]> git.proxmox.com Git - mirror_ubuntu-zesty-kernel.git/blame - mm/shmem.c
projects / mirror_ubuntu-zesty-kernel.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
shmem: make shmem_inode_info::lock irq-safe
[mirror_ubuntu-zesty-kernel.git] / mm / shmem.c
CommitLineData
1da177e4
LT		 1/*
2 * Resizable virtual memory filesystem for Linux.
3 *
4 * Copyright (C) 2000 Linus Torvalds.
5 * 2000 Transmeta Corp.
6 * 2000-2001 Christoph Rohland
7 * 2000-2001 SAP AG
8 * 2002 Red Hat Inc.
6922c0c7
HD		 9 * Copyright (C) 2002-2011 Hugh Dickins.
10 * Copyright (C) 2011 Google Inc.
0edd73b3 11 * Copyright (C) 2002-2005 VERITAS Software Corporation.
1da177e4
LT		 12 * Copyright (C) 2004 Andi Kleen, SuSE Labs
13 *
14 * Extended attribute support for tmpfs:
15 * Copyright (c) 2004, Luke Kenneth Casson Leighton <lkcl@lkcl.net>
16 * Copyright (c) 2004 Red Hat, Inc., James Morris <jmorris@redhat.com>
17 *
853ac43a
MM		 18 * tiny-shmem:
19 * Copyright (c) 2004, 2008 Matt Mackall <mpm@selenic.com>
20 *
1da177e4
LT		 21 * This file is released under the GPL.
22 */
23
853ac43a
MM		 24#include <linux/fs.h>
25#include <linux/init.h>
26#include <linux/vfs.h>
27#include <linux/mount.h>
250297ed 28#include <linux/ramfs.h>
caefba17 29#include <linux/pagemap.h>
853ac43a
MM		 30#include <linux/file.h>
31#include <linux/mm.h>
b95f1b31 32#include <linux/export.h>
853ac43a 33#include <linux/swap.h>
e2e40f2c 34#include <linux/uio.h>
853ac43a
MM		 35
36static struct vfsmount *shm_mnt;
37
38#ifdef CONFIG_SHMEM
1da177e4
LT		 39/*
40 * This virtual memory filesystem is heavily based on the ramfs. It
41 * extends ramfs by the ability to use swap and honor resource limits
42 * which makes it a completely usable filesystem.
43 */
44
39f0247d 45#include <linux/xattr.h>
a5694255 46#include <linux/exportfs.h>
1c7c474c 47#include <linux/posix_acl.h>
feda821e 48#include <linux/posix_acl_xattr.h>
1da177e4 49#include <linux/mman.h>
1da177e4
LT		 50#include <linux/string.h>
51#include <linux/slab.h>
52#include <linux/backing-dev.h>
53#include <linux/shmem_fs.h>
1da177e4 54#include <linux/writeback.h>
1da177e4 55#include <linux/blkdev.h>
bda97eab 56#include <linux/pagevec.h>
41ffe5d5 57#include <linux/percpu_counter.h>
83e4fa9c 58#include <linux/falloc.h>
708e3508 59#include <linux/splice.h>
1da177e4
LT		 60#include <linux/security.h>
61#include <linux/swapops.h>
62#include <linux/mempolicy.h>
63#include <linux/namei.h>
b00dc3ad 64#include <linux/ctype.h>
304dbdb7 65#include <linux/migrate.h>
c1f60a5a 66#include <linux/highmem.h>
680d794b 67#include <linux/seq_file.h>
92562927 68#include <linux/magic.h>
9183df25 69#include <linux/syscalls.h>
40e041a2 70#include <linux/fcntl.h>
9183df25 71#include <uapi/linux/memfd.h>
304dbdb7 72
1da177e4 73#include <asm/uaccess.h>
1da177e4
LT		 74#include <asm/pgtable.h>
75
dd56b046
MG		 76#include "internal.h"
77
09cbfeaf
KS		 78#define BLOCKS_PER_PAGE (PAGE_SIZE/512)
79#define VM_ACCT(size) (PAGE_ALIGN(size) >> PAGE_SHIFT)
1da177e4 80
1da177e4
LT		 81/* Pretend that each entry is of this size in directory's i_size */
82#define BOGO_DIRENT_SIZE 20
83
69f07ec9
HD		 84/* Symlink up to this size is kmalloc'ed instead of using a swappable page */
85#define SHORT_SYMLINK_LEN 128
86
1aac1400 87/*
f00cdc6d
HD		 88 * shmem_fallocate communicates with shmem_fault or shmem_writepage via
89 * inode->i_private (with i_mutex making sure that it has only one user at
90 * a time): we would prefer not to enlarge the shmem inode just for that.
1aac1400
HD		 91 */
92struct shmem_falloc {
8e205f77 93 wait_queue_head_t *waitq; /* faults into hole wait for punch to end */
1aac1400
HD		 94 pgoff_t start; /* start of range currently being fallocated */
95 pgoff_t next; /* the next page offset to be fallocated */
96 pgoff_t nr_falloced; /* how many new pages have been fallocated */
97 pgoff_t nr_unswapped; /* how often writepage refused to swap out */
98};
99
285b2c4f 100/* Flag allocation requirements to shmem_getpage */
1da177e4 101enum sgp_type {
1da177e4
LT		 102 SGP_READ, /* don't exceed i_size, don't allocate page */
103 SGP_CACHE, /* don't exceed i_size, may allocate page */
657e3038
KS		 104 SGP_NOHUGE, /* like SGP_CACHE, but no huge pages */
105 SGP_HUGE, /* like SGP_CACHE, huge pages preferred */
1635f6a7
HD		 106 SGP_WRITE, /* may exceed i_size, may allocate !Uptodate page */
107 SGP_FALLOC, /* like SGP_WRITE, but make existing page Uptodate */
1da177e4
LT		 108};
109
b76db735 110#ifdef CONFIG_TMPFS
680d794b
AM		 111static unsigned long shmem_default_max_blocks(void)
112{
113 return totalram_pages / 2;
114}
115
116static unsigned long shmem_default_max_inodes(void)
117{
118 return min(totalram_pages - totalhigh_pages, totalram_pages / 2);
119}
b76db735 120#endif
680d794b 121
bde05d1c
HD		 122static bool shmem_should_replace_page(struct page *page, gfp_t gfp);
123static int shmem_replace_page(struct page **pagep, gfp_t gfp,
124 struct shmem_inode_info *info, pgoff_t index);
68da9f05 125static int shmem_getpage_gfp(struct inode *inode, pgoff_t index,
9e18eb29
ALC		 126 struct page **pagep, enum sgp_type sgp,
127 gfp_t gfp, struct mm_struct *fault_mm, int *fault_type);
68da9f05
HD		 128
129static inline int shmem_getpage(struct inode *inode, pgoff_t index,
9e18eb29 130 struct page **pagep, enum sgp_type sgp)
68da9f05
HD		 131{
132 return shmem_getpage_gfp(inode, index, pagep, sgp,
9e18eb29 133 mapping_gfp_mask(inode->i_mapping), NULL, NULL);
68da9f05 134}
1da177e4 135
1da177e4
LT		 136static inline struct shmem_sb_info *SHMEM_SB(struct super_block *sb)
137{
138 return sb->s_fs_info;
139}
140
141/*
142 * shmem_file_setup pre-accounts the whole fixed size of a VM object,
143 * for shared memory and for shared anonymous (/dev/zero) mappings
144 * (unless MAP_NORESERVE and sysctl_overcommit_memory <= 1),
145 * consistent with the pre-accounting of private mappings ...
146 */
147static inline int shmem_acct_size(unsigned long flags, loff_t size)
148{
0b0a0806 149 return (flags & VM_NORESERVE) ?
191c5424 150 0 : security_vm_enough_memory_mm(current->mm, VM_ACCT(size));
1da177e4
LT		 151}
152
153static inline void shmem_unacct_size(unsigned long flags, loff_t size)
154{
0b0a0806 155 if (!(flags & VM_NORESERVE))
1da177e4
LT		 156 vm_unacct_memory(VM_ACCT(size));
157}
158
77142517
KK		 159static inline int shmem_reacct_size(unsigned long flags,
160 loff_t oldsize, loff_t newsize)
161{
162 if (!(flags & VM_NORESERVE)) {
163 if (VM_ACCT(newsize) > VM_ACCT(oldsize))
164 return security_vm_enough_memory_mm(current->mm,
165 VM_ACCT(newsize) - VM_ACCT(oldsize));
166 else if (VM_ACCT(newsize) < VM_ACCT(oldsize))
167 vm_unacct_memory(VM_ACCT(oldsize) - VM_ACCT(newsize));
168 }
169 return 0;
170}
171
1da177e4
LT		 172/*
173 * ... whereas tmpfs objects are accounted incrementally as
75edd345 174 * pages are allocated, in order to allow large sparse files.
1da177e4
LT		 175 * shmem_getpage reports shmem_acct_block failure as -ENOSPC not -ENOMEM,
176 * so that a failure on a sparse tmpfs mapping will give SIGBUS not OOM.
177 */
800d8c63 178static inline int shmem_acct_block(unsigned long flags, long pages)
1da177e4 179{
800d8c63
KS		 180 if (!(flags & VM_NORESERVE))
181 return 0;
182
183 return security_vm_enough_memory_mm(current->mm,
184 pages * VM_ACCT(PAGE_SIZE));
1da177e4
LT		 185}
186
187static inline void shmem_unacct_blocks(unsigned long flags, long pages)
188{
0b0a0806 189 if (flags & VM_NORESERVE)
09cbfeaf 190 vm_unacct_memory(pages * VM_ACCT(PAGE_SIZE));
1da177e4
LT		 191}
192
759b9775 193static const struct super_operations shmem_ops;
f5e54d6e 194static const struct address_space_operations shmem_aops;
15ad7cdc 195static const struct file_operations shmem_file_operations;
92e1d5be
AV		 196static const struct inode_operations shmem_inode_operations;
197static const struct inode_operations shmem_dir_inode_operations;
198static const struct inode_operations shmem_special_inode_operations;
f0f37e2f 199static const struct vm_operations_struct shmem_vm_ops;
1da177e4 200
1da177e4 201static LIST_HEAD(shmem_swaplist);
cb5f7b9a 202static DEFINE_MUTEX(shmem_swaplist_mutex);
1da177e4 203
5b04c689
PE		 204static int shmem_reserve_inode(struct super_block *sb)
205{
206 struct shmem_sb_info *sbinfo = SHMEM_SB(sb);
207 if (sbinfo->max_inodes) {
208 spin_lock(&sbinfo->stat_lock);
209 if (!sbinfo->free_inodes) {
210 spin_unlock(&sbinfo->stat_lock);
211 return -ENOSPC;
212 }
213 sbinfo->free_inodes--;
214 spin_unlock(&sbinfo->stat_lock);
215 }
216 return 0;
217}
218
219static void shmem_free_inode(struct super_block *sb)
220{
221 struct shmem_sb_info *sbinfo = SHMEM_SB(sb);
222 if (sbinfo->max_inodes) {
223 spin_lock(&sbinfo->stat_lock);
224 sbinfo->free_inodes++;
225 spin_unlock(&sbinfo->stat_lock);
226 }
227}
228
46711810 229/**
41ffe5d5 230 * shmem_recalc_inode - recalculate the block usage of an inode
1da177e4
LT		 231 * @inode: inode to recalc
232 *
233 * We have to calculate the free blocks since the mm can drop
234 * undirtied hole pages behind our back.
235 *
236 * But normally info->alloced == inode->i_mapping->nrpages + info->swapped
237 * So mm freed is info->alloced - (inode->i_mapping->nrpages + info->swapped)
238 *
239 * It has to be called with the spinlock held.
240 */
241static void shmem_recalc_inode(struct inode *inode)
242{
243 struct shmem_inode_info *info = SHMEM_I(inode);
244 long freed;
245
246 freed = info->alloced - info->swapped - inode->i_mapping->nrpages;
247 if (freed > 0) {
54af6042
HD		 248 struct shmem_sb_info *sbinfo = SHMEM_SB(inode->i_sb);
249 if (sbinfo->max_blocks)
250 percpu_counter_add(&sbinfo->used_blocks, -freed);
1da177e4 251 info->alloced -= freed;
54af6042 252 inode->i_blocks -= freed * BLOCKS_PER_PAGE;
1da177e4 253 shmem_unacct_blocks(info->flags, freed);
1da177e4
LT		 254 }
255}
256
800d8c63
KS		 257bool shmem_charge(struct inode *inode, long pages)
258{
259 struct shmem_inode_info *info = SHMEM_I(inode);
260 struct shmem_sb_info *sbinfo = SHMEM_SB(inode->i_sb);
4595ef88 261 unsigned long flags;
800d8c63
KS		 262
263 if (shmem_acct_block(info->flags, pages))
264 return false;
4595ef88 265 spin_lock_irqsave(&info->lock, flags);
800d8c63
KS		 266 info->alloced += pages;
267 inode->i_blocks += pages * BLOCKS_PER_PAGE;
268 shmem_recalc_inode(inode);
4595ef88 269 spin_unlock_irqrestore(&info->lock, flags);
800d8c63
KS		 270 inode->i_mapping->nrpages += pages;
271
272 if (!sbinfo->max_blocks)
273 return true;
274 if (percpu_counter_compare(&sbinfo->used_blocks,
275 sbinfo->max_blocks - pages) > 0) {
276 inode->i_mapping->nrpages -= pages;
4595ef88 277 spin_lock_irqsave(&info->lock, flags);
800d8c63
KS		 278 info->alloced -= pages;
279 shmem_recalc_inode(inode);
4595ef88 280 spin_unlock_irqrestore(&info->lock, flags);
800d8c63
KS		 281
282 return false;
283 }
284 percpu_counter_add(&sbinfo->used_blocks, pages);
285 return true;
286}
287
288void shmem_uncharge(struct inode *inode, long pages)
289{
290 struct shmem_inode_info *info = SHMEM_I(inode);
291 struct shmem_sb_info *sbinfo = SHMEM_SB(inode->i_sb);
4595ef88 292 unsigned long flags;
800d8c63 293
4595ef88 294 spin_lock_irqsave(&info->lock, flags);
800d8c63
KS		 295 info->alloced -= pages;
296 inode->i_blocks -= pages * BLOCKS_PER_PAGE;
297 shmem_recalc_inode(inode);
4595ef88 298 spin_unlock_irqrestore(&info->lock, flags);
800d8c63
KS		 299
300 if (sbinfo->max_blocks)
301 percpu_counter_sub(&sbinfo->used_blocks, pages);
302}
303
7a5d0fbb
HD		 304/*
305 * Replace item expected in radix tree by a new item, while holding tree lock.
306 */
307static int shmem_radix_tree_replace(struct address_space *mapping,
308 pgoff_t index, void *expected, void *replacement)
309{
310 void **pslot;
6dbaf22c 311 void *item;
7a5d0fbb
HD		 312
313 VM_BUG_ON(!expected);
6dbaf22c 314 VM_BUG_ON(!replacement);
7a5d0fbb 315 pslot = radix_tree_lookup_slot(&mapping->page_tree, index);
6dbaf22c
JW		 316 if (!pslot)
317 return -ENOENT;
318 item = radix_tree_deref_slot_protected(pslot, &mapping->tree_lock);
7a5d0fbb
HD		 319 if (item != expected)
320 return -ENOENT;
6dbaf22c 321 radix_tree_replace_slot(pslot, replacement);
7a5d0fbb
HD		 322 return 0;
323}
324
d1899228
HD		 325/*
326 * Sometimes, before we decide whether to proceed or to fail, we must check
327 * that an entry was not already brought back from swap by a racing thread.
328 *
329 * Checking page is not enough: by the time a SwapCache page is locked, it
330 * might be reused, and again be SwapCache, using the same swap as before.
331 */
332static bool shmem_confirm_swap(struct address_space *mapping,
333 pgoff_t index, swp_entry_t swap)
334{
335 void *item;
336
337 rcu_read_lock();
338 item = radix_tree_lookup(&mapping->page_tree, index);
339 rcu_read_unlock();
340 return item == swp_to_radix_entry(swap);
341}
342
5a6e75f8
KS		 343/*
344 * Definitions for "huge tmpfs": tmpfs mounted with the huge= option
345 *
346 * SHMEM_HUGE_NEVER:
347 * disables huge pages for the mount;
348 * SHMEM_HUGE_ALWAYS:
349 * enables huge pages for the mount;
350 * SHMEM_HUGE_WITHIN_SIZE:
351 * only allocate huge pages if the page will be fully within i_size,
352 * also respect fadvise()/madvise() hints;
353 * SHMEM_HUGE_ADVISE:
354 * only allocate huge pages if requested with fadvise()/madvise();
355 */
356
357#define SHMEM_HUGE_NEVER 0
358#define SHMEM_HUGE_ALWAYS 1
359#define SHMEM_HUGE_WITHIN_SIZE 2
360#define SHMEM_HUGE_ADVISE 3
361
362/*
363 * Special values.
364 * Only can be set via /sys/kernel/mm/transparent_hugepage/shmem_enabled:
365 *
366 * SHMEM_HUGE_DENY:
367 * disables huge on shm_mnt and all mounts, for emergency use;
368 * SHMEM_HUGE_FORCE:
369 * enables huge on shm_mnt and all mounts, w/o needing option, for testing;
370 *
371 */
372#define SHMEM_HUGE_DENY (-1)
373#define SHMEM_HUGE_FORCE (-2)
374
375#ifdef CONFIG_TRANSPARENT_HUGEPAGE
376/* ifdef here to avoid bloating shmem.o when not necessary */
377
378int shmem_huge __read_mostly;
379
380static int shmem_parse_huge(const char *str)
381{
382 if (!strcmp(str, "never"))
383 return SHMEM_HUGE_NEVER;
384 if (!strcmp(str, "always"))
385 return SHMEM_HUGE_ALWAYS;
386 if (!strcmp(str, "within_size"))
387 return SHMEM_HUGE_WITHIN_SIZE;
388 if (!strcmp(str, "advise"))
389 return SHMEM_HUGE_ADVISE;
390 if (!strcmp(str, "deny"))
391 return SHMEM_HUGE_DENY;
392 if (!strcmp(str, "force"))
393 return SHMEM_HUGE_FORCE;
394 return -EINVAL;
395}
396
397static const char *shmem_format_huge(int huge)
398{
399 switch (huge) {
400 case SHMEM_HUGE_NEVER:
401 return "never";
402 case SHMEM_HUGE_ALWAYS:
403 return "always";
404 case SHMEM_HUGE_WITHIN_SIZE:
405 return "within_size";
406 case SHMEM_HUGE_ADVISE:
407 return "advise";
408 case SHMEM_HUGE_DENY:
409 return "deny";
410 case SHMEM_HUGE_FORCE:
411 return "force";
412 default:
413 VM_BUG_ON(1);
414 return "bad_val";
415 }
416}
417
418#else /* !CONFIG_TRANSPARENT_HUGEPAGE */
419
420#define shmem_huge SHMEM_HUGE_DENY
421
422#endif /* CONFIG_TRANSPARENT_HUGEPAGE */
423
46f65ec1
HD		 424/*
425 * Like add_to_page_cache_locked, but error if expected item has gone.
