aio: shift copyin of iocb into io_submit_one()

}

static int io_submit_one(struct kioctx *ctx, struct iocb __user *user_iocb,

			 struct iocb *iocb, bool compat)

			 bool compat)

{

	struct aio_kiocb *req;

	struct iocb iocb;

	ssize_t ret;

	if (unlikely(copy_from_user(&iocb, user_iocb, sizeof(iocb))))

		return -EFAULT;

	/* enforce forwards compatibility on users */

	if (unlikely(iocb->aio_reserved2)) {

	if (unlikely(iocb.aio_reserved2)) {

		pr_debug("EINVAL: reserve field set\n");

		return -EINVAL;

	}

	/* prevent overflows */

	if (unlikely(

	    (iocb->aio_buf != (unsigned long)iocb->aio_buf) ||

	    (iocb->aio_nbytes != (size_t)iocb->aio_nbytes) ||

	    ((ssize_t)iocb->aio_nbytes < 0)

	    (iocb.aio_buf != (unsigned long)iocb.aio_buf) ||

	    (iocb.aio_nbytes != (size_t)iocb.aio_nbytes) ||

	    ((ssize_t)iocb.aio_nbytes < 0)

	   )) {

		pr_debug("EINVAL: overflow check\n");

		return -EINVAL;

	if (unlikely(!req))

		return -EAGAIN;

	if (iocb->aio_flags & IOCB_FLAG_RESFD) {

	if (iocb.aio_flags & IOCB_FLAG_RESFD) {

		/*

		 * If the IOCB_FLAG_RESFD flag of aio_flags is set, get an

		 * instance of the file* now. The file descriptor must be

		 * an eventfd() fd, and will be signaled for each completed

		 * event using the eventfd_signal() function.

		 */

		req->ki_eventfd = eventfd_ctx_fdget((int) iocb->aio_resfd);

		req->ki_eventfd = eventfd_ctx_fdget((int) iocb.aio_resfd);

		if (IS_ERR(req->ki_eventfd)) {

			ret = PTR_ERR(req->ki_eventfd);

			req->ki_eventfd = NULL;

	}

	req->ki_user_iocb = user_iocb;

	req->ki_user_data = iocb->aio_data;

	req->ki_user_data = iocb.aio_data;

	switch (iocb->aio_lio_opcode) {

	switch (iocb.aio_lio_opcode) {

	case IOCB_CMD_PREAD:

		ret = aio_read(&req->rw, iocb, false, compat);

		ret = aio_read(&req->rw, &iocb, false, compat);

		break;

	case IOCB_CMD_PWRITE:

		ret = aio_write(&req->rw, iocb, false, compat);

		ret = aio_write(&req->rw, &iocb, false, compat);

		break;

	case IOCB_CMD_PREADV:

		ret = aio_read(&req->rw, iocb, true, compat);

		ret = aio_read(&req->rw, &iocb, true, compat);

		break;

	case IOCB_CMD_PWRITEV:

		ret = aio_write(&req->rw, iocb, true, compat);

		ret = aio_write(&req->rw, &iocb, true, compat);

		break;

	case IOCB_CMD_FSYNC:

		ret = aio_fsync(&req->fsync, iocb, false);

		ret = aio_fsync(&req->fsync, &iocb, false);

		break;

	case IOCB_CMD_FDSYNC:

		ret = aio_fsync(&req->fsync, iocb, true);

		ret = aio_fsync(&req->fsync, &iocb, true);

		break;

	case IOCB_CMD_POLL:

		ret = aio_poll(req, iocb);

		ret = aio_poll(req, &iocb);

		break;

	default:

		pr_debug("invalid aio operation %d\n", iocb->aio_lio_opcode);

		pr_debug("invalid aio operation %d\n", iocb.aio_lio_opcode);

		ret = -EINVAL;

		break;

	}

	 */

	for (i=0; i<nr; i++) {

		struct iocb __user *user_iocb;

		struct iocb tmp;

		if (unlikely(__get_user(user_iocb, iocbpp + i))) {

			ret = -EFAULT;

			break;

		}

		if (unlikely(copy_from_user(&tmp, user_iocb, sizeof(tmp)))) {

			ret = -EFAULT;

			break;

		}

		ret = io_submit_one(ctx, user_iocb, &tmp, compat);

		ret = io_submit_one(ctx, user_iocb, compat);

		if (ret)

			break;

	}