210 1211 1212 1213 1214 1215 1216 1217 1218 1219 1220 1221 1222 1223 1224 1225 1226 1227
{
	fd_set_bits fds;
	void *bits;
	int size, max_fds, ret = -EINVAL;
	struct fdtable *fdt;
	long stack_fds[SELECT_STACK_ALLOC/sizeof(long)];

	if (n < 0)
		goto out_nofds;

	/* max_fds can increase, so grab it once to avoid race */
	rcu_read_lock();
	fdt = files_fdtable(current->files);
	max_fds = fdt->max_fds;
	rcu_read_unlock();
	if (n > max_fds)
		n = max_fds;

	/*
	 * We need 6 bitmaps (in/out/ex for both incoming and outgoing),
	 * since we used fdset we need to allocate memory in units of
	 * long-words.
	 */
	size = FDS_BYTES(n);
	bits = stack_fds;
	if (size > sizeof(stack_fds) / 6) {
1228
		bits = kmalloc_array(6, size, GFP_KERNEL);
1229 1230 1231 1232 1233 1234 1235 1236 1237 1238 1239 1240 1241 1242 1243 1244 1245 1246 1247 1248 1249 1250 1251 1252 1253 1254 1255 1256 1257 1258 1259 1260 1261 1262 1263 1264 1265 1266 1267 1268 1269
		ret = -ENOMEM;
		if (!bits)
			goto out_nofds;
	}
	fds.in      = (unsigned long *)  bits;
	fds.out     = (unsigned long *) (bits +   size);
	fds.ex      = (unsigned long *) (bits + 2*size);
	fds.res_in  = (unsigned long *) (bits + 3*size);
	fds.res_out = (unsigned long *) (bits + 4*size);
	fds.res_ex  = (unsigned long *) (bits + 5*size);

	if ((ret = compat_get_fd_set(n, inp, fds.in)) ||
	    (ret = compat_get_fd_set(n, outp, fds.out)) ||
	    (ret = compat_get_fd_set(n, exp, fds.ex)))
		goto out;
	zero_fd_set(n, fds.res_in);
	zero_fd_set(n, fds.res_out);
	zero_fd_set(n, fds.res_ex);

	ret = do_select(n, &fds, end_time);

	if (ret < 0)
		goto out;
	if (!ret) {
		ret = -ERESTARTNOHAND;
		if (signal_pending(current))
			goto out;
		ret = 0;
	}

	if (compat_set_fd_set(n, inp, fds.res_in) ||
	    compat_set_fd_set(n, outp, fds.res_out) ||
	    compat_set_fd_set(n, exp, fds.res_ex))
		ret = -EFAULT;
out:
	if (bits != stack_fds)
		kfree(bits);
out_nofds:
	return ret;
}

1270 1271
static int do_compat_select(int n, compat_ulong_t __user *inp,
	compat_ulong_t __user *outp, compat_ulong_t __user *exp,
1272
	struct old_timeval32 __user *tvp)
1273
{
1274
	struct timespec64 end_time, *to = NULL;
1275
	struct old_timeval32 tv;
1276 1277 1278 1279 1280 1281 1282 1283 1284 1285 1286 1287 1288 1289
	int ret;

	if (tvp) {
		if (copy_from_user(&tv, tvp, sizeof(tv)))
			return -EFAULT;

		to = &end_time;
		if (poll_select_set_timeout(to,
				tv.tv_sec + (tv.tv_usec / USEC_PER_SEC),
				(tv.tv_usec % USEC_PER_SEC) * NSEC_PER_USEC))
			return -EINVAL;
	}

	ret = compat_core_sys_select(n, inp, outp, exp, to);
1290
	ret = poll_select_copy_remaining(&end_time, tvp, PT_OLD_TIMEVAL, ret);
1291 1292 1293 1294

	return ret;
}

1295 1296
COMPAT_SYSCALL_DEFINE5(select, int, n, compat_ulong_t __user *, inp,
	compat_ulong_t __user *, outp, compat_ulong_t __user *, exp,
1297
	struct old_timeval32 __user *, tvp)
1298 1299 1300 1301
{
	return do_compat_select(n, inp, outp, exp, tvp);
}

1302 1303 1304 1305 1306 1307 1308 1309 1310 1311 1312 1313 1314 1315
struct compat_sel_arg_struct {
	compat_ulong_t n;
	compat_uptr_t inp;
	compat_uptr_t outp;
	compat_uptr_t exp;
	compat_uptr_t tvp;
};