426 */
427static int shmem_add_to_page_cache(struct page *page,
428 struct address_space *mapping,
fed400a1 429 pgoff_t index, void *expected)
46f65ec1 430{
800d8c63 431 int error, nr = hpage_nr_pages(page);
46f65ec1 432
800d8c63
KS		 433 VM_BUG_ON_PAGE(PageTail(page), page);
434 VM_BUG_ON_PAGE(index != round_down(index, nr), page);
309381fe
SL		 435 VM_BUG_ON_PAGE(!PageLocked(page), page);
436 VM_BUG_ON_PAGE(!PageSwapBacked(page), page);
800d8c63 437 VM_BUG_ON(expected && PageTransHuge(page));
46f65ec1 438
800d8c63 439 page_ref_add(page, nr);
b065b432
HD		 440 page->mapping = mapping;
441 page->index = index;
442
443 spin_lock_irq(&mapping->tree_lock);
800d8c63
KS		 444 if (PageTransHuge(page)) {
445 void __rcu **results;
446 pgoff_t idx;
447 int i;
448
449 error = 0;
450 if (radix_tree_gang_lookup_slot(&mapping->page_tree,
451 &results, &idx, index, 1) &&
452 idx < index + HPAGE_PMD_NR) {
453 error = -EEXIST;
454 }
455
456 if (!error) {
457 for (i = 0; i < HPAGE_PMD_NR; i++) {
458 error = radix_tree_insert(&mapping->page_tree,
459 index + i, page + i);
460 VM_BUG_ON(error);
461 }
462 count_vm_event(THP_FILE_ALLOC);
463 }
464 } else if (!expected) {
b065b432 465 error = radix_tree_insert(&mapping->page_tree, index, page);
800d8c63 466 } else {
b065b432
HD		 467 error = shmem_radix_tree_replace(mapping, index, expected,
468 page);
800d8c63
KS		 469 }
470
46f65ec1 471 if (!error) {
800d8c63
KS		 472 mapping->nrpages += nr;
473 if (PageTransHuge(page))
474 __inc_zone_page_state(page, NR_SHMEM_THPS);
475 __mod_zone_page_state(page_zone(page), NR_FILE_PAGES, nr);
476 __mod_zone_page_state(page_zone(page), NR_SHMEM, nr);
b065b432
HD		 477 spin_unlock_irq(&mapping->tree_lock);
478 } else {
479 page->mapping = NULL;
480 spin_unlock_irq(&mapping->tree_lock);
800d8c63 481 page_ref_sub(page, nr);
46f65ec1 482 }
46f65ec1
HD		 483 return error;
484}
485
6922c0c7
HD		 486/*
487 * Like delete_from_page_cache, but substitutes swap for page.
488 */
489static void shmem_delete_from_page_cache(struct page *page, void *radswap)
490{
491 struct address_space *mapping = page->mapping;
492 int error;
493
800d8c63
KS		 494 VM_BUG_ON_PAGE(PageCompound(page), page);
495
6922c0c7
HD		 496 spin_lock_irq(&mapping->tree_lock);
497 error = shmem_radix_tree_replace(mapping, page->index, page, radswap);
498 page->mapping = NULL;
499 mapping->nrpages--;
500 __dec_zone_page_state(page, NR_FILE_PAGES);
501 __dec_zone_page_state(page, NR_SHMEM);
502 spin_unlock_irq(&mapping->tree_lock);
09cbfeaf 503 put_page(page);
6922c0c7
HD		 504 BUG_ON(error);
505}
506
7a5d0fbb
HD		 507/*
508 * Remove swap entry from radix tree, free the swap and its page cache.
509 */
510static int shmem_free_swap(struct address_space *mapping,
511 pgoff_t index, void *radswap)
512{
6dbaf22c 513 void *old;
7a5d0fbb
HD		 514
515 spin_lock_irq(&mapping->tree_lock);
6dbaf22c 516 old = radix_tree_delete_item(&mapping->page_tree, index, radswap);
7a5d0fbb 517 spin_unlock_irq(&mapping->tree_lock);
6dbaf22c
JW		 518 if (old != radswap)
519 return -ENOENT;
520 free_swap_and_cache(radix_to_swp_entry(radswap));
521 return 0;
7a5d0fbb
HD		 522}
523
6a15a370
VB		 524/*
525 * Determine (in bytes) how many of the shmem object's pages mapped by the
48131e03 526 * given offsets are swapped out.
6a15a370
VB		 527 *
528 * This is safe to call without i_mutex or mapping->tree_lock thanks to RCU,
529 * as long as the inode doesn't go away and racy results are not a problem.
530 */
48131e03
VB		 531unsigned long shmem_partial_swap_usage(struct address_space *mapping,
532 pgoff_t start, pgoff_t end)
6a15a370 533{
6a15a370
VB		 534 struct radix_tree_iter iter;
535 void **slot;
536 struct page *page;
48131e03 537 unsigned long swapped = 0;
6a15a370
VB		 538
539 rcu_read_lock();
540
6a15a370
VB		 541 radix_tree_for_each_slot(slot, &mapping->page_tree, &iter, start) {
542 if (iter.index >= end)
543 break;
544
545 page = radix_tree_deref_slot(slot);
546
2cf938aa
MW		 547 if (radix_tree_deref_retry(page)) {
548 slot = radix_tree_iter_retry(&iter);
549 continue;
550 }
6a15a370
VB		 551
552 if (radix_tree_exceptional_entry(page))
553 swapped++;
554
555 if (need_resched()) {
556 cond_resched_rcu();
7165092f 557 slot = radix_tree_iter_next(&iter);
6a15a370
VB		 558 }
559 }
560
561 rcu_read_unlock();
562
563 return swapped << PAGE_SHIFT;
564}
565
48131e03
VB		 566/*
567 * Determine (in bytes) how many of the shmem object's pages mapped by the
568 * given vma is swapped out.
569 *
570 * This is safe to call without i_mutex or mapping->tree_lock thanks to RCU,
571 * as long as the inode doesn't go away and racy results are not a problem.
572 */
573unsigned long shmem_swap_usage(struct vm_area_struct *vma)
574{
575 struct inode *inode = file_inode(vma->vm_file);
576 struct shmem_inode_info *info = SHMEM_I(inode);
577 struct address_space *mapping = inode->i_mapping;
578 unsigned long swapped;
579
580 /* Be careful as we don't hold info->lock */
581 swapped = READ_ONCE(info->swapped);
582
583 /*
584 * The easier cases are when the shmem object has nothing in swap, or
585 * the vma maps it whole. Then we can simply use the stats that we
586 * already track.
587 */
588 if (!swapped)
589 return 0;
590
591 if (!vma->vm_pgoff && vma->vm_end - vma->vm_start >= inode->i_size)
592 return swapped << PAGE_SHIFT;
593
594 /* Here comes the more involved part */
595 return shmem_partial_swap_usage(mapping,
596 linear_page_index(vma, vma->vm_start),
597 linear_page_index(vma, vma->vm_end));
598}
599
24513264
HD		 600/*
601 * SysV IPC SHM_UNLOCK restore Unevictable pages to their evictable lists.
602 */
603void shmem_unlock_mapping(struct address_space *mapping)
604{
605 struct pagevec pvec;
606 pgoff_t indices[PAGEVEC_SIZE];
607 pgoff_t index = 0;
608
609 pagevec_init(&pvec, 0);
610 /*
611 * Minor point, but we might as well stop if someone else SHM_LOCKs it.
612 */
613 while (!mapping_unevictable(mapping)) {
614 /*
615 * Avoid pagevec_lookup(): find_get_pages() returns 0 as if it
616 * has finished, if it hits a row of PAGEVEC_SIZE swap entries.
617 */
0cd6144a
JW		 618 pvec.nr = find_get_entries(mapping, index,
619 PAGEVEC_SIZE, pvec.pages, indices);
24513264
HD		 620 if (!pvec.nr)
621 break;
622 index = indices[pvec.nr - 1] + 1;
0cd6144a 623 pagevec_remove_exceptionals(&pvec);
24513264
HD		 624 check_move_unevictable_pages(pvec.pages, pvec.nr);
625 pagevec_release(&pvec);
626 cond_resched();
627 }
7a5d0fbb
HD		 628}
629
630/*
631 * Remove range of pages and swap entries from radix tree, and free them.
1635f6a7 632 * If !unfalloc, truncate or punch hole; if unfalloc, undo failed fallocate.
7a5d0fbb 633 */
1635f6a7
HD		 634static void shmem_undo_range(struct inode *inode, loff_t lstart, loff_t lend,
635 bool unfalloc)
1da177e4 636{
285b2c4f 637 struct address_space *mapping = inode->i_mapping;
1da177e4 638 struct shmem_inode_info *info = SHMEM_I(inode);
09cbfeaf
KS		 639 pgoff_t start = (lstart + PAGE_SIZE - 1) >> PAGE_SHIFT;
640 pgoff_t end = (lend + 1) >> PAGE_SHIFT;
641 unsigned int partial_start = lstart & (PAGE_SIZE - 1);
642 unsigned int partial_end = (lend + 1) & (PAGE_SIZE - 1);
bda97eab 643 struct pagevec pvec;
7a5d0fbb
HD		 644 pgoff_t indices[PAGEVEC_SIZE];
645 long nr_swaps_freed = 0;
285b2c4f 646 pgoff_t index;
bda97eab
HD		 647 int i;
648
83e4fa9c
HD		 649 if (lend == -1)
650 end = -1; /* unsigned, so actually very big */
bda97eab
HD		 651
652 pagevec_init(&pvec, 0);
653 index = start;
83e4fa9c 654 while (index < end) {
0cd6144a
JW		 655 pvec.nr = find_get_entries(mapping, index,
656 min(end - index, (pgoff_t)PAGEVEC_SIZE),
657 pvec.pages, indices);
7a5d0fbb
HD		 658 if (!pvec.nr)
659 break;
bda97eab
HD		 660 for (i = 0; i < pagevec_count(&pvec); i++) {
661 struct page *page = pvec.pages[i];
662
7a5d0fbb 663 index = indices[i];
83e4fa9c 664 if (index >= end)
bda97eab
HD		 665 break;
666
7a5d0fbb 667 if (radix_tree_exceptional_entry(page)) {
1635f6a7
HD		 668 if (unfalloc)
669 continue;
7a5d0fbb
HD		 670 nr_swaps_freed += !shmem_free_swap(mapping,
671 index, page);
bda97eab 672 continue;
7a5d0fbb
HD		 673 }
674
800d8c63
KS		 675 VM_BUG_ON_PAGE(page_to_pgoff(page) != index, page);
676
7a5d0fbb 677 if (!trylock_page(page))
bda97eab 678 continue;
800d8c63
KS		 679
680 if (PageTransTail(page)) {
681 /* Middle of THP: zero out the page */
682 clear_highpage(page);
683 unlock_page(page);
684 continue;
685 } else if (PageTransHuge(page)) {
686 if (index == round_down(end, HPAGE_PMD_NR)) {
687 /*
688 * Range ends in the middle of THP:
689 * zero out the page
690 */
691 clear_highpage(page);
692 unlock_page(page);
693 continue;
694 }
695 index += HPAGE_PMD_NR - 1;
696 i += HPAGE_PMD_NR - 1;
697 }
698
1635f6a7 699 if (!unfalloc || !PageUptodate(page)) {
800d8c63
KS		 700 VM_BUG_ON_PAGE(PageTail(page), page);
701 if (page_mapping(page) == mapping) {
309381fe 702 VM_BUG_ON_PAGE(PageWriteback(page), page);
1635f6a7
HD		 703 truncate_inode_page(mapping, page);
704 }
bda97eab 705 }
bda97eab
HD		 706 unlock_page(page);
707 }
0cd6144a 708 pagevec_remove_exceptionals(&pvec);
24513264 709 pagevec_release(&pvec);
bda97eab
HD		 710 cond_resched();
711 index++;
712 }
1da177e4 713
83e4fa9c 714 if (partial_start) {
bda97eab 715 struct page *page = NULL;
9e18eb29 716 shmem_getpage(inode, start - 1, &page, SGP_READ);
bda97eab 717 if (page) {
09cbfeaf 718 unsigned int top = PAGE_SIZE;
83e4fa9c
HD		 719 if (start > end) {
720 top = partial_end;
721 partial_end = 0;
722 }
723 zero_user_segment(page, partial_start, top);
724 set_page_dirty(page);
725 unlock_page(page);
09cbfeaf 726 put_page(page);
83e4fa9c
HD		 727 }
728 }
729 if (partial_end) {
730 struct page *page = NULL;
9e18eb29 731 shmem_getpage(inode, end, &page, SGP_READ);
83e4fa9c
HD		 732 if (page) {
733 zero_user_segment(page, 0, partial_end);
bda97eab
HD		 734 set_page_dirty(page);
735 unlock_page(page);
09cbfeaf 736 put_page(page);
bda97eab
HD		 737 }
738 }
83e4fa9c
HD		 739 if (start >= end)
740 return;
bda97eab
HD		 741
742 index = start;
b1a36650 743 while (index < end) {
bda97eab 744 cond_resched();
0cd6144a
JW		 745
746 pvec.nr = find_get_entries(mapping, index,
83e4fa9c 747 min(end - index, (pgoff_t)PAGEVEC_SIZE),
0cd6144a 748 pvec.pages, indices);
7a5d0fbb 749 if (!pvec.nr) {
b1a36650
HD		 750 /* If all gone or hole-punch or unfalloc, we're done */
751 if (index == start || end != -1)
bda97eab 752 break;
b1a36650 753 /* But if truncating, restart to make sure all gone */
bda97eab
HD		 754 index = start;
755 continue;
756 }
bda97eab
HD		 757 for (i = 0; i < pagevec_count(&pvec); i++) {
758 struct page *page = pvec.pages[i];
759
7a5d0fbb 760 index = indices[i];
83e4fa9c 761 if (index >= end)
bda97eab
HD		 762 break;
763
7a5d0fbb 764 if (radix_tree_exceptional_entry(page)) {
1635f6a7
HD		 765 if (unfalloc)
766 continue;
b1a36650
HD		 767 if (shmem_free_swap(mapping, index, page)) {
768 /* Swap was replaced by page: retry */
769 index--;
770 break;
771 }
772 nr_swaps_freed++;
7a5d0fbb
HD		 773 continue;
774 }
775
bda97eab 776 lock_page(page);
800d8c63
KS		 777
778 if (PageTransTail(page)) {
779 /* Middle of THP: zero out the page */
780 clear_highpage(page);
781 unlock_page(page);
782 /*
783 * Partial thp truncate due 'start' in middle
784 * of THP: don't need to look on these pages
785 * again on !pvec.nr restart.
786 */
787 if (index != round_down(end, HPAGE_PMD_NR))
788 start++;
789 continue;
790 } else if (PageTransHuge(page)) {
791 if (index == round_down(end, HPAGE_PMD_NR)) {
792 /*
793 * Range ends in the middle of THP:
794 * zero out the page
795 */
796 clear_highpage(page);
797 unlock_page(page);
798 continue;
799 }
800 index += HPAGE_PMD_NR - 1;
801 i += HPAGE_PMD_NR - 1;
802 }
803
1635f6a7 804 if (!unfalloc || !PageUptodate(page)) {
800d8c63
KS		 805 VM_BUG_ON_PAGE(PageTail(page), page);
806 if (page_mapping(page) == mapping) {
309381fe 807 VM_BUG_ON_PAGE(PageWriteback(page), page);
1635f6a7 808 truncate_inode_page(mapping, page);
b1a36650
HD		 809 } else {
810 /* Page was replaced by swap: retry */
811 unlock_page(page);
812 index--;
813 break;
1635f6a7 814 }
7a5d0fbb 815 }
bda97eab
HD		 816 unlock_page(page);
817 }
0cd6144a 818 pagevec_remove_exceptionals(&pvec);
24513264 819 pagevec_release(&pvec);
bda97eab
HD		 820 index++;
821 }
94c1e62d 822
4595ef88 823 spin_lock_irq(&info->lock);
7a5d0fbb 824 info->swapped -= nr_swaps_freed;
1da177e4 825 shmem_recalc_inode(inode);
4595ef88 826 spin_unlock_irq(&info->lock);
1635f6a7 827}
1da177e4 828
1635f6a7
HD		 829void shmem_truncate_range(struct inode *inode, loff_t lstart, loff_t lend)
830{
831 shmem_undo_range(inode, lstart, lend, false);
285b2c4f 832 inode->i_ctime = inode->i_mtime = CURRENT_TIME;
1da177e4 833}
94c1e62d 834EXPORT_SYMBOL_GPL(shmem_truncate_range);
1da177e4 835
44a30220
YZ		 836static int shmem_getattr(struct vfsmount *mnt, struct dentry *dentry,
837 struct kstat *stat)
838{
839 struct inode *inode = dentry->d_inode;
840 struct shmem_inode_info *info = SHMEM_I(inode);
841
d0424c42 842 if (info->alloced - info->swapped != inode->i_mapping->nrpages) {
4595ef88 843 spin_lock_irq(&info->lock);
d0424c42 844 shmem_recalc_inode(inode);
4595ef88 845 spin_unlock_irq(&info->lock);
d0424c42 846 }
44a30220 847 generic_fillattr(inode, stat);
44a30220
YZ		 848 return 0;
849}
850
94c1e62d 851static int shmem_setattr(struct dentry *dentry, struct iattr *attr)
1da177e4 852{
75c3cfa8 853 struct inode *inode = d_inode(dentry);
40e041a2 854 struct shmem_inode_info *info = SHMEM_I(inode);
1da177e4
LT		 855 int error;
856
db78b877
CH		 857 error = inode_change_ok(inode, attr);
858 if (error)
859 return error;
860
94c1e62d
HD		 861 if (S_ISREG(inode->i_mode) && (attr->ia_valid & ATTR_SIZE)) {
862 loff_t oldsize = inode->i_size;
863 loff_t newsize = attr->ia_size;
3889e6e7 864
40e041a2
DH		 865 /* protected by i_mutex */
866 if ((newsize < oldsize && (info->seals & F_SEAL_SHRINK)) ||
867 (newsize > oldsize && (info->seals & F_SEAL_GROW)))
868 return -EPERM;
869
94c1e62d 870 if (newsize != oldsize) {
77142517
KK		 871 error = shmem_reacct_size(SHMEM_I(inode)->flags,
872 oldsize, newsize);
873 if (error)
874 return error;
94c1e62d
HD		 875 i_size_write(inode, newsize);
876 inode->i_ctime = inode->i_mtime = CURRENT_TIME;
877 }
afa2db2f 878 if (newsize <= oldsize) {
94c1e62d 879 loff_t holebegin = round_up(newsize, PAGE_SIZE);
d0424c42
HD		 880 if (oldsize > holebegin)
881 unmap_mapping_range(inode->i_mapping,
882 holebegin, 0, 1);
883 if (info->alloced)
884 shmem_truncate_range(inode,
885 newsize, (loff_t)-1);
94c1e62d 886 /* unmap again to remove racily COWed private pages */
d0424c42
HD		 887 if (oldsize > holebegin)
888 unmap_mapping_range(inode->i_mapping,
889 holebegin, 0, 1);
94c1e62d 890 }
1da177e4
LT		 891 }
892
db78b877 893 setattr_copy(inode, attr);
db78b877 894 if (attr->ia_valid & ATTR_MODE)
feda821e 895 error = posix_acl_chmod(inode, inode->i_mode);
1da177e4
LT		 896 return error;
897}
898
1f895f75 899static void shmem_evict_inode(struct inode *inode)
1da177e4 900{
1da177e4
LT		 901 struct shmem_inode_info *info = SHMEM_I(inode);
902
3889e6e7 903 if (inode->i_mapping->a_ops == &shmem_aops) {
1da177e4
LT		 904 shmem_unacct_size(info->flags, inode->i_size);
905 inode->i_size = 0;
3889e6e7 906 shmem_truncate_range(inode, 0, (loff_t)-1);
1da177e4 907 if (!list_empty(&info->swaplist)) {
cb5f7b9a 908 mutex_lock(&shmem_swaplist_mutex);
1da177e4 909 list_del_init(&info->swaplist);
cb5f7b9a 910 mutex_unlock(&shmem_swaplist_mutex);
1da177e4 911 }
3ed47db3 912 }
b09e0fa4 913
38f38657 914 simple_xattrs_free(&info->xattrs);
0f3c42f5 915 WARN_ON(inode->i_blocks);
5b04c689 916 shmem_free_inode(inode->i_sb);
dbd5768f 917 clear_inode(inode);
1da177e4
LT		 918}
919
46f65ec1
HD		 920/*
921 * If swap found in inode, free it and move page from swapcache to filecache.
922 */
41ffe5d5 923static int shmem_unuse_inode(struct shmem_inode_info *info,
bde05d1c 924 swp_entry_t swap, struct page **pagep)
1da177e4 925{
285b2c4f 926 struct address_space *mapping = info->vfs_inode.i_mapping;
46f65ec1 927 void *radswap;
41ffe5d5 928 pgoff_t index;
bde05d1c
HD		 929 gfp_t gfp;
930 int error = 0;
1da177e4 931
46f65ec1 932 radswap = swp_to_radix_entry(swap);
e504f3fd 933 index = radix_tree_locate_item(&mapping->page_tree, radswap);
46f65ec1 934 if (index == -1)
00501b53 935 return -EAGAIN; /* tell shmem_unuse we found nothing */
2e0e26c7 936
1b1b32f2
HD		 937 /*
938 * Move _head_ to start search for next from here.
1f895f75 939 * But be careful: shmem_evict_inode checks list_empty without taking
1b1b32f2 940 * mutex, and there's an instant in list_move_tail when info->swaplist
285b2c4f 941 * would appear empty, if it were the only one on shmem_swaplist.
1b1b32f2
HD		 942 */
943 if (shmem_swaplist.next != &info->swaplist)
944 list_move_tail(&shmem_swaplist, &info->swaplist);
2e0e26c7 945
bde05d1c
HD		 946 gfp = mapping_gfp_mask(mapping);
947 if (shmem_should_replace_page(*pagep, gfp)) {
948 mutex_unlock(&shmem_swaplist_mutex);
949 error = shmem_replace_page(pagep, gfp, info, index);
950 mutex_lock(&shmem_swaplist_mutex);
951 /*
952 * We needed to drop mutex to make that restrictive page
0142ef6c
HD		 953 * allocation, but the inode might have been freed while we
954 * dropped it: although a racing shmem_evict_inode() cannot
955 * complete without emptying the radix_tree, our page lock
956 * on this swapcache page is not enough to prevent that -
957 * free_swap_and_cache() of our swap entry will only
958 * trylock_page(), removing swap from radix_tree whatever.
959 *
960 * We must not proceed to shmem_add_to_page_cache() if the
961 * inode has been freed, but of course we cannot rely on
962 * inode or mapping or info to check that. However, we can
963 * safely check if our swap entry is still in use (and here
964 * it can't have got reused for another page): if it's still
965 * in use, then the inode cannot have been freed yet, and we
966 * can safely proceed (if it's no longer in use, that tells
967 * nothing about the inode, but we don't need to unuse swap).
bde05d1c
HD		 968 */
969 if (!page_swapcount(*pagep))
970 error = -ENOENT;
971 }
972
d13d1443 973 /*
778dd893
HD		 974 * We rely on shmem_swaplist_mutex, not only to protect the swaplist,
975 * but also to hold up shmem_evict_inode(): so inode cannot be freed
976 * beneath us (pagelock doesn't help until the page is in pagecache).
d13d1443 977 */
bde05d1c
HD		 978 if (!error)
979 error = shmem_add_to_page_cache(*pagep, mapping, index,
fed400a1 980 radswap);
48f170fb 981 if (error != -ENOMEM) {
46f65ec1
HD		 982 /*
983 * Truncation and eviction use free_swap_and_cache(), which
984 * only does trylock page: if we raced, best clean up here.
985 */
bde05d1c
HD		 986 delete_from_swap_cache(*pagep);
987 set_page_dirty(*pagep);
46f65ec1 988 if (!error) {
4595ef88 989 spin_lock_irq(&info->lock);
46f65ec1 990 info->swapped--;
4595ef88 991 spin_unlock_irq(&info->lock);
46f65ec1
HD		 992 swap_free(swap);
993 }
1da177e4 994 }
2e0e26c7 995 return error;
1da177e4
LT		 996}
997
998/*
46f65ec1 999 * Search through swapped inodes to find and replace swap by page.
1da177e4 1000 */
41ffe5d5 1001int shmem_unuse(swp_entry_t swap, struct page *page)
1da177e4 1002{
41ffe5d5 1003 struct list_head *this, *next;
1da177e4 1004 struct shmem_inode_info *info;
00501b53 1005 struct mem_cgroup *memcg;
bde05d1c
HD		 1006 int error = 0;
1007
1008 /*
1009 * There's a faint possibility that swap page was replaced before
0142ef6c 1010 * caller locked it: caller will come back later with the right page.
bde05d1c 1011 */
0142ef6c 1012 if (unlikely(!PageSwapCache(page) || page_private(page) != swap.val))
bde05d1c 1013 goto out;
778dd893
HD		 1014
1015 /*
1016 * Charge page using GFP_KERNEL while we can wait, before taking
1017 * the shmem_swaplist_mutex which might hold up shmem_writepage().
1018 * Charged back to the user (not to caller) when swap account is used.
778dd893 1019 */
f627c2f5
KS		 1020 error = mem_cgroup_try_charge(page, current->mm, GFP_KERNEL, &memcg,
1021 false);
778dd893
HD		 1022 if (error)
1023 goto out;
46f65ec1 1024 /* No radix_tree_preload: swap entry keeps a place for page in tree */
00501b53 1025 error = -EAGAIN;
1da177e4 1026
cb5f7b9a 1027 mutex_lock(&shmem_swaplist_mutex);
41ffe5d5
HD		 1028 list_for_each_safe(this, next, &shmem_swaplist) {
1029 info = list_entry(this, struct shmem_inode_info, swaplist);
285b2c4f 1030 if (info->swapped)
00501b53 1031 error = shmem_unuse_inode(info, swap, &page);
6922c0c7
HD		 1032 else
1033 list_del_init(&info->swaplist);
cb5f7b9a 1034 cond_resched();
00501b53 1035 if (error != -EAGAIN)
778dd893 1036 break;
00501b53 1037 /* found nothing in this: move on to search the next */
1da177e4 1038 }
cb5f7b9a 1039 mutex_unlock(&shmem_swaplist_mutex);
778dd893 1040
00501b53
JW		 1041 if (error) {
1042 if (error != -ENOMEM)
1043 error = 0;
f627c2f5 1044 mem_cgroup_cancel_charge(page, memcg, false);
00501b53 1045 } else
f627c2f5 1046 mem_cgroup_commit_charge(page, memcg, true, false);
778dd893 1047out:
aaa46865 1048 unlock_page(page);
09cbfeaf 1049 put_page(page);
778dd893 1050 return error;
1da177e4
LT		 1051}
1052
1053/*
1054 * Move the page from the page cache to the swap cache.
1055 */
1056static int shmem_writepage(struct page *page, struct writeback_control *wbc)
1057{
1058 struct shmem_inode_info *info;
1da177e4 1059 struct address_space *mapping;
1da177e4 1060 struct inode *inode;
6922c0c7
HD		 1061 swp_entry_t swap;
1062 pgoff_t index;
1da177e4 1063
800d8c63 1064 VM_BUG_ON_PAGE(PageCompound(page), page);
1da177e4 1065 BUG_ON(!PageLocked(page));
1da177e4
LT		 1066 mapping = page->mapping;
1067 index = page->index;
1068 inode = mapping->host;
1069 info = SHMEM_I(inode);
1070 if (info->flags & VM_LOCKED)
1071 goto redirty;
d9fe526a 1072 if (!total_swap_pages)
1da177e4
LT		 1073 goto redirty;
1074
d9fe526a 1075 /*
97b713ba
CH		 1076 * Our capabilities prevent regular writeback or sync from ever calling
1077 * shmem_writepage; but a stacking filesystem might use ->writepage of
1078 * its underlying filesystem, in which case tmpfs should write out to
1079 * swap only in response to memory pressure, and not for the writeback
1080 * threads or sync.
d9fe526a 1081 */
48f170fb
HD		 1082 if (!wbc->for_reclaim) {
1083 WARN_ON_ONCE(1); /* Still happens? Tell us about it! */
1084 goto redirty;
1085 }
1635f6a7
HD		 1086
1087 /*
1088 * This is somewhat ridiculous, but without plumbing a SWAP_MAP_FALLOC
1089 * value into swapfile.c, the only way we can correctly account for a
1090 * fallocated page arriving here is now to initialize it and write it.
1aac1400
HD		 1091 *
1092 * That's okay for a page already fallocated earlier, but if we have
1093 * not yet completed the fallocation, then (a) we want to keep track
1094 * of this page in case we have to undo it, and (b) it may not be a
1095 * good idea to continue anyway, once we're pushing into swap. So
1096 * reactivate the page, and let shmem_fallocate() quit when too many.
1635f6a7
HD		 1097 */
1098 if (!PageUptodate(page)) {
1aac1400
HD		 1099 if (inode->i_private) {
1100 struct shmem_falloc *shmem_falloc;
1101 spin_lock(&inode->i_lock);
1102 shmem_falloc = inode->i_private;
1103 if (shmem_falloc &&
8e205f77 1104 !shmem_falloc->waitq &&
1aac1400
HD		 1105 index >= shmem_falloc->start &&
1106 index < shmem_falloc->next)
1107 shmem_falloc->nr_unswapped++;
1108 else
1109 shmem_falloc = NULL;
1110 spin_unlock(&inode->i_lock);
1111 if (shmem_falloc)
1112 goto redirty;
1113 }
1635f6a7
HD		 1114 clear_highpage(page);
1115 flush_dcache_page(page);
1116 SetPageUptodate(page);
1117 }
1118
48f170fb
HD		 1119 swap = get_swap_page();
1120 if (!swap.val)
1121 goto redirty;
d9fe526a 1122
37e84351
VD		 1123 if (mem_cgroup_try_charge_swap(page, swap))
1124 goto free_swap;
1125
b1dea800
HD		 1126 /*
1127 * Add inode to shmem_unuse()'s list of swapped-out inodes,
6922c0c7
HD		 1128 * if it's not already there. Do it now before the page is
1129 * moved to swap cache, when its pagelock no longer protects
b1dea800 1130 * the inode from eviction. But don't unlock the mutex until
6922c0c7
HD		 1131 * we've incremented swapped, because shmem_unuse_inode() will
1132 * prune a !swapped inode from the swaplist under this mutex.
b1dea800 1133 */
48f170fb
HD		 1134 mutex_lock(&shmem_swaplist_mutex);
1135 if (list_empty(&info->swaplist))
1136 list_add_tail(&info->swaplist, &shmem_swaplist);
b1dea800 1137
48f170fb 1138 if (add_to_swap_cache(page, swap, GFP_ATOMIC) == 0) {
4595ef88 1139 spin_lock_irq(&info->lock);
6922c0c7 1140 shmem_recalc_inode(inode);
267a4c76 1141 info->swapped++;
4595ef88 1142 spin_unlock_irq(&info->lock);
6922c0c7 1143
267a4c76
HD		 1144 swap_shmem_alloc(swap);
1145 shmem_delete_from_page_cache(page, swp_to_radix_entry(swap));
1146
6922c0c7 1147 mutex_unlock(&shmem_swaplist_mutex);
d9fe526a 1148 BUG_ON(page_mapped(page));
9fab5619 1149 swap_writepage(page, wbc);
1da177e4
LT		 1150 return 0;
1151 }
1152
6922c0c7 1153 mutex_unlock(&shmem_swaplist_mutex);
37e84351 1154free_swap:
0a31bc97 1155 swapcache_free(swap);
1da177e4
LT		 1156redirty:
1157 set_page_dirty(page);
d9fe526a
HD		 1158 if (wbc->for_reclaim)
1159 return AOP_WRITEPAGE_ACTIVATE; /* Return with page locked */
1160 unlock_page(page);
1161 return 0;
1da177e4
LT		 1162}
1163
75edd345 1164#if defined(CONFIG_NUMA) && defined(CONFIG_TMPFS)
71fe804b 1165static void shmem_show_mpol(struct seq_file *seq, struct mempolicy *mpol)
680d794b 1166{
095f1fc4 1167 char buffer[64];
680d794b 1168
71fe804b 1169 if (!mpol || mpol->mode == MPOL_DEFAULT)
095f1fc4 1170 return; /* show nothing */
680d794b 1171
a7a88b23 1172 mpol_to_str(buffer, sizeof(buffer), mpol);
095f1fc4
LS		 1173
1174 seq_printf(seq, ",mpol=%s", buffer);
680d794b 1175}
71fe804b
LS		 1176
1177static struct mempolicy *shmem_get_sbmpol(struct shmem_sb_info *sbinfo)
1178{
1179 struct mempolicy *mpol = NULL;
1180 if (sbinfo->mpol) {
1181 spin_lock(&sbinfo->stat_lock); /* prevent replace/use races */
1182 mpol = sbinfo->mpol;
1183 mpol_get(mpol);
1184 spin_unlock(&sbinfo->stat_lock);
1185 }
1186 return mpol;
1187}
75edd345
HD		 1188#else /* !CONFIG_NUMA || !CONFIG_TMPFS */
1189static inline void shmem_show_mpol(struct seq_file *seq, struct mempolicy *mpol)
1190{
1191}
1192static inline struct mempolicy *shmem_get_sbmpol(struct shmem_sb_info *sbinfo)
1193{
1194 return NULL;
1195}
1196#endif /* CONFIG_NUMA && CONFIG_TMPFS */
1197#ifndef CONFIG_NUMA
1198#define vm_policy vm_private_data
1199#endif
680d794b 1200
800d8c63
KS		 1201static void shmem_pseudo_vma_init(struct vm_area_struct *vma,
1202 struct shmem_inode_info *info, pgoff_t index)
1203{
1204 /* Create a pseudo vma that just contains the policy */
1205 vma->vm_start = 0;
1206 /* Bias interleave by inode number to distribute better across nodes */
1207 vma->vm_pgoff = index + info->vfs_inode.i_ino;
1208 vma->vm_ops = NULL;
1209 vma->vm_policy = mpol_shared_policy_lookup(&info->policy, index);
1210}
1211
1212static void shmem_pseudo_vma_destroy(struct vm_area_struct *vma)
1213{
1214 /* Drop reference taken by mpol_shared_policy_lookup() */
1215 mpol_cond_put(vma->vm_policy);
1216}
1217
41ffe5d5
HD		 1218static struct page *shmem_swapin(swp_entry_t swap, gfp_t gfp,
1219 struct shmem_inode_info *info, pgoff_t index)
1da177e4 1220{
1da177e4 1221 struct vm_area_struct pvma;
18a2f371 1222 struct page *page;
52cd3b07 1223
800d8c63 1224 shmem_pseudo_vma_init(&pvma, info, index);
18a2f371 1225 page = swapin_readahead(swap, gfp, &pvma, 0);
800d8c63 1226 shmem_pseudo_vma_destroy(&pvma);
18a2f371 1227
800d8c63
KS		 1228 return page;
1229}
1230
1231static struct page *shmem_alloc_hugepage(gfp_t gfp,
1232 struct shmem_inode_info *info, pgoff_t index)
1233{
1234 struct vm_area_struct pvma;
1235 struct inode *inode = &info->vfs_inode;
1236 struct address_space *mapping = inode->i_mapping;
1237 pgoff_t idx, hindex = round_down(index, HPAGE_PMD_NR);
1238 void __rcu **results;
1239 struct page *page;
1240
1241 if (!IS_ENABLED(CONFIG_TRANSPARENT_HUGEPAGE))
1242 return NULL;
1243
1244 rcu_read_lock();
1245 if (radix_tree_gang_lookup_slot(&mapping->page_tree, &results, &idx,
1246 hindex, 1) && idx < hindex + HPAGE_PMD_NR) {
1247 rcu_read_unlock();
1248 return NULL;
1249 }
1250 rcu_read_unlock();
18a2f371 1251
800d8c63
KS		 1252 shmem_pseudo_vma_init(&pvma, info, hindex);
1253 page = alloc_pages_vma(gfp | __GFP_COMP | __GFP_NORETRY | __GFP_NOWARN,
1254 HPAGE_PMD_ORDER, &pvma, 0, numa_node_id(), true);
1255 shmem_pseudo_vma_destroy(&pvma);
1256 if (page)
1257 prep_transhuge_page(page);
18a2f371 1258 return page;
1da177e4
LT		 1259}
1260
02098fea 1261static struct page *shmem_alloc_page(gfp_t gfp,
41ffe5d5 1262 struct shmem_inode_info *info, pgoff_t index)
1da177e4
LT		 1263{
1264 struct vm_area_struct pvma;
18a2f371 1265 struct page *page;
1da177e4 1266
800d8c63
KS		 1267 shmem_pseudo_vma_init(&pvma, info, index);
1268 page = alloc_page_vma(gfp, &pvma, 0);
1269 shmem_pseudo_vma_destroy(&pvma);
1270
1271 return page;
1272}
1273
1274static struct page *shmem_alloc_and_acct_page(gfp_t gfp,
1275 struct shmem_inode_info *info, struct shmem_sb_info *sbinfo,
1276 pgoff_t index, bool huge)
1277{
1278 struct page *page;
1279 int nr;
1280 int err = -ENOSPC;
52cd3b07 1281
800d8c63
KS		 1282 if (!IS_ENABLED(CONFIG_TRANSPARENT_HUGEPAGE))
1283 huge = false;
1284 nr = huge ? HPAGE_PMD_NR : 1;
1285
1286 if (shmem_acct_block(info->flags, nr))
1287 goto failed;
1288 if (sbinfo->max_blocks) {
1289 if (percpu_counter_compare(&sbinfo->used_blocks,
1290 sbinfo->max_blocks - nr) > 0)
1291 goto unacct;
1292 percpu_counter_add(&sbinfo->used_blocks, nr);
1293 }
1294
1295 if (huge)
1296 page = shmem_alloc_hugepage(gfp, info, index);
1297 else
1298 page = shmem_alloc_page(gfp, info, index);
75edd345
HD		 1299 if (page) {
1300 __SetPageLocked(page);
1301 __SetPageSwapBacked(page);
800d8c63 1302 return page;
75edd345 1303 }
18a2f371 1304
800d8c63
KS		 1305 err = -ENOMEM;
1306 if (sbinfo->max_blocks)
1307 percpu_counter_add(&sbinfo->used_blocks, -nr);
1308unacct:
1309 shmem_unacct_blocks(info->flags, nr);
1310failed:
1311 return ERR_PTR(err);
1da177e4 1312}
71fe804b 1313
bde05d1c
HD		 1314/*
1315 * When a page is moved from swapcache to shmem filecache (either by the
1316 * usual swapin of shmem_getpage_gfp(), or by the less common swapoff of
1317 * shmem_unuse_inode()), it may have been read in earlier from swap, in
1318 * ignorance of the mapping it belongs to. If that mapping has special
1319 * constraints (like the gma500 GEM driver, which requires RAM below 4GB),
1320 * we may need to copy to a suitable page before moving to filecache.
1321 *
1322 * In a future release, this may well be extended to respect cpuset and
1323 * NUMA mempolicy, and applied also to anonymous pages in do_swap_page();
1324 * but for now it is a simple matter of zone.
1325 */
1326static bool shmem_should_replace_page(struct page *page, gfp_t gfp)
1327{
1328 return page_zonenum(page) > gfp_zone(gfp);
1329}
1330
1331static int shmem_replace_page(struct page **pagep, gfp_t gfp,
1332 struct shmem_inode_info *info, pgoff_t index)
1333{
1334 struct page *oldpage, *newpage;
1335 struct address_space *swap_mapping;
1336 pgoff_t swap_index;
1337 int error;
1338
1339 oldpage = *pagep;
1340 swap_index = page_private(oldpage);
1341 swap_mapping = page_mapping(oldpage);
1342
1343 /*
1344 * We have arrived here because our zones are constrained, so don't
1345 * limit chance of success by further cpuset and node constraints.
1346 */
1347 gfp &= ~GFP_CONSTRAINT_MASK;
1348 newpage = shmem_alloc_page(gfp, info, index);
1349 if (!newpage)
1350 return -ENOMEM;
bde05d1c 1351
09cbfeaf 1352 get_page(newpage);
bde05d1c 1353 copy_highpage(newpage, oldpage);
0142ef6c 1354 flush_dcache_page(newpage);
bde05d1c 1355
bde05d1c 1356 SetPageUptodate(newpage);
bde05d1c 1357 set_page_private(newpage, swap_index);
bde05d1c
HD		 1358 SetPageSwapCache(newpage);
1359
1360 /*
1361 * Our caller will very soon move newpage out of swapcache, but it's
1362 * a nice clean interface for us to replace oldpage by newpage there.
1363 */
1364 spin_lock_irq(&swap_mapping->tree_lock);
1365 error = shmem_radix_tree_replace(swap_mapping, swap_index, oldpage,
1366 newpage);
0142ef6c
HD		 1367 if (!error) {
1368 __inc_zone_page_state(newpage, NR_FILE_PAGES);
1369 __dec_zone_page_state(oldpage, NR_FILE_PAGES);
1370 }
bde05d1c 1371 spin_unlock_irq(&swap_mapping->tree_lock);
bde05d1c 1372
0142ef6c
HD		 1373 if (unlikely(error)) {
1374 /*
1375 * Is this possible? I think not, now that our callers check
1376 * both PageSwapCache and page_private after getting page lock;
1377 * but be defensive. Reverse old to newpage for clear and free.