COMPAT_SYSCALL_DEFINE1(old_select, struct compat_sel_arg_struct __user *, arg)
{
	struct compat_sel_arg_struct a;

	if (copy_from_user(&a, arg, sizeof(a)))
		return -EFAULT;
1316 1317
	return do_compat_select(a.n, compat_ptr(a.inp), compat_ptr(a.outp),
				compat_ptr(a.exp), compat_ptr(a.tvp));
1318 1319 1320 1321
}

static long do_compat_pselect(int n, compat_ulong_t __user *inp,
	compat_ulong_t __user *outp, compat_ulong_t __user *exp,
1322 1323
	void __user *tsp, compat_sigset_t __user *sigmask,
	compat_size_t sigsetsize, enum poll_time_type type)
1324 1325
{
	sigset_t ksigmask, sigsaved;
1326
	struct timespec64 ts, end_time, *to = NULL;
1327 1328 1329
	int ret;

	if (tsp) {
1330 1331 1332 1333 1334 1335 1336 1337 1338 1339 1340 1341
		switch (type) {
		case PT_OLD_TIMESPEC:
			if (get_old_timespec32(&ts, tsp))
				return -EFAULT;
			break;
		case PT_TIMESPEC:
			if (get_timespec64(&ts, tsp))
				return -EFAULT;
			break;
		default:
			BUG();
		}
1342 1343 1344 1345 1346 1347

		to = &end_time;
		if (poll_select_set_timeout(to, ts.tv_sec, ts.tv_nsec))
			return -EINVAL;
	}

1348 1349 1350
	ret = set_compat_user_sigmask(sigmask, &ksigmask, &sigsaved, sigsetsize);
	if (ret)
		return ret;
1351 1352

	ret = compat_core_sys_select(n, inp, outp, exp, to);
1353
	ret = poll_select_copy_remaining(&end_time, tsp, type, ret);
1354

1355
	restore_user_sigmask(sigmask, &sigsaved);
1356 1357 1358 1359

	return ret;
}

1360 1361 1362 1363 1364 1365 1366 1367
COMPAT_SYSCALL_DEFINE6(pselect6_time64, int, n, compat_ulong_t __user *, inp,
	compat_ulong_t __user *, outp, compat_ulong_t __user *, exp,
	struct __kernel_timespec __user *, tsp, void __user *, sig)
{
	compat_size_t sigsetsize = 0;
	compat_uptr_t up = 0;

	if (sig) {
1368
		if (!access_ok(sig,
1369 1370 1371 1372 1373 1374 1375 1376 1377 1378 1379 1380 1381
				sizeof(compat_uptr_t)+sizeof(compat_size_t)) ||
				__get_user(up, (compat_uptr_t __user *)sig) ||
				__get_user(sigsetsize,
				(compat_size_t __user *)(sig+sizeof(up))))
			return -EFAULT;
	}

	return do_compat_pselect(n, inp, outp, exp, tsp, compat_ptr(up),
				 sigsetsize, PT_TIMESPEC);
}

#if defined(CONFIG_COMPAT_32BIT_TIME)

1382 1383
COMPAT_SYSCALL_DEFINE6(pselect6, int, n, compat_ulong_t __user *, inp,
	compat_ulong_t __user *, outp, compat_ulong_t __user *, exp,
1384
	struct old_timespec32 __user *, tsp, void __user *, sig)
1385 1386 1387 1388 1389
{
	compat_size_t sigsetsize = 0;
	compat_uptr_t up = 0;

	if (sig) {
1390
		if (!access_ok(sig,
1391 1392 1393 1394 1395 1396
				sizeof(compat_uptr_t)+sizeof(compat_size_t)) ||
		    	__get_user(up, (compat_uptr_t __user *)sig) ||
		    	__get_user(sigsetsize,
				(compat_size_t __user *)(sig+sizeof(up))))
			return -EFAULT;
	}
1397

1398
	return do_compat_pselect(n, inp, outp, exp, tsp, compat_ptr(up),
1399
				 sigsetsize, PT_OLD_TIMESPEC);
1400 1401
}

1402 1403
#endif

1404
#if defined(CONFIG_COMPAT_32BIT_TIME)
1405
COMPAT_SYSCALL_DEFINE5(ppoll, struct pollfd __user *, ufds,
1406
	unsigned int,  nfds, struct old_timespec32 __user *, tsp,
1407 1408 1409
	const compat_sigset_t __user *, sigmask, compat_size_t, sigsetsize)
{
	sigset_t ksigmask, sigsaved;