1378 */
1379 oldpage = newpage;
1380 } else {
6a93ca8f 1381 mem_cgroup_migrate(oldpage, newpage);
0142ef6c
HD		 1382 lru_cache_add_anon(newpage);
1383 *pagep = newpage;
1384 }
bde05d1c
HD		 1385
1386 ClearPageSwapCache(oldpage);
1387 set_page_private(oldpage, 0);
1388
1389 unlock_page(oldpage);
09cbfeaf
KS		 1390 put_page(oldpage);
1391 put_page(oldpage);
0142ef6c 1392 return error;
bde05d1c
HD		 1393}
1394
1da177e4 1395/*
68da9f05 1396 * shmem_getpage_gfp - find page in cache, or get from swap, or allocate
1da177e4
LT		 1397 *
1398 * If we allocate a new one we do not mark it dirty. That's up to the
1399 * vm. If we swap it in we mark it dirty since we also free the swap
9e18eb29
ALC		 1400 * entry since a page cannot live in both the swap and page cache.
1401 *
1402 * fault_mm and fault_type are only supplied by shmem_fault:
1403 * otherwise they are NULL.
1da177e4 1404 */
41ffe5d5 1405static int shmem_getpage_gfp(struct inode *inode, pgoff_t index,
9e18eb29
ALC		 1406 struct page **pagep, enum sgp_type sgp, gfp_t gfp,
1407 struct mm_struct *fault_mm, int *fault_type)
1da177e4
LT		 1408{
1409 struct address_space *mapping = inode->i_mapping;
54af6042 1410 struct shmem_inode_info *info;
1da177e4 1411 struct shmem_sb_info *sbinfo;
9e18eb29 1412 struct mm_struct *charge_mm;
00501b53 1413 struct mem_cgroup *memcg;
27ab7006 1414 struct page *page;
1da177e4 1415 swp_entry_t swap;
657e3038 1416 enum sgp_type sgp_huge = sgp;
800d8c63 1417 pgoff_t hindex = index;
1da177e4 1418 int error;
54af6042 1419 int once = 0;
1635f6a7 1420 int alloced = 0;
1da177e4 1421
09cbfeaf 1422 if (index > (MAX_LFS_FILESIZE >> PAGE_SHIFT))
1da177e4 1423 return -EFBIG;
657e3038
KS		 1424 if (sgp == SGP_NOHUGE || sgp == SGP_HUGE)
1425 sgp = SGP_CACHE;
1da177e4 1426repeat:
54af6042 1427 swap.val = 0;
0cd6144a 1428 page = find_lock_entry(mapping, index);
54af6042
HD		 1429 if (radix_tree_exceptional_entry(page)) {
1430 swap = radix_to_swp_entry(page);
1431 page = NULL;
1432 }
1433
75edd345 1434 if (sgp <= SGP_CACHE &&
09cbfeaf 1435 ((loff_t)index << PAGE_SHIFT) >= i_size_read(inode)) {
54af6042 1436 error = -EINVAL;
267a4c76 1437 goto unlock;
54af6042
HD		 1438 }
1439
66d2f4d2
HD		 1440 if (page && sgp == SGP_WRITE)
1441 mark_page_accessed(page);
1442
1635f6a7
HD		 1443 /* fallocated page? */
1444 if (page && !PageUptodate(page)) {
1445 if (sgp != SGP_READ)
1446 goto clear;
1447 unlock_page(page);
09cbfeaf 1448 put_page(page);
1635f6a7
HD		 1449 page = NULL;
1450 }
54af6042 1451 if (page || (sgp == SGP_READ && !swap.val)) {
54af6042
HD		 1452 *pagep = page;
1453 return 0;
27ab7006
HD		 1454 }
1455
1456 /*
54af6042
HD		 1457 * Fast cache lookup did not find it:
1458 * bring it back from swap or allocate.
27ab7006 1459 */
54af6042
HD		 1460 info = SHMEM_I(inode);
1461 sbinfo = SHMEM_SB(inode->i_sb);
9e18eb29 1462 charge_mm = fault_mm ? : current->mm;
1da177e4 1463
1da177e4
LT		 1464 if (swap.val) {
1465 /* Look it up and read it in.. */
27ab7006
HD		 1466 page = lookup_swap_cache(swap);
1467 if (!page) {
9e18eb29
ALC		 1468 /* Or update major stats only when swapin succeeds?? */
1469 if (fault_type) {
68da9f05 1470 *fault_type |= VM_FAULT_MAJOR;
9e18eb29
ALC		 1471 count_vm_event(PGMAJFAULT);
1472 mem_cgroup_count_vm_event(fault_mm, PGMAJFAULT);
1473 }
1474 /* Here we actually start the io */
41ffe5d5 1475 page = shmem_swapin(swap, gfp, info, index);
27ab7006 1476 if (!page) {
54af6042
HD		 1477 error = -ENOMEM;
1478 goto failed;
1da177e4 1479 }
1da177e4
LT		 1480 }
1481
1482 /* We have to do this with page locked to prevent races */
54af6042 1483 lock_page(page);
0142ef6c 1484 if (!PageSwapCache(page) || page_private(page) != swap.val ||
d1899228 1485 !shmem_confirm_swap(mapping, index, swap)) {
bde05d1c 1486 error = -EEXIST; /* try again */
d1899228 1487 goto unlock;
bde05d1c 1488 }
27ab7006 1489 if (!PageUptodate(page)) {
1da177e4 1490 error = -EIO;
54af6042 1491 goto failed;
1da177e4 1492 }
54af6042
HD		 1493 wait_on_page_writeback(page);
1494
bde05d1c
HD		 1495 if (shmem_should_replace_page(page, gfp)) {
1496 error = shmem_replace_page(&page, gfp, info, index);
1497 if (error)
1498 goto failed;
1da177e4 1499 }
27ab7006 1500
9e18eb29 1501 error = mem_cgroup_try_charge(page, charge_mm, gfp, &memcg,
f627c2f5 1502 false);
d1899228 1503 if (!error) {
aa3b1895 1504 error = shmem_add_to_page_cache(page, mapping, index,
fed400a1 1505 swp_to_radix_entry(swap));
215c02bc
HD		 1506 /*
1507 * We already confirmed swap under page lock, and make
1508 * no memory allocation here, so usually no possibility
1509 * of error; but free_swap_and_cache() only trylocks a
1510 * page, so it is just possible that the entry has been
1511 * truncated or holepunched since swap was confirmed.
1512 * shmem_undo_range() will have done some of the
1513 * unaccounting, now delete_from_swap_cache() will do
93aa7d95 1514 * the rest.
215c02bc
HD		 1515 * Reset swap.val? No, leave it so "failed" goes back to
1516 * "repeat": reading a hole and writing should succeed.
1517 */
00501b53 1518 if (error) {
f627c2f5 1519 mem_cgroup_cancel_charge(page, memcg, false);
215c02bc 1520 delete_from_swap_cache(page);
00501b53 1521 }
d1899228 1522 }
54af6042
HD		 1523 if (error)
1524 goto failed;
1525
f627c2f5 1526 mem_cgroup_commit_charge(page, memcg, true, false);
00501b53 1527
4595ef88 1528 spin_lock_irq(&info->lock);
285b2c4f 1529 info->swapped--;
54af6042 1530 shmem_recalc_inode(inode);
4595ef88 1531 spin_unlock_irq(&info->lock);
54af6042 1532
66d2f4d2
HD		 1533 if (sgp == SGP_WRITE)
1534 mark_page_accessed(page);
1535
54af6042 1536 delete_from_swap_cache(page);
27ab7006
HD		 1537 set_page_dirty(page);
1538 swap_free(swap);
1539
54af6042 1540 } else {
800d8c63
KS		 1541 /* shmem_symlink() */
1542 if (mapping->a_ops != &shmem_aops)
1543 goto alloc_nohuge;
657e3038 1544 if (shmem_huge == SHMEM_HUGE_DENY || sgp_huge == SGP_NOHUGE)
800d8c63
KS		 1545 goto alloc_nohuge;
1546 if (shmem_huge == SHMEM_HUGE_FORCE)
1547 goto alloc_huge;
1548 switch (sbinfo->huge) {
1549 loff_t i_size;
1550 pgoff_t off;
1551 case SHMEM_HUGE_NEVER:
1552 goto alloc_nohuge;
1553 case SHMEM_HUGE_WITHIN_SIZE:
1554 off = round_up(index, HPAGE_PMD_NR);
1555 i_size = round_up(i_size_read(inode), PAGE_SIZE);
1556 if (i_size >= HPAGE_PMD_SIZE &&
1557 i_size >> PAGE_SHIFT >= off)
1558 goto alloc_huge;
1559 /* fallthrough */
1560 case SHMEM_HUGE_ADVISE:
657e3038
KS		 1561 if (sgp_huge == SGP_HUGE)
1562 goto alloc_huge;
1563 /* TODO: implement fadvise() hints */
800d8c63 1564 goto alloc_nohuge;
54af6042 1565 }
1da177e4 1566
800d8c63
KS		 1567alloc_huge:
1568 page = shmem_alloc_and_acct_page(gfp, info, sbinfo,
1569 index, true);
1570 if (IS_ERR(page)) {
1571alloc_nohuge: page = shmem_alloc_and_acct_page(gfp, info, sbinfo,
1572 index, false);
1da177e4 1573 }
800d8c63
KS		 1574 if (IS_ERR(page)) {
1575 error = PTR_ERR(page);
1576 page = NULL;
1577 goto failed;
1578 }
1579
1580 if (PageTransHuge(page))
1581 hindex = round_down(index, HPAGE_PMD_NR);
1582 else
1583 hindex = index;
1584
66d2f4d2 1585 if (sgp == SGP_WRITE)
eb39d618 1586 __SetPageReferenced(page);
66d2f4d2 1587
9e18eb29 1588 error = mem_cgroup_try_charge(page, charge_mm, gfp, &memcg,
800d8c63 1589 PageTransHuge(page));
54af6042 1590 if (error)
800d8c63
KS		 1591 goto unacct;
1592 error = radix_tree_maybe_preload_order(gfp & GFP_RECLAIM_MASK,
1593 compound_order(page));
b065b432 1594 if (!error) {
800d8c63 1595 error = shmem_add_to_page_cache(page, mapping, hindex,
fed400a1 1596 NULL);
b065b432
HD		 1597 radix_tree_preload_end();
1598 }
1599 if (error) {
800d8c63
KS		 1600 mem_cgroup_cancel_charge(page, memcg,
1601 PageTransHuge(page));
1602 goto unacct;
b065b432 1603 }
800d8c63
KS		 1604 mem_cgroup_commit_charge(page, memcg, false,
1605 PageTransHuge(page));
54af6042
HD		 1606 lru_cache_add_anon(page);
1607
4595ef88 1608 spin_lock_irq(&info->lock);
800d8c63
KS		 1609 info->alloced += 1 << compound_order(page);
1610 inode->i_blocks += BLOCKS_PER_PAGE << compound_order(page);
54af6042 1611 shmem_recalc_inode(inode);
4595ef88 1612 spin_unlock_irq(&info->lock);
1635f6a7 1613 alloced = true;
54af6042 1614
ec9516fb 1615 /*
1635f6a7
HD		 1616 * Let SGP_FALLOC use the SGP_WRITE optimization on a new page.
1617 */
1618 if (sgp == SGP_FALLOC)
1619 sgp = SGP_WRITE;
1620clear:
1621 /*
1622 * Let SGP_WRITE caller clear ends if write does not fill page;
1623 * but SGP_FALLOC on a page fallocated earlier must initialize
1624 * it now, lest undo on failure cancel our earlier guarantee.
ec9516fb 1625 */
800d8c63
KS		 1626 if (sgp != SGP_WRITE && !PageUptodate(page)) {
1627 struct page *head = compound_head(page);
1628 int i;
1629
1630 for (i = 0; i < (1 << compound_order(head)); i++) {
1631 clear_highpage(head + i);
1632 flush_dcache_page(head + i);
1633 }
1634 SetPageUptodate(head);
ec9516fb 1635 }
1da177e4 1636 }
bde05d1c 1637
54af6042 1638 /* Perhaps the file has been truncated since we checked */
75edd345 1639 if (sgp <= SGP_CACHE &&
09cbfeaf 1640 ((loff_t)index << PAGE_SHIFT) >= i_size_read(inode)) {
267a4c76
HD		 1641 if (alloced) {
1642 ClearPageDirty(page);
1643 delete_from_page_cache(page);
4595ef88 1644 spin_lock_irq(&info->lock);
267a4c76 1645 shmem_recalc_inode(inode);
4595ef88 1646 spin_unlock_irq(&info->lock);
267a4c76 1647 }
54af6042 1648 error = -EINVAL;
267a4c76 1649 goto unlock;
e83c32e8 1650 }
800d8c63 1651 *pagep = page + index - hindex;
54af6042 1652 return 0;
1da177e4 1653
59a16ead 1654 /*
54af6042 1655 * Error recovery.
59a16ead 1656 */
54af6042 1657unacct:
800d8c63
KS		 1658 if (sbinfo->max_blocks)
1659 percpu_counter_sub(&sbinfo->used_blocks,
1660 1 << compound_order(page));
1661 shmem_unacct_blocks(info->flags, 1 << compound_order(page));
1662
1663 if (PageTransHuge(page)) {
1664 unlock_page(page);
1665 put_page(page);
1666 goto alloc_nohuge;
1667 }
54af6042 1668failed:
267a4c76 1669 if (swap.val && !shmem_confirm_swap(mapping, index, swap))
d1899228
HD		 1670 error = -EEXIST;
1671unlock:
27ab7006 1672 if (page) {
54af6042 1673 unlock_page(page);
09cbfeaf 1674 put_page(page);
54af6042
HD		 1675 }
1676 if (error == -ENOSPC && !once++) {
1677 info = SHMEM_I(inode);
4595ef88 1678 spin_lock_irq(&info->lock);
54af6042 1679 shmem_recalc_inode(inode);
4595ef88 1680 spin_unlock_irq(&info->lock);
27ab7006 1681 goto repeat;
ff36b801 1682 }
d1899228 1683 if (error == -EEXIST) /* from above or from radix_tree_insert */
54af6042
HD		 1684 goto repeat;
1685 return error;
1da177e4
LT		 1686}
1687
d0217ac0 1688static int shmem_fault(struct vm_area_struct *vma, struct vm_fault *vmf)
1da177e4 1689{
496ad9aa 1690 struct inode *inode = file_inode(vma->vm_file);
9e18eb29 1691 gfp_t gfp = mapping_gfp_mask(inode->i_mapping);
657e3038 1692 enum sgp_type sgp;
1da177e4 1693 int error;
68da9f05 1694 int ret = VM_FAULT_LOCKED;
1da177e4 1695
f00cdc6d
HD		 1696 /*
1697 * Trinity finds that probing a hole which tmpfs is punching can
1698 * prevent the hole-punch from ever completing: which in turn
1699 * locks writers out with its hold on i_mutex. So refrain from
8e205f77
HD		 1700 * faulting pages into the hole while it's being punched. Although
1701 * shmem_undo_range() does remove the additions, it may be unable to
1702 * keep up, as each new page needs its own unmap_mapping_range() call,
1703 * and the i_mmap tree grows ever slower to scan if new vmas are added.
1704 *
1705 * It does not matter if we sometimes reach this check just before the
1706 * hole-punch begins, so that one fault then races with the punch:
1707 * we just need to make racing faults a rare case.
1708 *
1709 * The implementation below would be much simpler if we just used a
1710 * standard mutex or completion: but we cannot take i_mutex in fault,
1711 * and bloating every shmem inode for this unlikely case would be sad.
f00cdc6d
HD		 1712 */
1713 if (unlikely(inode->i_private)) {
1714 struct shmem_falloc *shmem_falloc;
1715
1716 spin_lock(&inode->i_lock);
1717 shmem_falloc = inode->i_private;
8e205f77
HD		 1718 if (shmem_falloc &&
1719 shmem_falloc->waitq &&
1720 vmf->pgoff >= shmem_falloc->start &&
1721 vmf->pgoff < shmem_falloc->next) {
1722 wait_queue_head_t *shmem_falloc_waitq;
1723 DEFINE_WAIT(shmem_fault_wait);
1724
1725 ret = VM_FAULT_NOPAGE;
f00cdc6d
HD		 1726 if ((vmf->flags & FAULT_FLAG_ALLOW_RETRY) &&
1727 !(vmf->flags & FAULT_FLAG_RETRY_NOWAIT)) {
8e205f77 1728 /* It's polite to up mmap_sem if we can */
f00cdc6d 1729 up_read(&vma->vm_mm->mmap_sem);
8e205f77 1730 ret = VM_FAULT_RETRY;
f00cdc6d 1731 }
8e205f77
HD		 1732
1733 shmem_falloc_waitq = shmem_falloc->waitq;
1734 prepare_to_wait(shmem_falloc_waitq, &shmem_fault_wait,
1735 TASK_UNINTERRUPTIBLE);
1736 spin_unlock(&inode->i_lock);
1737 schedule();
1738
1739 /*
1740 * shmem_falloc_waitq points into the shmem_fallocate()
1741 * stack of the hole-punching task: shmem_falloc_waitq
1742 * is usually invalid by the time we reach here, but
1743 * finish_wait() does not dereference it in that case;
1744 * though i_lock needed lest racing with wake_up_all().
1745 */
1746 spin_lock(&inode->i_lock);
1747 finish_wait(shmem_falloc_waitq, &shmem_fault_wait);
1748 spin_unlock(&inode->i_lock);
1749 return ret;
f00cdc6d 1750 }
8e205f77 1751 spin_unlock(&inode->i_lock);
f00cdc6d
HD		 1752 }
1753
657e3038
KS		 1754 sgp = SGP_CACHE;
1755 if (vma->vm_flags & VM_HUGEPAGE)
1756 sgp = SGP_HUGE;
1757 else if (vma->vm_flags & VM_NOHUGEPAGE)
1758 sgp = SGP_NOHUGE;
1759
1760 error = shmem_getpage_gfp(inode, vmf->pgoff, &vmf->page, sgp,
9e18eb29 1761 gfp, vma->vm_mm, &ret);
d0217ac0
NP		 1762 if (error)
1763 return ((error == -ENOMEM) ? VM_FAULT_OOM : VM_FAULT_SIGBUS);
68da9f05 1764 return ret;
1da177e4
LT		 1765}
1766
c01d5b30
HD		 1767unsigned long shmem_get_unmapped_area(struct file *file,
1768 unsigned long uaddr, unsigned long len,
1769 unsigned long pgoff, unsigned long flags)
1770{
1771 unsigned long (*get_area)(struct file *,
1772 unsigned long, unsigned long, unsigned long, unsigned long);
1773 unsigned long addr;
1774 unsigned long offset;
1775 unsigned long inflated_len;
1776 unsigned long inflated_addr;
1777 unsigned long inflated_offset;
1778
1779 if (len > TASK_SIZE)
1780 return -ENOMEM;
1781
1782 get_area = current->mm->get_unmapped_area;
1783 addr = get_area(file, uaddr, len, pgoff, flags);
1784
1785 if (!IS_ENABLED(CONFIG_TRANSPARENT_HUGEPAGE))
1786 return addr;
1787 if (IS_ERR_VALUE(addr))
1788 return addr;
1789 if (addr & ~PAGE_MASK)
1790 return addr;
1791 if (addr > TASK_SIZE - len)
1792 return addr;
1793
1794 if (shmem_huge == SHMEM_HUGE_DENY)
1795 return addr;
1796 if (len < HPAGE_PMD_SIZE)
1797 return addr;
1798 if (flags & MAP_FIXED)
1799 return addr;
1800 /*
1801 * Our priority is to support MAP_SHARED mapped hugely;
1802 * and support MAP_PRIVATE mapped hugely too, until it is COWed.
1803 * But if caller specified an address hint, respect that as before.
1804 */
1805 if (uaddr)
1806 return addr;
1807
1808 if (shmem_huge != SHMEM_HUGE_FORCE) {
1809 struct super_block *sb;
1810
1811 if (file) {
1812 VM_BUG_ON(file->f_op != &shmem_file_operations);
1813 sb = file_inode(file)->i_sb;
1814 } else {
1815 /*
1816 * Called directly from mm/mmap.c, or drivers/char/mem.c
1817 * for "/dev/zero", to create a shared anonymous object.
1818 */
1819 if (IS_ERR(shm_mnt))
1820 return addr;
1821 sb = shm_mnt->mnt_sb;
1822 }
1823 if (SHMEM_SB(sb)->huge != SHMEM_HUGE_NEVER)
1824 return addr;
1825 }
1826
1827 offset = (pgoff << PAGE_SHIFT) & (HPAGE_PMD_SIZE-1);
1828 if (offset && offset + len < 2 * HPAGE_PMD_SIZE)
1829 return addr;
1830 if ((addr & (HPAGE_PMD_SIZE-1)) == offset)
1831 return addr;
1832
1833 inflated_len = len + HPAGE_PMD_SIZE - PAGE_SIZE;
1834 if (inflated_len > TASK_SIZE)
1835 return addr;
1836 if (inflated_len < len)
1837 return addr;
1838
1839 inflated_addr = get_area(NULL, 0, inflated_len, 0, flags);
1840 if (IS_ERR_VALUE(inflated_addr))
1841 return addr;
1842 if (inflated_addr & ~PAGE_MASK)
1843 return addr;
1844
1845 inflated_offset = inflated_addr & (HPAGE_PMD_SIZE-1);
1846 inflated_addr += offset - inflated_offset;
1847 if (inflated_offset > offset)
1848 inflated_addr += HPAGE_PMD_SIZE;
1849
1850 if (inflated_addr > TASK_SIZE - len)
1851 return addr;
1852 return inflated_addr;
1853}
1854
1da177e4 1855#ifdef CONFIG_NUMA
41ffe5d5 1856static int shmem_set_policy(struct vm_area_struct *vma, struct mempolicy *mpol)
1da177e4 1857{
496ad9aa 1858 struct inode *inode = file_inode(vma->vm_file);
41ffe5d5 1859 return mpol_set_shared_policy(&SHMEM_I(inode)->policy, vma, mpol);
1da177e4
LT		 1860}
1861
d8dc74f2
AB		 1862static struct mempolicy *shmem_get_policy(struct vm_area_struct *vma,
1863 unsigned long addr)
1da177e4 1864{
496ad9aa 1865 struct inode *inode = file_inode(vma->vm_file);
41ffe5d5 1866 pgoff_t index;
1da177e4 1867
41ffe5d5
HD		 1868 index = ((addr - vma->vm_start) >> PAGE_SHIFT) + vma->vm_pgoff;
1869 return mpol_shared_policy_lookup(&SHMEM_I(inode)->policy, index);
1da177e4
LT		 1870}
1871#endif
1872
1873int shmem_lock(struct file *file, int lock, struct user_struct *user)
1874{
496ad9aa 1875 struct inode *inode = file_inode(file);
1da177e4
LT		 1876 struct shmem_inode_info *info = SHMEM_I(inode);
1877 int retval = -ENOMEM;
1878
4595ef88 1879 spin_lock_irq(&info->lock);
1da177e4
LT		 1880 if (lock && !(info->flags & VM_LOCKED)) {
1881 if (!user_shm_lock(inode->i_size, user))
1882 goto out_nomem;
1883 info->flags |= VM_LOCKED;
89e004ea 1884 mapping_set_unevictable(file->f_mapping);
1da177e4
LT		 1885 }
1886 if (!lock && (info->flags & VM_LOCKED) && user) {
1887 user_shm_unlock(inode->i_size, user);
1888 info->flags &= ~VM_LOCKED;
89e004ea 1889 mapping_clear_unevictable(file->f_mapping);
1da177e4
LT		 1890 }
1891 retval = 0;
89e004ea 1892
1da177e4 1893out_nomem:
4595ef88 1894 spin_unlock_irq(&info->lock);
1da177e4
LT		 1895 return retval;
1896}
1897
9b83a6a8 1898static int shmem_mmap(struct file *file, struct vm_area_struct *vma)
1da177e4
LT		 1899{
1900 file_accessed(file);
1901 vma->vm_ops = &shmem_vm_ops;
1902 return 0;
1903}
1904
454abafe 1905static struct inode *shmem_get_inode(struct super_block *sb, const struct inode *dir,
09208d15 1906 umode_t mode, dev_t dev, unsigned long flags)
1da177e4
LT		 1907{
1908 struct inode *inode;
1909 struct shmem_inode_info *info;
1910 struct shmem_sb_info *sbinfo = SHMEM_SB(sb);
1911
5b04c689
PE		 1912 if (shmem_reserve_inode(sb))
1913 return NULL;
1da177e4
LT		 1914
1915 inode = new_inode(sb);
1916 if (inode) {
85fe4025 1917 inode->i_ino = get_next_ino();
454abafe 1918 inode_init_owner(inode, dir, mode);
1da177e4 1919 inode->i_blocks = 0;
1da177e4 1920 inode->i_atime = inode->i_mtime = inode->i_ctime = CURRENT_TIME;
91828a40 1921 inode->i_generation = get_seconds();
1da177e4
LT		 1922 info = SHMEM_I(inode);
1923 memset(info, 0, (char *)inode - (char *)info);
1924 spin_lock_init(&info->lock);
40e041a2 1925 info->seals = F_SEAL_SEAL;
0b0a0806 1926 info->flags = flags & VM_NORESERVE;
1da177e4 1927 INIT_LIST_HEAD(&info->swaplist);
38f38657 1928 simple_xattrs_init(&info->xattrs);
72c04902 1929 cache_no_acl(inode);
1da177e4
LT		 1930
1931 switch (mode & S_IFMT) {
1932 default:
39f0247d 1933 inode->i_op = &shmem_special_inode_operations;
1da177e4
LT		 1934 init_special_inode(inode, mode, dev);
1935 break;
1936 case S_IFREG:
14fcc23f 1937 inode->i_mapping->a_ops = &shmem_aops;
1da177e4
LT		 1938 inode->i_op = &shmem_inode_operations;
1939 inode->i_fop = &shmem_file_operations;
71fe804b
LS		 1940 mpol_shared_policy_init(&info->policy,
1941 shmem_get_sbmpol(sbinfo));
1da177e4
LT		 1942 break;
1943 case S_IFDIR:
d8c76e6f 1944 inc_nlink(inode);
1da177e4
LT		 1945 /* Some things misbehave if size == 0 on a directory */
1946 inode->i_size = 2 * BOGO_DIRENT_SIZE;
1947 inode->i_op = &shmem_dir_inode_operations;
1948 inode->i_fop = &simple_dir_operations;
1949 break;
1950 case S_IFLNK:
1951 /*
1952 * Must not load anything in the rbtree,
1953 * mpol_free_shared_policy will not be called.
1954 */
71fe804b 1955 mpol_shared_policy_init(&info->policy, NULL);
1da177e4
LT		 1956 break;
1957 }
5b04c689
PE		 1958 } else
1959 shmem_free_inode(sb);
1da177e4
LT		 1960 return inode;
1961}
1962
0cd6144a
JW		 1963bool shmem_mapping(struct address_space *mapping)
1964{
f0774d88
SL		 1965 if (!mapping->host)
1966 return false;
1967
97b713ba 1968 return mapping->host->i_sb->s_op == &shmem_ops;
0cd6144a
JW		 1969}
1970
1da177e4 1971#ifdef CONFIG_TMPFS
92e1d5be 1972static const struct inode_operations shmem_symlink_inode_operations;
69f07ec9 1973static const struct inode_operations shmem_short_symlink_operations;
1da177e4 1974
6d9d88d0
JS		 1975#ifdef CONFIG_TMPFS_XATTR
1976static int shmem_initxattrs(struct inode *, const struct xattr *, void *);
1977#else
1978#define shmem_initxattrs NULL
1979#endif
1980
1da177e4 1981static int
800d15a5
NP		 1982shmem_write_begin(struct file *file, struct address_space *mapping,
1983 loff_t pos, unsigned len, unsigned flags,
1984 struct page **pagep, void **fsdata)
1da177e4 1985{
800d15a5 1986 struct inode *inode = mapping->host;
40e041a2 1987 struct shmem_inode_info *info = SHMEM_I(inode);
09cbfeaf 1988 pgoff_t index = pos >> PAGE_SHIFT;
40e041a2
DH		 1989
1990 /* i_mutex is held by caller */
1991 if (unlikely(info->seals)) {
1992 if (info->seals & F_SEAL_WRITE)
1993 return -EPERM;
1994 if ((info->seals & F_SEAL_GROW) && pos + len > inode->i_size)
1995 return -EPERM;
1996 }
1997
9e18eb29 1998 return shmem_getpage(inode, index, pagep, SGP_WRITE);
800d15a5
NP		 1999}
2000
2001static int
2002shmem_write_end(struct file *file, struct address_space *mapping,
2003 loff_t pos, unsigned len, unsigned copied,
2004 struct page *page, void *fsdata)
2005{
2006 struct inode *inode = mapping->host;
2007
d3602444
HD		 2008 if (pos + copied > inode->i_size)
2009 i_size_write(inode, pos + copied);
2010
ec9516fb 2011 if (!PageUptodate(page)) {
800d8c63
KS		 2012 struct page *head = compound_head(page);
2013 if (PageTransCompound(page)) {
2014 int i;
2015
2016 for (i = 0; i < HPAGE_PMD_NR; i++) {
2017 if (head + i == page)
2018 continue;
2019 clear_highpage(head + i);
2020 flush_dcache_page(head + i);
2021 }
2022 }
09cbfeaf
KS		 2023 if (copied < PAGE_SIZE) {
2024 unsigned from = pos & (PAGE_SIZE - 1);
ec9516fb 2025 zero_user_segments(page, 0, from,
09cbfeaf 2026 from + copied, PAGE_SIZE);
ec9516fb 2027 }
800d8c63 2028 SetPageUptodate(head);
ec9516fb 2029 }
800d15a5 2030 set_page_dirty(page);
6746aff7 2031 unlock_page(page);
09cbfeaf 2032 put_page(page);
800d15a5 2033
800d15a5 2034 return copied;
1da177e4
LT		 2035}
2036
2ba5bbed 2037static ssize_t shmem_file_read_iter(struct kiocb *iocb, struct iov_iter *to)
1da177e4 2038{
6e58e79d
AV		 2039 struct file *file = iocb->ki_filp;
2040 struct inode *inode = file_inode(file);
1da177e4 2041 struct address_space *mapping = inode->i_mapping;
41ffe5d5
HD		 2042 pgoff_t index;
2043 unsigned long offset;
a0ee5ec5 2044 enum sgp_type sgp = SGP_READ;
f7c1d074 2045 int error = 0;
cb66a7a1 2046 ssize_t retval = 0;
6e58e79d 2047 loff_t *ppos = &iocb->ki_pos;
a0ee5ec5
HD		 2048
2049 /*
2050 * Might this read be for a stacking filesystem? Then when reading
2051 * holes of a sparse file, we actually need to allocate those pages,
2052 * and even mark them dirty, so it cannot exceed the max_blocks limit.
2053 */
777eda2c 2054 if (!iter_is_iovec(to))
75edd345 2055 sgp = SGP_CACHE;
1da177e4 2056
09cbfeaf
KS		 2057 index = *ppos >> PAGE_SHIFT;
2058 offset = *ppos & ~PAGE_MASK;
1da177e4
LT		 2059
2060 for (;;) {
2061 struct page *page = NULL;
41ffe5d5
HD		 2062 pgoff_t end_index;
2063 unsigned long nr, ret;
1da177e4
LT		 2064 loff_t i_size = i_size_read(inode);
2065
09cbfeaf 2066 end_index = i_size >> PAGE_SHIFT;
1da177e4
LT		 2067 if (index > end_index)
2068 break;
2069 if (index == end_index) {
09cbfeaf 2070 nr = i_size & ~PAGE_MASK;
1da177e4
LT		 2071 if (nr <= offset)
2072 break;
2073 }
2074
9e18eb29 2075 error = shmem_getpage(inode, index, &page, sgp);
6e58e79d
AV		 2076 if (error) {
2077 if (error == -EINVAL)
2078 error = 0;
1da177e4
LT		 2079 break;
2080 }
75edd345
HD		 2081 if (page) {
2082 if (sgp == SGP_CACHE)
2083 set_page_dirty(page);
d3602444 2084 unlock_page(page);
75edd345 2085 }
1da177e4
LT		 2086
2087 /*
2088 * We must evaluate after, since reads (unlike writes)
1b1dcc1b 2089 * are called without i_mutex protection against truncate
1da177e4 2090 */
09cbfeaf 2091 nr = PAGE_SIZE;
1da177e4 2092 i_size = i_size_read(inode);
09cbfeaf 2093 end_index = i_size >> PAGE_SHIFT;
1da177e4 2094 if (index == end_index) {
09cbfeaf 2095 nr = i_size & ~PAGE_MASK;
1da177e4
LT		 2096 if (nr <= offset) {
2097 if (page)
09cbfeaf 2098 put_page(page);
1da177e4
LT		 2099 break;
2100 }
2101 }
2102 nr -= offset;
2103
2104 if (page) {
2105 /*
2106 * If users can be writing to this page using arbitrary
2107 * virtual addresses, take care about potential aliasing
2108 * before reading the page on the kernel side.
2109 */
2110 if (mapping_writably_mapped(mapping))
2111 flush_dcache_page(page);
2112 /*
2113 * Mark the page accessed if we read the beginning.
2114 */
2115 if (!offset)
2116 mark_page_accessed(page);
b5810039 2117 } else {
1da177e4 2118 page = ZERO_PAGE(0);
09cbfeaf 2119 get_page(page);
b5810039 2120 }
1da177e4
LT		 2121
2122 /*
2123 * Ok, we have the page, and it's up-to-date, so
2124 * now we can copy it to user space...
1da177e4 2125 */
2ba5bbed 2126 ret = copy_page_to_iter(page, offset, nr, to);
6e58e79d 2127 retval += ret;
1da177e4 2128 offset += ret;
09cbfeaf
KS		 2129 index += offset >> PAGE_SHIFT;
2130 offset &= ~PAGE_MASK;
1da177e4 2131
09cbfeaf 2132 put_page(page);
2ba5bbed 2133 if (!iov_iter_count(to))
1da177e4 2134 break;
6e58e79d
AV		 2135 if (ret < nr) {
2136 error = -EFAULT;
2137 break;
2138 }
1da177e4
LT		 2139 cond_resched();
2140 }
2141
09cbfeaf 2142 *ppos = ((loff_t) index << PAGE_SHIFT) + offset;
6e58e79d
AV		 2143 file_accessed(file);
2144 return retval ? retval : error;
1da177e4
LT		 2145}
2146
708e3508
HD		 2147static ssize_t shmem_file_splice_read(struct file *in, loff_t *ppos,
2148 struct pipe_inode_info *pipe, size_t len,
2149 unsigned int flags)
2150{
2151 struct address_space *mapping = in->f_mapping;
71f0e07a 2152 struct inode *inode = mapping->host;
708e3508
HD		 2153 unsigned int loff, nr_pages, req_pages;
2154 struct page *pages[PIPE_DEF_BUFFERS];
2155 struct partial_page partial[PIPE_DEF_BUFFERS];
2156 struct page *page;
2157 pgoff_t index, end_index;
2158 loff_t isize, left;
2159 int error, page_nr;
2160 struct splice_pipe_desc spd = {
2161 .pages = pages,
2162 .partial = partial,
047fe360 2163 .nr_pages_max = PIPE_DEF_BUFFERS,
708e3508
HD		 2164 .flags = flags,
2165 .ops = &page_cache_pipe_buf_ops,
2166 .spd_release = spd_release_page,
2167 };
2168
71f0e07a 2169 isize = i_size_read(inode);
708e3508
HD		 2170 if (unlikely(*ppos >= isize))
2171 return 0;
2172
2173 left = isize - *ppos;
2174 if (unlikely(left < len))
2175 len = left;
2176
2177 if (splice_grow_spd(pipe, &spd))
2178 return -ENOMEM;
2179
09cbfeaf
KS		 2180 index = *ppos >> PAGE_SHIFT;
2181 loff = *ppos & ~PAGE_MASK;
2182 req_pages = (len + loff + PAGE_SIZE - 1) >> PAGE_SHIFT;
a786c06d 2183 nr_pages = min(req_pages, spd.nr_pages_max);
708e3508 2184
708e3508
HD		 2185 spd.nr_pages = find_get_pages_contig(mapping, index,
2186 nr_pages, spd.pages);
2187 index += spd.nr_pages;
708e3508 2188 error = 0;
708e3508 2189
71f0e07a 2190 while (spd.nr_pages < nr_pages) {
9e18eb29 2191 error = shmem_getpage(inode, index, &page, SGP_CACHE);
71f0e07a
HD		 2192 if (error)
2193 break;
2194 unlock_page(page);
708e3508
HD		 2195 spd.pages[spd.nr_pages++] = page;
2196 index++;
2197 }
2198
09cbfeaf 2199 index = *ppos >> PAGE_SHIFT;
708e3508
HD		 2200 nr_pages = spd.nr_pages;
2201 spd.nr_pages = 0;
71f0e07a 2202
708e3508
HD		 2203 for (page_nr = 0; page_nr < nr_pages; page_nr++) {
2204 unsigned int this_len;
2205
2206 if (!len)
2207 break;
2208
09cbfeaf 2209 this_len = min_t(unsigned long, len, PAGE_SIZE - loff);
708e3508
HD		 2210 page = spd.pages[page_nr];
2211
71f0e07a 2212 if (!PageUptodate(page) || page->mapping != mapping) {
9e18eb29 2213 error = shmem_getpage(inode, index, &page, SGP_CACHE);
71f0e07a 2214 if (error)
708e3508 2215 break;
71f0e07a 2216 unlock_page(page);
09cbfeaf 2217 put_page(spd.pages[page_nr]);
71f0e07a 2218 spd.pages[page_nr] = page;
708e3508 2219 }
71f0e07a
HD		 2220
2221 isize = i_size_read(inode);
09cbfeaf 2222 end_index = (isize - 1) >> PAGE_SHIFT;
708e3508
HD		 2223 if (unlikely(!isize || index > end_index))
2224 break;
2225
708e3508
HD		 2226 if (end_index == index) {
2227 unsigned int plen;
2228
09cbfeaf 2229 plen = ((isize - 1) & ~PAGE_MASK) + 1;
708e3508
HD		 2230 if (plen <= loff)
2231 break;
2232
708e3508
HD		 2233 this_len = min(this_len, plen - loff);
2234 len = this_len;
2235 }
2236
2237 spd.partial[page_nr].offset = loff;
2238 spd.partial[page_nr].len = this_len;
2239 len -= this_len;
2240 loff = 0;
2241 spd.nr_pages++;
2242 index++;
2243 }
2244
708e3508 2245 while (page_nr < nr_pages)
09cbfeaf 2246 put_page(spd.pages[page_nr++]);
708e3508
HD		 2247
2248 if (spd.nr_pages)
2249 error = splice_to_pipe(pipe, &spd);
2250
047fe360 2251 splice_shrink_spd(&spd);
708e3508
HD		 2252
2253 if (error > 0) {
2254 *ppos += error;
2255 file_accessed(in);
2256 }
2257 return error;
2258}
2259
220f2ac9
HD		 2260/*
2261 * llseek SEEK_DATA or SEEK_HOLE through the radix_tree.
2262 */
2263static pgoff_t shmem_seek_hole_data(struct address_space *mapping,
965c8e59 2264 pgoff_t index, pgoff_t end, int whence)
220f2ac9
HD		 2265{
2266 struct page *page;
2267 struct pagevec pvec;
2268 pgoff_t indices[PAGEVEC_SIZE];
2269 bool done = false;
2270 int i;
2271
2272 pagevec_init(&pvec, 0);
2273 pvec.nr = 1; /* start small: we may be there already */
2274 while (!done) {
0cd6144a 2275 pvec.nr = find_get_entries(mapping, index,
220f2ac9
HD		 2276 pvec.nr, pvec.pages, indices);
2277 if (!pvec.nr) {
965c8e59 2278 if (whence == SEEK_DATA)
220f2ac9
HD		 2279 index = end;
2280 break;
2281 }
2282 for (i = 0; i < pvec.nr; i++, index++) {
2283 if (index < indices[i]) {
965c8e59 2284 if (whence == SEEK_HOLE) {
220f2ac9
HD		 2285 done = true;
2286 break;
2287 }
2288 index = indices[i];
2289 }
2290 page = pvec.pages[i];
2291 if (page && !radix_tree_exceptional_entry(page)) {
2292 if (!PageUptodate(page))
2293 page = NULL;
2294 }
2295 if (index >= end ||
965c8e59
AM		 2296 (page && whence == SEEK_DATA) ||
2297 (!page && whence == SEEK_HOLE)) {
220f2ac9
HD		 2298 done = true;
2299 break;
2300 }
2301 }
0cd6144a 2302 pagevec_remove_exceptionals(&pvec);
220f2ac9
HD		 2303 pagevec_release(&pvec);
2304 pvec.nr = PAGEVEC_SIZE;
2305 cond_resched();
2306 }
2307 return index;
2308}
2309
965c8e59 2310static loff_t shmem_file_llseek(struct file *file, loff_t offset, int whence)
220f2ac9
HD		 2311{
2312 struct address_space *mapping = file->f_mapping;
2313 struct inode *inode = mapping->host;
2314 pgoff_t start, end;
2315 loff_t new_offset;
2316
965c8e59
AM		 2317 if (whence != SEEK_DATA && whence != SEEK_HOLE)
2318 return generic_file_llseek_size(file, offset, whence,
220f2ac9 2319 MAX_LFS_FILESIZE, i_size_read(inode));
5955102c 2320 inode_lock(inode);
220f2ac9
HD		 2321 /* We're holding i_mutex so we can access i_size directly */
2322
2323 if (offset < 0)
2324 offset = -EINVAL;
2325 else if (offset >= inode->i_size)
2326 offset = -ENXIO;
2327 else {
09cbfeaf
KS		 2328 start = offset >> PAGE_SHIFT;
2329 end = (inode->i_size + PAGE_SIZE - 1) >> PAGE_SHIFT;
965c8e59 2330 new_offset = shmem_seek_hole_data(mapping, start, end, whence);
09cbfeaf 2331 new_offset <<= PAGE_SHIFT;
220f2ac9
HD		 2332 if (new_offset > offset) {
2333 if (new_offset < inode->i_size)
2334 offset = new_offset;
965c8e59 2335 else if (whence == SEEK_DATA)
220f2ac9
HD		 2336 offset = -ENXIO;
2337 else
2338 offset = inode->i_size;
2339 }
2340 }
2341
387aae6f
HD		 2342 if (offset >= 0)
2343 offset = vfs_setpos(file, offset, MAX_LFS_FILESIZE);
5955102c 2344 inode_unlock(inode);
220f2ac9
HD		 2345 return offset;
2346}
2347
05f65b5c
DH		 2348/*
2349 * We need a tag: a new tag would expand every radix_tree_node by 8 bytes,
2350 * so reuse a tag which we firmly believe is never set or cleared on shmem.
2351 */
2352#define SHMEM_TAG_PINNED PAGECACHE_TAG_TOWRITE
2353#define LAST_SCAN 4 /* about 150ms max */
2354
2355static void shmem_tag_pins(struct address_space *mapping)
2356{
2357 struct radix_tree_iter iter;
2358 void **slot;
2359 pgoff_t start;
2360 struct page *page;
2361
2362 lru_add_drain();
2363 start = 0;
2364 rcu_read_lock();
2365
05f65b5c
DH		 2366 radix_tree_for_each_slot(slot, &mapping->page_tree, &iter, start) {
2367 page = radix_tree_deref_slot(slot);
2368 if (!page || radix_tree_exception(page)) {
2cf938aa
MW		 2369 if (radix_tree_deref_retry(page)) {
2370 slot = radix_tree_iter_retry(&iter);
2371 continue;
2372 }
05f65b5c
DH		 2373 } else if (page_count(page) - page_mapcount(page) > 1) {
2374 spin_lock_irq(&mapping->tree_lock);
2375 radix_tree_tag_set(&mapping->page_tree, iter.index,
2376 SHMEM_TAG_PINNED);
2377 spin_unlock_irq(&mapping->tree_lock);
2378 }
2379
2380 if (need_resched()) {
2381 cond_resched_rcu();
7165092f 2382 slot = radix_tree_iter_next(&iter);
05f65b5c
DH		 2383 }
2384 }
2385 rcu_read_unlock();
2386}
2387
2388/*
2389 * Setting SEAL_WRITE requires us to verify there's no pending writer. However,
2390 * via get_user_pages(), drivers might have some pending I/O without any active
2391 * user-space mappings (eg., direct-IO, AIO). Therefore, we look at all pages
2392 * and see whether it has an elevated ref-count. If so, we tag them and wait for
2393 * them to be dropped.
2394 * The caller must guarantee that no new user will acquire writable references
2395 * to those pages to avoid races.
2396 */
40e041a2
DH		 2397static int shmem_wait_for_pins(struct address_space *mapping)
2398{
05f65b5c
DH		 2399 struct radix_tree_iter iter;
2400 void **slot;
2401 pgoff_t start;
2402 struct page *page;
2403 int error, scan;
2404
2405 shmem_tag_pins(mapping);
2406
2407 error = 0;
2408 for (scan = 0; scan <= LAST_SCAN; scan++) {
2409 if (!radix_tree_tagged(&mapping->page_tree, SHMEM_TAG_PINNED))
2410 break;
2411
2412 if (!scan)
2413 lru_add_drain_all();
2414 else if (schedule_timeout_killable((HZ << scan) / 200))
2415 scan = LAST_SCAN;
2416
2417 start = 0;
2418 rcu_read_lock();
05f65b5c
DH		 2419 radix_tree_for_each_tagged(slot, &mapping->page_tree, &iter,
2420 start, SHMEM_TAG_PINNED) {
2421
2422 page = radix_tree_deref_slot(slot);
2423 if (radix_tree_exception(page)) {
2cf938aa
MW		 2424 if (radix_tree_deref_retry(page)) {
2425 slot = radix_tree_iter_retry(&iter);
2426 continue;
2427 }
05f65b5c
DH		 2428
2429 page = NULL;
2430 }
2431
2432 if (page &&
2433 page_count(page) - page_mapcount(page) != 1) {
2434 if (scan < LAST_SCAN)
2435 goto continue_resched;
2436
2437 /*
2438 * On the last scan, we clean up all those tags
2439 * we inserted; but make a note that we still
2440 * found pages pinned.
2441 */
2442 error = -EBUSY;
2443 }
2444
2445 spin_lock_irq(&mapping->tree_lock);
2446 radix_tree_tag_clear(&mapping->page_tree,
2447 iter.index, SHMEM_TAG_PINNED);
2448 spin_unlock_irq(&mapping->tree_lock);
2449continue_resched:
2450 if (need_resched()) {
2451 cond_resched_rcu();
7165092f 2452 slot = radix_tree_iter_next(&iter);
05f65b5c
DH		 2453 }
2454 }
2455 rcu_read_unlock();
2456 }
2457
2458 return error;
40e041a2
DH		 2459}
2460
2461#define F_ALL_SEALS (F_SEAL_SEAL | \
2462 F_SEAL_SHRINK | \
2463 F_SEAL_GROW | \
2464 F_SEAL_WRITE)
2465
2466int shmem_add_seals(struct file *file, unsigned int seals)
2467{
2468 struct inode *inode = file_inode(file);
2469 struct shmem_inode_info *info = SHMEM_I(inode);
2470 int error;
2471
2472 /*
2473 * SEALING
2474 * Sealing allows multiple parties to share a shmem-file but restrict
2475 * access to a specific subset of file operations. Seals can only be
2476 * added, but never removed. This way, mutually untrusted parties can
2477 * share common memory regions with a well-defined policy. A malicious
2478 * peer can thus never perform unwanted operations on a shared object.
2479 *
2480 * Seals are only supported on special shmem-files and always affect
2481 * the whole underlying inode. Once a seal is set, it may prevent some
2482 * kinds of access to the file. Currently, the following seals are
2483 * defined:
2484 * SEAL_SEAL: Prevent further seals from being set on this file
2485 * SEAL_SHRINK: Prevent the file from shrinking
2486 * SEAL_GROW: Prevent the file from growing
2487 * SEAL_WRITE: Prevent write access to the file
2488 *
2489 * As we don't require any trust relationship between two parties, we
2490 * must prevent seals from being removed. Therefore, sealing a file
2491 * only adds a given set of seals to the file, it never touches
2492 * existing seals. Furthermore, the "setting seals"-operation can be
2493 * sealed itself, which basically prevents any further seal from being
2494 * added.
2495 *
2496 * Semantics of sealing are only defined on volatile files. Only
2497 * anonymous shmem files support sealing. More importantly, seals are
2498 * never written to disk. Therefore, there's no plan to support it on
2499 * other file types.
2500 */
2501
2502 if (file->f_op != &shmem_file_operations)
2503 return -EINVAL;
2504 if (!(file->f_mode & FMODE_WRITE))
2505 return -EPERM;
2506 if (seals & ~(unsigned int)F_ALL_SEALS)
2507 return -EINVAL;
2508
5955102c 2509 inode_lock(inode);
40e041a2
DH		 2510
2511 if (info->seals & F_SEAL_SEAL) {
2512 error = -EPERM;
2513 goto unlock;
2514 }
2515
2516 if ((seals & F_SEAL_WRITE) && !(info->seals & F_SEAL_WRITE)) {
2517 error = mapping_deny_writable(file->f_mapping);
2518 if (error)
2519 goto unlock;
2520
2521 error = shmem_wait_for_pins(file->f_mapping);
2522 if (error) {
2523 mapping_allow_writable(file->f_mapping);
2524 goto unlock;
2525 }
2526 }
2527
2528 info->seals |= seals;
2529 error = 0;
2530
2531unlock:
5955102c 2532 inode_unlock(inode);
40e041a2
DH		 2533 return error;
2534}
2535EXPORT_SYMBOL_GPL(shmem_add_seals);
2536
2537int shmem_get_seals(struct file *file)
2538{
2539 if (file->f_op != &shmem_file_operations)
2540 return -EINVAL;
2541
2542 return SHMEM_I(file_inode(file))->seals;
2543}
2544EXPORT_SYMBOL_GPL(shmem_get_seals);
2545
2546long shmem_fcntl(struct file *file, unsigned int cmd, unsigned long arg)
2547{
2548 long error;
2549
2550 switch (cmd) {
2551 case F_ADD_SEALS:
2552 /* disallow upper 32bit */
2553 if (arg > UINT_MAX)
2554 return -EINVAL;
2555
2556 error = shmem_add_seals(file, arg);
2557 break;
2558 case F_GET_SEALS:
2559 error = shmem_get_seals(file);
2560 break;
2561 default:
2562 error = -EINVAL;
2563 break;
2564 }
2565
2566 return error;
2567}
2568
83e4fa9c
HD		 2569static long shmem_fallocate(struct file *file, int mode, loff_t offset,
2570 loff_t len)
2571{
496ad9aa 2572 struct inode *inode = file_inode(file);
e2d12e22 2573 struct shmem_sb_info *sbinfo = SHMEM_SB(inode->i_sb);
40e041a2 2574 struct shmem_inode_info *info = SHMEM_I(inode);
1aac1400 2575 struct shmem_falloc shmem_falloc;
e2d12e22
HD		 2576 pgoff_t start, index, end;
2577 int error;
83e4fa9c 2578
13ace4d0
HD		 2579 if (mode & ~(FALLOC_FL_KEEP_SIZE | FALLOC_FL_PUNCH_HOLE))
2580 return -EOPNOTSUPP;
2581
5955102c 2582 inode_lock(inode);
83e4fa9c
HD		 2583
2584 if (mode & FALLOC_FL_PUNCH_HOLE) {
2585 struct address_space *mapping = file->f_mapping;
2586 loff_t unmap_start = round_up(offset, PAGE_SIZE);
2587 loff_t unmap_end = round_down(offset + len, PAGE_SIZE) - 1;
8e205f77 2588 DECLARE_WAIT_QUEUE_HEAD_ONSTACK(shmem_falloc_waitq);
83e4fa9c 2589
40e041a2
DH		 2590 /* protected by i_mutex */
2591 if (info->seals & F_SEAL_WRITE) {
2592 error = -EPERM;
2593 goto out;
2594 }
2595
8e205f77 2596 shmem_falloc.waitq = &shmem_falloc_waitq;
f00cdc6d
HD		 2597 shmem_falloc.start = unmap_start >> PAGE_SHIFT;
2598 shmem_falloc.next = (unmap_end + 1) >> PAGE_SHIFT;
2599 spin_lock(&inode->i_lock);
2600 inode->i_private = &shmem_falloc;
2601 spin_unlock(&inode->i_lock);
2602
83e4fa9c
HD		 2603 if ((u64)unmap_end > (u64)unmap_start)
2604 unmap_mapping_range(mapping, unmap_start,
2605 1 + unmap_end - unmap_start, 0);
2606 shmem_truncate_range(inode, offset, offset + len - 1);
2607 /* No need to unmap again: hole-punching leaves COWed pages */
8e205f77
HD		 2608
2609 spin_lock(&inode->i_lock);
2610 inode->i_private = NULL;
2611 wake_up_all(&shmem_falloc_waitq);
2612 spin_unlock(&inode->i_lock);
83e4fa9c 2613 error = 0;
8e205f77 2614 goto out;
e2d12e22
HD		 2615 }
2616
2617 /* We need to check rlimit even when FALLOC_FL_KEEP_SIZE */
2618 error = inode_newsize_ok(inode, offset + len);
2619 if (error)
2620 goto out;
2621
40e041a2
DH		 2622 if ((info->seals & F_SEAL_GROW) && offset + len > inode->i_size) {
2623 error = -EPERM;
2624 goto out;
2625 }
2626
09cbfeaf
KS		 2627 start = offset >> PAGE_SHIFT;
2628 end = (offset + len + PAGE_SIZE - 1) >> PAGE_SHIFT;
e2d12e22
HD		 2629 /* Try to avoid a swapstorm if len is impossible to satisfy */
2630 if (sbinfo->max_blocks && end - start > sbinfo->max_blocks) {
2631 error = -ENOSPC;
2632 goto out;
83e4fa9c
HD		 2633 }
2634
8e205f77 2635 shmem_falloc.waitq = NULL;
1aac1400
HD		 2636 shmem_falloc.start = start;
2637 shmem_falloc.next = start;
2638 shmem_falloc.nr_falloced = 0;
2639 shmem_falloc.nr_unswapped = 0;
2640 spin_lock(&inode->i_lock);
2641 inode->i_private = &shmem_falloc;
2642 spin_unlock(&inode->i_lock);
2643
e2d12e22
HD		 2644 for (index = start; index < end; index++) {
2645 struct page *page;
2646
2647 /*
2648 * Good, the fallocate(2) manpage permits EINTR: we may have
2649 * been interrupted because we are using up too much memory.
2650 */
2651 if (signal_pending(current))
2652 error = -EINTR;
1aac1400
HD		 2653 else if (shmem_falloc.nr_unswapped > shmem_falloc.nr_falloced)
2654 error = -ENOMEM;
e2d12e22 2655 else
9e18eb29 2656 error = shmem_getpage(inode, index, &page, SGP_FALLOC);
e2d12e22 2657 if (error) {
1635f6a7 2658 /* Remove the !PageUptodate pages we added */
7f556567
HD		 2659 if (index > start) {
2660 shmem_undo_range(inode,
2661 (loff_t)start << PAGE_SHIFT,
2662 ((loff_t)index << PAGE_SHIFT) - 1, true);
2663 }
1aac1400 2664 goto undone;
e2d12e22
HD		 2665 }
2666
1aac1400
HD		 2667 /*
2668 * Inform shmem_writepage() how far we have reached.
2669 * No need for lock or barrier: we have the page lock.
2670 */
2671 shmem_falloc.next++;
2672 if (!PageUptodate(page))
2673 shmem_falloc.nr_falloced++;
2674
e2d12e22 2675 /*
1635f6a7
HD		 2676 * If !PageUptodate, leave it that way so that freeable pages
2677 * can be recognized if we need to rollback on error later.
2678 * But set_page_dirty so that memory pressure will swap rather
e2d12e22
HD		 2679 * than free the pages we are allocating (and SGP_CACHE pages
2680 * might still be clean: we now need to mark those dirty too).
2681 */
2682 set_page_dirty(page);
2683 unlock_page(page);
09cbfeaf 2684 put_page(page);
e2d12e22
HD		 2685 cond_resched();
2686 }
2687
2688 if (!(mode & FALLOC_FL_KEEP_SIZE) && offset + len > inode->i_size)
2689 i_size_write(inode, offset + len);
e2d12e22 2690 inode->i_ctime = CURRENT_TIME;
1aac1400
HD		 2691undone:
2692 spin_lock(&inode->i_lock);
2693 inode->i_private = NULL;
2694 spin_unlock(&inode->i_lock);
e2d12e22 2695out:
5955102c 2696 inode_unlock(inode);
83e4fa9c
HD		 2697 return error;
2698}
2699
726c3342 2700static int shmem_statfs(struct dentry *dentry, struct kstatfs *buf)
1da177e4 2701{
726c3342 2702 struct shmem_sb_info *sbinfo = SHMEM_SB(dentry->d_sb);
1da177e4
LT		 2703
2704 buf->f_type = TMPFS_MAGIC;
09cbfeaf 2705 buf->f_bsize = PAGE_SIZE;
1da177e4 2706 buf->f_namelen = NAME_MAX;
0edd73b3 2707 if (sbinfo->max_blocks) {
1da177e4 2708 buf->f_blocks = sbinfo->max_blocks;
41ffe5d5
HD		 2709 buf->f_bavail =
2710 buf->f_bfree = sbinfo->max_blocks -
2711 percpu_counter_sum(&sbinfo->used_blocks);
0edd73b3
HD		 2712 }
2713 if (sbinfo->max_inodes) {
1da177e4
LT		 2714 buf->f_files = sbinfo->max_inodes;
2715 buf->f_ffree = sbinfo->free_inodes;
1da177e4
LT		 2716 }
2717 /* else leave those fields 0 like simple_statfs */
2718 return 0;
2719}
2720
2721/*
2722 * File creation. Allocate an inode, and we're done..
2723 */
2724static int
1a67aafb 2725shmem_mknod(struct inode *dir, struct dentry *dentry, umode_t mode, dev_t dev)
1da177e4 2726{
0b0a0806 2727 struct inode *inode;
1da177e4
LT		 2728 int error = -ENOSPC;
2729
454abafe 2730 inode = shmem_get_inode(dir->i_sb, dir, mode, dev, VM_NORESERVE);
1da177e4 2731 if (inode) {
feda821e
CH		 2732 error = simple_acl_create(dir, inode);
2733 if (error)
2734 goto out_iput;
2a7dba39 2735 error = security_inode_init_security(inode, dir,
9d8f13ba 2736 &dentry->d_name,
6d9d88d0 2737 shmem_initxattrs, NULL);
feda821e
CH		 2738 if (error && error != -EOPNOTSUPP)
2739 goto out_iput;
37ec43cd 2740
718deb6b 2741 error = 0;
1da177e4
LT		 2742 dir->i_size += BOGO_DIRENT_SIZE;
2743 dir->i_ctime = dir->i_mtime = CURRENT_TIME;
2744 d_instantiate(dentry, inode);
2745 dget(dentry); /* Extra count - pin the dentry in core */
1da177e4
LT		 2746 }
2747 return error;
feda821e
CH		 2748out_iput:
2749 iput(inode);
2750 return error;
1da177e4
LT		 2751}
2752
60545d0d
AV		 2753static int
2754shmem_tmpfile(struct inode *dir, struct dentry *dentry, umode_t mode)
2755{
2756 struct inode *inode;
2757 int error = -ENOSPC;
2758
2759 inode = shmem_get_inode(dir->i_sb, dir, mode, 0, VM_NORESERVE);
2760 if (inode) {
2761 error = security_inode_init_security(inode, dir,
2762 NULL,
2763 shmem_initxattrs, NULL);
feda821e
CH		 2764 if (error && error != -EOPNOTSUPP)
2765 goto out_iput;
2766 error = simple_acl_create(dir, inode);
2767 if (error)
2768 goto out_iput;
60545d0d
AV		 2769 d_tmpfile(dentry, inode);
2770 }
2771 return error;
feda821e
CH		 2772out_iput:
2773 iput(inode);
2774 return error;
60545d0d
AV		 2775}
2776
18bb1db3 2777static int shmem_mkdir(struct inode *dir, struct dentry *dentry, umode_t mode)
1da177e4
LT		 2778{
2779 int error;
2780
2781 if ((error = shmem_mknod(dir, dentry, mode | S_IFDIR, 0)))
2782 return error;
d8c76e6f 2783 inc_nlink(dir);
1da177e4
LT		 2784 return 0;
2785}
2786
4acdaf27 2787static int shmem_create(struct inode *dir, struct dentry *dentry, umode_t mode,
ebfc3b49 2788 bool excl)
1da177e4
LT		 2789{
2790 return shmem_mknod(dir, dentry, mode | S_IFREG, 0);
2791}
2792
2793/*
2794 * Link a file..
2795 */
2796static int shmem_link(struct dentry *old_dentry, struct inode *dir, struct dentry *dentry)
2797{
75c3cfa8 2798 struct inode *inode = d_inode(old_dentry);
5b04c689 2799 int ret;
1da177e4
LT		 2800
2801 /*
2802 * No ordinary (disk based) filesystem counts links as inodes;
2803 * but each new link needs a new dentry, pinning lowmem, and
2804 * tmpfs dentries cannot be pruned until they are unlinked.
2805 */
5b04c689
PE		 2806 ret = shmem_reserve_inode(inode->i_sb);
2807 if (ret)
2808 goto out;
1da177e4
LT		 2809
2810 dir->i_size += BOGO_DIRENT_SIZE;
2811 inode->i_ctime = dir->i_ctime = dir->i_mtime = CURRENT_TIME;
d8c76e6f 2812 inc_nlink(inode);
7de9c6ee 2813 ihold(inode); /* New dentry reference */
1da177e4
LT		 2814 dget(dentry); /* Extra pinning count for the created dentry */
2815 d_instantiate(dentry, inode);
5b04c689
PE		 2816out:
2817 return ret;
1da177e4
LT		 2818}
2819
2820static int shmem_unlink(struct inode *dir, struct dentry *dentry)
2821{
75c3cfa8 2822 struct inode *inode = d_inode(dentry);
1da177e4 2823
5b04c689
PE		 2824 if (inode->i_nlink > 1 && !S_ISDIR(inode->i_mode))
2825 shmem_free_inode(inode->i_sb);
1da177e4
LT		 2826
2827 dir->i_size -= BOGO_DIRENT_SIZE;
2828 inode->i_ctime = dir->i_ctime = dir->i_mtime = CURRENT_TIME;
9a53c3a7 2829 drop_nlink(inode);
1da177e4
LT		 2830 dput(dentry); /* Undo the count from "create" - this does all the work */
2831 return 0;
2832}
2833
2834static int shmem_rmdir(struct inode *dir, struct dentry *dentry)
2835{
2836 if (!simple_empty(dentry))
2837 return -ENOTEMPTY;
2838
75c3cfa8 2839 drop_nlink(d_inode(dentry));
9a53c3a7 2840 drop_nlink(dir);
1da177e4
LT		 2841 return shmem_unlink(dir, dentry);
2842}
2843
37456771
MS		 2844static int shmem_exchange(struct inode *old_dir, struct dentry *old_dentry, struct inode *new_dir, struct dentry *new_dentry)
2845{
e36cb0b8
DH		 2846 bool old_is_dir = d_is_dir(old_dentry);
2847 bool new_is_dir = d_is_dir(new_dentry);
37456771
MS		 2848
2849 if (old_dir != new_dir && old_is_dir != new_is_dir) {
2850 if (old_is_dir) {
2851 drop_nlink(old_dir);
2852 inc_nlink(new_dir);
2853 } else {
2854 drop_nlink(new_dir);
2855 inc_nlink(old_dir);
2856 }
2857 }
2858 old_dir->i_ctime = old_dir->i_mtime =
2859 new_dir->i_ctime = new_dir->i_mtime =
75c3cfa8
DH		 2860 d_inode(old_dentry)->i_ctime =
2861 d_inode(new_dentry)->i_ctime = CURRENT_TIME;
37456771
MS		 2862
2863 return 0;
2864}
2865
46fdb794
MS		 2866static int shmem_whiteout(struct inode *old_dir, struct dentry *old_dentry)
2867{
2868 struct dentry *whiteout;
2869 int error;
2870
2871 whiteout = d_alloc(old_dentry->d_parent, &old_dentry->d_name);
2872 if (!whiteout)
2873 return -ENOMEM;
2874
2875 error = shmem_mknod(old_dir, whiteout,
2876 S_IFCHR | WHITEOUT_MODE, WHITEOUT_DEV);
2877 dput(whiteout);
2878 if (error)
2879 return error;
2880
2881 /*
2882 * Cheat and hash the whiteout while the old dentry is still in
2883 * place, instead of playing games with FS_RENAME_DOES_D_MOVE.
2884 *
2885 * d_lookup() will consistently find one of them at this point,
2886 * not sure which one, but that isn't even important.
2887 */
2888 d_rehash(whiteout);
2889 return 0;
2890}
2891
1da177e4
LT		 2892/*
2893 * The VFS layer already does all the dentry stuff for rename,
2894 * we just have to decrement the usage count for the target if
2895 * it exists so that the VFS layer correctly free's it when it
2896 * gets overwritten.
2897 */
3b69ff51 2898static int shmem_rename2(struct inode *old_dir, struct dentry *old_dentry, struct inode *new_dir, struct dentry *new_dentry, unsigned int flags)
1da177e4 2899{
75c3cfa8 2900 struct inode *inode = d_inode(old_dentry);
1da177e4
LT		 2901 int they_are_dirs = S_ISDIR(inode->i_mode);
2902
46fdb794 2903 if (flags & ~(RENAME_NOREPLACE | RENAME_EXCHANGE | RENAME_WHITEOUT))
3b69ff51
MS		 2904 return -EINVAL;
2905
37456771
MS		 2906 if (flags & RENAME_EXCHANGE)
2907 return shmem_exchange(old_dir, old_dentry, new_dir, new_dentry);
2908
1da177e4
LT		 2909 if (!simple_empty(new_dentry))
2910 return -ENOTEMPTY;
2911
46fdb794
MS		 2912 if (flags & RENAME_WHITEOUT) {
2913 int error;
2914
2915 error = shmem_whiteout(old_dir, old_dentry);
2916 if (error)
2917 return error;
2918 }
2919
75c3cfa8 2920 if (d_really_is_positive(new_dentry)) {
1da177e4 2921 (void) shmem_unlink(new_dir, new_dentry);
b928095b 2922 if (they_are_dirs) {
75c3cfa8 2923 drop_nlink(d_inode(new_dentry));
9a53c3a7 2924 drop_nlink(old_dir);
b928095b 2925 }
1da177e4 2926 } else if (they_are_dirs) {
9a53c3a7 2927 drop_nlink(old_dir);
d8c76e6f 2928 inc_nlink(new_dir);
1da177e4
LT		 2929 }
2930
2931 old_dir->i_size -= BOGO_DIRENT_SIZE;
2932 new_dir->i_size += BOGO_DIRENT_SIZE;
2933 old_dir->i_ctime = old_dir->i_mtime =
2934 new_dir->i_ctime = new_dir->i_mtime =
2935 inode->i_ctime = CURRENT_TIME;
2936 return 0;
2937}
2938
2939static int shmem_symlink(struct inode *dir, struct dentry *dentry, const char *symname)
2940{
2941 int error;
2942 int len;
2943 struct inode *inode;
9276aad6 2944 struct page *page;
1da177e4
LT		 2945 struct shmem_inode_info *info;
2946
2947 len = strlen(symname) + 1;
09cbfeaf 2948 if (len > PAGE_SIZE)
1da177e4
LT		 2949 return -ENAMETOOLONG;
2950
454abafe 2951 inode = shmem_get_inode(dir->i_sb, dir, S_IFLNK|S_IRWXUGO, 0, VM_NORESERVE);
1da177e4
LT		 2952 if (!inode)
2953 return -ENOSPC;
2954
9d8f13ba 2955 error = security_inode_init_security(inode, dir, &dentry->d_name,
6d9d88d0 2956 shmem_initxattrs, NULL);
570bc1c2
SS		 2957 if (error) {
2958 if (error != -EOPNOTSUPP) {
2959 iput(inode);
2960 return error;
2961 }
2962 error = 0;
2963 }
2964
1da177e4
LT		 2965 info = SHMEM_I(inode);
2966 inode->i_size = len-1;
69f07ec9 2967 if (len <= SHORT_SYMLINK_LEN) {
3ed47db3
AV		 2968 inode->i_link = kmemdup(symname, len, GFP_KERNEL);
2969 if (!inode->i_link) {
69f07ec9
HD		 2970 iput(inode);
2971 return -ENOMEM;
2972 }
2973 inode->i_op = &shmem_short_symlink_operations;
1da177e4 2974 } else {
e8ecde25 2975 inode_nohighmem(inode);
9e18eb29 2976 error = shmem_getpage(inode, 0, &page, SGP_WRITE);
1da177e4
LT		 2977 if (error) {
2978 iput(inode);
2979 return error;
2980 }
14fcc23f 2981 inode->i_mapping->a_ops = &shmem_aops;
1da177e4 2982 inode->i_op = &shmem_symlink_inode_operations;
21fc61c7 2983 memcpy(page_address(page), symname, len);
ec9516fb 2984 SetPageUptodate(page);
1da177e4 2985 set_page_dirty(page);
6746aff7 2986 unlock_page(page);
09cbfeaf 2987 put_page(page);
1da177e4 2988 }
1da177e4
LT		 2989 dir->i_size += BOGO_DIRENT_SIZE;
2990 dir->i_ctime = dir->i_mtime = CURRENT_TIME;
2991 d_instantiate(dentry, inode);
2992 dget(dentry);
2993 return 0;
2994}
2995
fceef393 2996static void shmem_put_link(void *arg)
1da177e4 2997{
fceef393
AV		 2998 mark_page_accessed(arg);
2999 put_page(arg);
1da177e4
LT		 3000}
3001
6b255391 3002static const char *shmem_get_link(struct dentry *dentry,
fceef393
AV		 3003 struct inode *inode,
3004 struct delayed_call *done)
1da177e4 3005{
1da177e4 3006 struct page *page = NULL;
6b255391 3007 int error;
6a6c9904
AV		 3008 if (!dentry) {
3009 page = find_get_page(inode->i_mapping, 0);
3010 if (!page)
3011 return ERR_PTR(-ECHILD);
3012 if (!PageUptodate(page)) {
3013 put_page(page);
3014 return ERR_PTR(-ECHILD);
3015 }
3016 } else {
9e18eb29 3017 error = shmem_getpage(inode, 0, &page, SGP_READ);
6a6c9904
AV		 3018 if (error)
3019 return ERR_PTR(error);
3020 unlock_page(page);
3021 }
fceef393 3022 set_delayed_call(done, shmem_put_link, page);
21fc61c7 3023 return page_address(page);
1da177e4
LT		 3024}
3025
b09e0fa4 3026#ifdef CONFIG_TMPFS_XATTR
46711810 3027/*
b09e0fa4
EP		 3028 * Superblocks without xattr inode operations may get some security.* xattr
3029 * support from the LSM "for free". As soon as we have any other xattrs
39f0247d
AG		 3030 * like ACLs, we also need to implement the security.* handlers at
3031 * filesystem level, though.
3032 */
3033
6d9d88d0
JS		 3034/*
3035 * Callback for security_inode_init_security() for acquiring xattrs.
3036 */
3037static int shmem_initxattrs(struct inode *inode,
3038 const struct xattr *xattr_array,
3039 void *fs_info)
3040{
3041 struct shmem_inode_info *info = SHMEM_I(inode);
3042 const struct xattr *xattr;
38f38657 3043 struct simple_xattr *new_xattr;
6d9d88d0
JS		 3044 size_t len;
3045
3046 for (xattr = xattr_array; xattr->name != NULL; xattr++) {
38f38657 3047 new_xattr = simple_xattr_alloc(xattr->value, xattr->value_len);
6d9d88d0
JS		 3048 if (!new_xattr)
3049 return -ENOMEM;
3050
3051 len = strlen(xattr->name) + 1;
3052 new_xattr->name = kmalloc(XATTR_SECURITY_PREFIX_LEN + len,
3053 GFP_KERNEL);
3054 if (!new_xattr->name) {
3055 kfree(new_xattr);
3056 return -ENOMEM;
3057 }
3058
3059 memcpy(new_xattr->name, XATTR_SECURITY_PREFIX,
3060 XATTR_SECURITY_PREFIX_LEN);
3061 memcpy(new_xattr->name + XATTR_SECURITY_PREFIX_LEN,
3062 xattr->name, len);
3063
38f38657 3064 simple_xattr_list_add(&info->xattrs, new_xattr);
6d9d88d0
JS		 3065 }
3066
3067 return 0;
3068}
3069
aa7c5241 3070static int shmem_xattr_handler_get(const struct xattr_handler *handler,
b296821a
AV		 3071 struct dentry *unused, struct inode *inode,
3072 const char *name, void *buffer, size_t size)
b09e0fa4 3073{
b296821a 3074 struct shmem_inode_info *info = SHMEM_I(inode);
b09e0fa4 3075
aa7c5241 3076 name = xattr_full_name(handler, name);
38f38657 3077 return simple_xattr_get(&info->xattrs, name, buffer, size);
b09e0fa4
EP		 3078}
3079
aa7c5241 3080static int shmem_xattr_handler_set(const struct xattr_handler *handler,
59301226
AV		 3081 struct dentry *unused, struct inode *inode,
3082 const char *name, const void *value,
3083 size_t size, int flags)
b09e0fa4 3084{
59301226 3085 struct shmem_inode_info *info = SHMEM_I(inode);
b09e0fa4 3086
aa7c5241 3087 name = xattr_full_name(handler, name);
38f38657 3088 return simple_xattr_set(&info->xattrs, name, value, size, flags);
b09e0fa4
EP		 3089}
3090
aa7c5241
AG		 3091static const struct xattr_handler shmem_security_xattr_handler = {
3092 .prefix = XATTR_SECURITY_PREFIX,
3093 .get = shmem_xattr_handler_get,
3094 .set = shmem_xattr_handler_set,
3095};
b09e0fa4 3096
aa7c5241
AG		 3097static const struct xattr_handler shmem_trusted_xattr_handler = {
3098 .prefix = XATTR_TRUSTED_PREFIX,
3099 .get = shmem_xattr_handler_get,
3100 .set = shmem_xattr_handler_set,
3101};
b09e0fa4 3102
aa7c5241
AG		 3103static const struct xattr_handler *shmem_xattr_handlers[] = {
3104#ifdef CONFIG_TMPFS_POSIX_ACL
3105 &posix_acl_access_xattr_handler,
3106 &posix_acl_default_xattr_handler,
3107#endif
3108 &shmem_security_xattr_handler,
3109 &shmem_trusted_xattr_handler,
3110 NULL
3111};
b09e0fa4
EP		 3112
3113static ssize_t shmem_listxattr(struct dentry *dentry, char *buffer, size_t size)
3114{
75c3cfa8 3115 struct shmem_inode_info *info = SHMEM_I(d_inode(dentry));
786534b9 3116 return simple_xattr_list(d_inode(dentry), &info->xattrs, buffer, size);
b09e0fa4
EP		 3117}
3118#endif /* CONFIG_TMPFS_XATTR */
3119
69f07ec9 3120static const struct inode_operations shmem_short_symlink_operations = {
b09e0fa4 3121 .readlink = generic_readlink,
6b255391 3122 .get_link = simple_get_link,
b09e0fa4 3123#ifdef CONFIG_TMPFS_XATTR
aa7c5241
AG		 3124 .setxattr = generic_setxattr,
3125 .getxattr = generic_getxattr,
b09e0fa4 3126 .listxattr = shmem_listxattr,
aa7c5241 3127 .removexattr = generic_removexattr,
b09e0fa4
EP		 3128#endif
3129};
3130
3131static const struct inode_operations shmem_symlink_inode_operations = {
3132 .readlink = generic_readlink,
6b255391 3133 .get_link = shmem_get_link,
b09e0fa4 3134#ifdef CONFIG_TMPFS_XATTR
aa7c5241
AG		 3135 .setxattr = generic_setxattr,
3136 .getxattr = generic_getxattr,
b09e0fa4 3137 .listxattr = shmem_listxattr,
aa7c5241 3138 .removexattr = generic_removexattr,
39f0247d 3139#endif
b09e0fa4 3140};
39f0247d 3141
91828a40
DG		 3142static struct dentry *shmem_get_parent(struct dentry *child)
3143{
3144 return ERR_PTR(-ESTALE);
3145}
3146
3147static int shmem_match(struct inode *ino, void *vfh)
3148{
3149 __u32 *fh = vfh;
3150 __u64 inum = fh[2];
3151 inum = (inum << 32) | fh[1];
3152 return ino->i_ino == inum && fh[0] == ino->i_generation;
3153}
3154
480b116c
CH		 3155static struct dentry *shmem_fh_to_dentry(struct super_block *sb,
3156 struct fid *fid, int fh_len, int fh_type)
91828a40 3157{
91828a40 3158 struct inode *inode;
480b116c 3159 struct dentry *dentry = NULL;
35c2a7f4 3160 u64 inum;
480b116c
CH		 3161
3162 if (fh_len < 3)
3163 return NULL;
91828a40 3164
35c2a7f4
HD		 3165 inum = fid->raw[2];
3166 inum = (inum << 32) | fid->raw[1];
3167
480b116c
CH		 3168 inode = ilookup5(sb, (unsigned long)(inum + fid->raw[0]),
3169 shmem_match, fid->raw);
91828a40 3170 if (inode) {
480b116c 3171 dentry = d_find_alias(inode);
91828a40
DG		 3172 iput(inode);
3173 }
3174
480b116c 3175 return dentry;
91828a40
DG		 3176}
3177
b0b0382b
AV		 3178static int shmem_encode_fh(struct inode *inode, __u32 *fh, int *len,
3179 struct inode *parent)
91828a40 3180{
5fe0c237
AK		 3181 if (*len < 3) {
3182 *len = 3;
94e07a75 3183 return FILEID_INVALID;
5fe0c237 3184 }
91828a40 3185
1d3382cb 3186 if (inode_unhashed(inode)) {
91828a40
DG		 3187 /* Unfortunately insert_inode_hash is not idempotent,
3188 * so as we hash inodes here rather than at creation
3189 * time, we need a lock to ensure we only try
3190 * to do it once
3191 */
3192 static DEFINE_SPINLOCK(lock);
3193 spin_lock(&lock);
1d3382cb 3194 if (inode_unhashed(inode))
91828a40
DG		 3195 __insert_inode_hash(inode,
3196 inode->i_ino + inode->i_generation);
3197 spin_unlock(&lock);
3198 }
3199
3200 fh[0] = inode->i_generation;
3201 fh[1] = inode->i_ino;
3202 fh[2] = ((__u64)inode->i_ino) >> 32;
3203
3204 *len = 3;
3205 return 1;
3206}
3207
39655164 3208static const struct export_operations shmem_export_ops = {
91828a40 3209 .get_parent = shmem_get_parent,
91828a40 3210 .encode_fh = shmem_encode_fh,
480b116c 3211 .fh_to_dentry = shmem_fh_to_dentry,
91828a40
DG		 3212};
3213
680d794b
AM		 3214static int shmem_parse_options(char *options, struct shmem_sb_info *sbinfo,
3215 bool remount)
1da177e4
LT		 3216{
3217 char *this_char, *value, *rest;
49cd0a5c 3218 struct mempolicy *mpol = NULL;
8751e039
EB		 3219 uid_t uid;
3220 gid_t gid;
1da177e4 3221
b00dc3ad
HD		 3222 while (options != NULL) {
3223 this_char = options;
3224 for (;;) {
3225 /*
3226 * NUL-terminate this option: unfortunately,
3227 * mount options form a comma-separated list,
3228 * but mpol's nodelist may also contain commas.
3229 */
3230 options = strchr(options, ',');
3231 if (options == NULL)
3232 break;
3233 options++;
3234 if (!isdigit(*options)) {
3235 options[-1] = '\0';
3236 break;
3237 }
3238 }
1da177e4
LT		 3239 if (!*this_char)
3240 continue;
3241 if ((value = strchr(this_char,'=')) != NULL) {
3242 *value++ = 0;
3243 } else {
1170532b
JP		 3244 pr_err("tmpfs: No value for mount option '%s'\n",
3245 this_char);
49cd0a5c 3246 goto error;
1da177e4
LT		 3247 }
3248
3249 if (!strcmp(this_char,"size")) {
3250 unsigned long long size;
3251 size = memparse(value,&rest);
3252 if (*rest == '%') {
3253 size <<= PAGE_SHIFT;
3254 size *= totalram_pages;
3255 do_div(size, 100);
3256 rest++;
3257 }
3258 if (*rest)
3259 goto bad_val;
680d794b 3260 sbinfo->max_blocks =
09cbfeaf 3261 DIV_ROUND_UP(size, PAGE_SIZE);
1da177e4 3262 } else if (!strcmp(this_char,"nr_blocks")) {
680d794b 3263 sbinfo->max_blocks = memparse(value, &rest);
1da177e4
LT		 3264 if (*rest)
3265 goto bad_val;
3266 } else if (!strcmp(this_char,"nr_inodes")) {
680d794b 3267 sbinfo->max_inodes = memparse(value, &rest);
1da177e4
LT		 3268 if (*rest)
3269 goto bad_val;
3270 } else if (!strcmp(this_char,"mode")) {
680d794b 3271 if (remount)
1da177e4 3272 continue;
680d794b 3273 sbinfo->mode = simple_strtoul(value, &rest, 8) & 07777;
1da177e4
LT		 3274 if (*rest)
3275 goto bad_val;
3276 } else if (!strcmp(this_char,"uid")) {
680d794b 3277 if (remount)
1da177e4 3278 continue;
8751e039 3279 uid = simple_strtoul(value, &rest, 0);
1da177e4
LT		 3280 if (*rest)
3281 goto bad_val;
8751e039
EB		 3282 sbinfo->uid = make_kuid(current_user_ns(), uid);
3283 if (!uid_valid(sbinfo->uid))
3284 goto bad_val;
1da177e4 3285 } else if (!strcmp(this_char,"gid")) {
680d794b 3286 if (remount)
1da177e4 3287 continue;
8751e039 3288 gid = simple_strtoul(value, &rest, 0);
1da177e4
LT		 3289 if (*rest)
3290 goto bad_val;
8751e039
EB		 3291 sbinfo->gid = make_kgid(current_user_ns(), gid);
3292 if (!gid_valid(sbinfo->gid))
3293 goto bad_val;
5a6e75f8
KS		 3294#ifdef CONFIG_TRANSPARENT_HUGEPAGE
3295 } else if (!strcmp(this_char, "huge")) {
3296 int huge;
3297 huge = shmem_parse_huge(value);
3298 if (huge < 0)
3299 goto bad_val;
3300 if (!has_transparent_hugepage() &&
3301 huge != SHMEM_HUGE_NEVER)
3302 goto bad_val;
3303 sbinfo->huge = huge;
3304#endif
3305#ifdef CONFIG_NUMA
7339ff83 3306 } else if (!strcmp(this_char,"mpol")) {
49cd0a5c
GT		 3307 mpol_put(mpol);
3308 mpol = NULL;
3309 if (mpol_parse_str(value, &mpol))
7339ff83 3310 goto bad_val;
5a6e75f8 3311#endif
1da177e4 3312 } else {
1170532b 3313 pr_err("tmpfs: Bad mount option %s\n", this_char);
49cd0a5c 3314 goto error;
1da177e4
LT		 3315 }
3316 }
49cd0a5c 3317 sbinfo->mpol = mpol;
1da177e4
LT		 3318 return 0;
3319
3320bad_val:
1170532b 3321 pr_err("tmpfs: Bad value '%s' for mount option '%s'\n",
1da177e4 3322 value, this_char);
49cd0a5c
GT		 3323error:
3324 mpol_put(mpol);
1da177e4
LT		 3325 return 1;
3326
3327}
3328
3329static int shmem_remount_fs(struct super_block *sb, int *flags, char *data)
3330{
3331 struct shmem_sb_info *sbinfo = SHMEM_SB(sb);
680d794b 3332 struct shmem_sb_info config = *sbinfo;
0edd73b3
HD		 3333 unsigned long inodes;
3334 int error = -EINVAL;
3335
5f00110f 3336 config.mpol = NULL;
680d794b 3337 if (shmem_parse_options(data, &config, true))
0edd73b3 3338 return error;
1da177e4 3339
0edd73b3 3340 spin_lock(&sbinfo->stat_lock);
0edd73b3 3341 inodes = sbinfo->max_inodes - sbinfo->free_inodes;
7e496299 3342 if (percpu_counter_compare(&sbinfo->used_blocks, config.max_blocks) > 0)
0edd73b3 3343 goto out;
680d794b 3344 if (config.max_inodes < inodes)
0edd73b3
HD		 3345 goto out;
3346 /*
54af6042 3347 * Those tests disallow limited->unlimited while any are in use;
0edd73b3
HD		 3348 * but we must separately disallow unlimited->limited, because
3349 * in that case we have no record of how much is already in use.
3350 */
680d794b 3351 if (config.max_blocks && !sbinfo->max_blocks)
0edd73b3 3352 goto out;
680d794b 3353 if (config.max_inodes && !sbinfo->max_inodes)
0edd73b3
HD		 3354 goto out;
3355
3356 error = 0;
5a6e75f8 3357 sbinfo->huge = config.huge;
680d794b 3358 sbinfo->max_blocks = config.max_blocks;
680d794b
AM		 3359 sbinfo->max_inodes = config.max_inodes;
3360 sbinfo->free_inodes = config.max_inodes - inodes;
71fe804b 3361
5f00110f
GT		 3362 /*
3363 * Preserve previous mempolicy unless mpol remount option was specified.
3364 */
3365 if (config.mpol) {
3366 mpol_put(sbinfo->mpol);
3367 sbinfo->mpol = config.mpol; /* transfers initial ref */
3368 }
0edd73b3
HD		 3369out:
3370 spin_unlock(&sbinfo->stat_lock);
3371 return error;
1da177e4 3372}
680d794b 3373
34c80b1d 3374static int shmem_show_options(struct seq_file *seq, struct dentry *root)
680d794b 3375{
34c80b1d 3376 struct shmem_sb_info *sbinfo = SHMEM_SB(root->d_sb);
680d794b
AM		 3377
3378 if (sbinfo->max_blocks != shmem_default_max_blocks())
3379 seq_printf(seq, ",size=%luk",
09cbfeaf 3380 sbinfo->max_blocks << (PAGE_SHIFT - 10));
680d794b
AM		 3381 if (sbinfo->max_inodes != shmem_default_max_inodes())
3382 seq_printf(seq, ",nr_inodes=%lu", sbinfo->max_inodes);
3383 if (sbinfo->mode != (S_IRWXUGO | S_ISVTX))
09208d15 3384 seq_printf(seq, ",mode=%03ho", sbinfo->mode);
8751e039
EB		 3385 if (!uid_eq(sbinfo->uid, GLOBAL_ROOT_UID))
3386 seq_printf(seq, ",uid=%u",
3387 from_kuid_munged(&init_user_ns, sbinfo->uid));
3388 if (!gid_eq(sbinfo->gid, GLOBAL_ROOT_GID))
3389 seq_printf(seq, ",gid=%u",
3390 from_kgid_munged(&init_user_ns, sbinfo->gid));
5a6e75f8
KS		 3391#ifdef CONFIG_TRANSPARENT_HUGEPAGE
3392 /* Rightly or wrongly, show huge mount option unmasked by shmem_huge */
3393 if (sbinfo->huge)
3394 seq_printf(seq, ",huge=%s", shmem_format_huge(sbinfo->huge));
3395#endif
71fe804b 3396 shmem_show_mpol(seq, sbinfo->mpol);
680d794b
AM		 3397 return 0;
3398}
9183df25
DH		 3399
3400#define MFD_NAME_PREFIX "memfd:"
3401#define MFD_NAME_PREFIX_LEN (sizeof(MFD_NAME_PREFIX) - 1)
3402#define MFD_NAME_MAX_LEN (NAME_MAX - MFD_NAME_PREFIX_LEN)
3403
3404#define MFD_ALL_FLAGS (MFD_CLOEXEC | MFD_ALLOW_SEALING)
3405
3406SYSCALL_DEFINE2(memfd_create,
3407 const char __user *, uname,
3408 unsigned int, flags)
3409{
3410 struct shmem_inode_info *info;
3411 struct file *file;
3412 int fd, error;
3413 char *name;
3414 long len;
3415
3416 if (flags & ~(unsigned int)MFD_ALL_FLAGS)
3417 return -EINVAL;
3418
3419 /* length includes terminating zero */
3420 len = strnlen_user(uname, MFD_NAME_MAX_LEN + 1);
3421 if (len <= 0)
3422 return -EFAULT;
3423 if (len > MFD_NAME_MAX_LEN + 1)
3424 return -EINVAL;
3425
3426 name = kmalloc(len + MFD_NAME_PREFIX_LEN, GFP_TEMPORARY);
3427 if (!name)
3428 return -ENOMEM;
3429
3430 strcpy(name, MFD_NAME_PREFIX);
3431 if (copy_from_user(&name[MFD_NAME_PREFIX_LEN], uname, len)) {
3432 error = -EFAULT;
3433 goto err_name;
3434 }
3435
3436 /* terminating-zero may have changed after strnlen_user() returned */
3437 if (name[len + MFD_NAME_PREFIX_LEN - 1]) {
3438 error = -EFAULT;
3439 goto err_name;
3440 }
3441
3442 fd = get_unused_fd_flags((flags & MFD_CLOEXEC) ? O_CLOEXEC : 0);
3443 if (fd < 0) {
3444 error = fd;
3445 goto err_name;
3446 }
3447
3448 file = shmem_file_setup(name, 0, VM_NORESERVE);
3449 if (IS_ERR(file)) {
3450 error = PTR_ERR(file);
3451 goto err_fd;
3452 }
3453 info = SHMEM_I(file_inode(file));
3454 file->f_mode |= FMODE_LSEEK | FMODE_PREAD | FMODE_PWRITE;
3455 file->f_flags |= O_RDWR | O_LARGEFILE;
3456 if (flags & MFD_ALLOW_SEALING)
3457 info->seals &= ~F_SEAL_SEAL;
3458
3459 fd_install(fd, file);
3460 kfree(name);
3461 return fd;
3462
3463err_fd:
3464 put_unused_fd(fd);
3465err_name:
3466 kfree(name);
3467 return error;
3468}
3469
680d794b 3470#endif /* CONFIG_TMPFS */
1da177e4
LT		 3471
3472static void shmem_put_super(struct super_block *sb)
3473{
602586a8
HD		 3474 struct shmem_sb_info *sbinfo = SHMEM_SB(sb);
3475
3476 percpu_counter_destroy(&sbinfo->used_blocks);
49cd0a5c 3477 mpol_put(sbinfo->mpol);
602586a8 3478 kfree(sbinfo);
1da177e4
LT		 3479 sb->s_fs_info = NULL;
3480}
3481
2b2af54a 3482int shmem_fill_super(struct super_block *sb, void *data, int silent)
1da177e4
LT		 3483{
3484 struct inode *inode;
0edd73b3 3485 struct shmem_sb_info *sbinfo;
680d794b
AM		 3486 int err = -ENOMEM;
3487
3488 /* Round up to L1_CACHE_BYTES to resist false sharing */
425fbf04 3489 sbinfo = kzalloc(max((int)sizeof(struct shmem_sb_info),
680d794b
AM		 3490 L1_CACHE_BYTES), GFP_KERNEL);
3491 if (!sbinfo)
3492 return -ENOMEM;
3493
680d794b 3494 sbinfo->mode = S_IRWXUGO | S_ISVTX;
76aac0e9
DH		 3495 sbinfo->uid = current_fsuid();
3496 sbinfo->gid = current_fsgid();
680d794b 3497 sb->s_fs_info = sbinfo;
1da177e4 3498
0edd73b3 3499#ifdef CONFIG_TMPFS
1da177e4
LT		 3500 /*
3501 * Per default we only allow half of the physical ram per
3502 * tmpfs instance, limiting inodes to one per page of lowmem;
3503 * but the internal instance is left unlimited.
3504 */
ca4e0519 3505 if (!(sb->s_flags & MS_KERNMOUNT)) {
680d794b
AM		 3506 sbinfo->max_blocks = shmem_default_max_blocks();
3507 sbinfo->max_inodes = shmem_default_max_inodes();
3508 if (shmem_parse_options(data, sbinfo, false)) {
3509 err = -EINVAL;
3510 goto failed;
3511 }
ca4e0519
AV		 3512 } else {
3513 sb->s_flags |= MS_NOUSER;
1da177e4 3514 }
91828a40 3515 sb->s_export_op = &shmem_export_ops;
2f6e38f3 3516 sb->s_flags |= MS_NOSEC;
1da177e4
LT		 3517#else
3518 sb->s_flags |= MS_NOUSER;
3519#endif
3520
0edd73b3 3521 spin_lock_init(&sbinfo->stat_lock);
908c7f19 3522 if (percpu_counter_init(&sbinfo->used_blocks, 0, GFP_KERNEL))
602586a8 3523 goto failed;
680d794b 3524 sbinfo->free_inodes = sbinfo->max_inodes;
0edd73b3 3525
285b2c4f 3526 sb->s_maxbytes = MAX_LFS_FILESIZE;
09cbfeaf
KS		 3527 sb->s_blocksize = PAGE_SIZE;
3528 sb->s_blocksize_bits = PAGE_SHIFT;
1da177e4
LT		 3529 sb->s_magic = TMPFS_MAGIC;
3530 sb->s_op = &shmem_ops;
cfd95a9c 3531 sb->s_time_gran = 1;
b09e0fa4 3532#ifdef CONFIG_TMPFS_XATTR
39f0247d 3533 sb->s_xattr = shmem_xattr_handlers;
b09e0fa4
EP		 3534#endif
3535#ifdef CONFIG_TMPFS_POSIX_ACL
39f0247d
AG		 3536 sb->s_flags |= MS_POSIXACL;
3537#endif
0edd73b3 3538
454abafe 3539 inode = shmem_get_inode(sb, NULL, S_IFDIR | sbinfo->mode, 0, VM_NORESERVE);
1da177e4
LT		 3540 if (!inode)
3541 goto failed;
680d794b
AM		 3542 inode->i_uid = sbinfo->uid;
3543 inode->i_gid = sbinfo->gid;
318ceed0
AV		 3544 sb->s_root = d_make_root(inode);
3545 if (!sb->s_root)
48fde701 3546 goto failed;
1da177e4
LT		 3547 return 0;
3548
1da177e4
LT		 3549failed:
3550 shmem_put_super(sb);
3551 return err;
3552}
3553
fcc234f8 3554static struct kmem_cache *shmem_inode_cachep;
1da177e4
LT		 3555
3556static struct inode *shmem_alloc_inode(struct super_block *sb)
3557{
41ffe5d5
HD		 3558 struct shmem_inode_info *info;
3559 info = kmem_cache_alloc(shmem_inode_cachep, GFP_KERNEL);
3560 if (!info)
1da177e4 3561 return NULL;
41ffe5d5 3562 return &info->vfs_inode;
1da177e4
LT		 3563}
3564
41ffe5d5 3565static void shmem_destroy_callback(struct rcu_head *head)
fa0d7e3d
NP		 3566{
3567 struct inode *inode = container_of(head, struct inode, i_rcu);
84e710da
AV		 3568 if (S_ISLNK(inode->i_mode))
3569 kfree(inode->i_link);
fa0d7e3d
NP		 3570 kmem_cache_free(shmem_inode_cachep, SHMEM_I(inode));
3571}
3572
1da177e4
LT		 3573static void shmem_destroy_inode(struct inode *inode)
3574{
09208d15 3575 if (S_ISREG(inode->i_mode))
1da177e4 3576 mpol_free_shared_policy(&SHMEM_I(inode)->policy);
41ffe5d5 3577 call_rcu(&inode->i_rcu, shmem_destroy_callback);
1da177e4
LT		 3578}
3579
41ffe5d5 3580static void shmem_init_inode(void *foo)
1da177e4 3581{
41ffe5d5
HD		 3582 struct shmem_inode_info *info = foo;
3583 inode_init_once(&info->vfs_inode);
1da177e4
LT		 3584}
3585
41ffe5d5 3586static int shmem_init_inodecache(void)
1da177e4
LT		 3587{
3588 shmem_inode_cachep = kmem_cache_create("shmem_inode_cache",
3589 sizeof(struct shmem_inode_info),
5d097056 3590 0, SLAB_PANIC|SLAB_ACCOUNT, shmem_init_inode);
1da177e4
LT		 3591 return 0;
3592}
3593
41ffe5d5 3594static void shmem_destroy_inodecache(void)
1da177e4 3595{
1a1d92c1 3596 kmem_cache_destroy(shmem_inode_cachep);
1da177e4
LT		 3597}
3598
f5e54d6e 3599static const struct address_space_operations shmem_aops = {
1da177e4 3600 .writepage = shmem_writepage,
76719325 3601 .set_page_dirty = __set_page_dirty_no_writeback,
1da177e4 3602#ifdef CONFIG_TMPFS
800d15a5
NP		 3603 .write_begin = shmem_write_begin,
3604 .write_end = shmem_write_end,
1da177e4 3605#endif
1c93923c 3606#ifdef CONFIG_MIGRATION
304dbdb7 3607 .migratepage = migrate_page,
1c93923c 3608#endif
aa261f54 3609 .error_remove_page = generic_error_remove_page,
1da177e4
LT		 3610};
3611
15ad7cdc 3612static const struct file_operations shmem_file_operations = {
1da177e4 3613 .mmap = shmem_mmap,
c01d5b30 3614 .get_unmapped_area = shmem_get_unmapped_area,
1da177e4 3615#ifdef CONFIG_TMPFS
220f2ac9 3616 .llseek = shmem_file_llseek,
2ba5bbed 3617 .read_iter = shmem_file_read_iter,
8174202b 3618 .write_iter = generic_file_write_iter,
1b061d92 3619 .fsync = noop_fsync,
708e3508 3620 .splice_read = shmem_file_splice_read,
f6cb85d0 3621 .splice_write = iter_file_splice_write,
83e4fa9c 3622 .fallocate = shmem_fallocate,
1da177e4
LT		 3623#endif
3624};
3625
92e1d5be 3626static const struct inode_operations shmem_inode_operations = {
44a30220 3627 .getattr = shmem_getattr,
94c1e62d 3628 .setattr = shmem_setattr,
b09e0fa4 3629#ifdef CONFIG_TMPFS_XATTR
aa7c5241
AG		 3630 .setxattr = generic_setxattr,
3631 .getxattr = generic_getxattr,
b09e0fa4 3632 .listxattr = shmem_listxattr,
aa7c5241 3633 .removexattr = generic_removexattr,
feda821e 3634 .set_acl = simple_set_acl,
b09e0fa4 3635#endif
1da177e4
LT		 3636};
3637
92e1d5be 3638static const struct inode_operations shmem_dir_inode_operations = {
1da177e4
LT		 3639#ifdef CONFIG_TMPFS
3640 .create = shmem_create,
3641 .lookup = simple_lookup,
3642 .link = shmem_link,
3643 .unlink = shmem_unlink,
3644 .symlink = shmem_symlink,
3645 .mkdir = shmem_mkdir,
3646 .rmdir = shmem_rmdir,
3647 .mknod = shmem_mknod,
3b69ff51 3648 .rename2 = shmem_rename2,
60545d0d 3649 .tmpfile = shmem_tmpfile,
1da177e4 3650#endif
b09e0fa4 3651#ifdef CONFIG_TMPFS_XATTR
aa7c5241
AG		 3652 .setxattr = generic_setxattr,
3653 .getxattr = generic_getxattr,
b09e0fa4 3654 .listxattr = shmem_listxattr,
aa7c5241 3655 .removexattr = generic_removexattr,
b09e0fa4 3656#endif
39f0247d 3657#ifdef CONFIG_TMPFS_POSIX_ACL
94c1e62d 3658 .setattr = shmem_setattr,
feda821e 3659 .set_acl = simple_set_acl,
39f0247d
AG		 3660#endif
3661};
3662
92e1d5be 3663static const struct inode_operations shmem_special_inode_operations = {
b09e0fa4 3664#ifdef CONFIG_TMPFS_XATTR
aa7c5241
AG		 3665 .setxattr = generic_setxattr,
3666 .getxattr = generic_getxattr,
b09e0fa4 3667 .listxattr = shmem_listxattr,
aa7c5241 3668 .removexattr = generic_removexattr,
b09e0fa4 3669#endif
39f0247d 3670#ifdef CONFIG_TMPFS_POSIX_ACL
94c1e62d 3671 .setattr = shmem_setattr,
feda821e 3672 .set_acl = simple_set_acl,
39f0247d 3673#endif
1da177e4
LT		 3674};
3675
759b9775 3676static const struct super_operations shmem_ops = {
1da177e4
LT		 3677 .alloc_inode = shmem_alloc_inode,
3678 .destroy_inode = shmem_destroy_inode,
3679#ifdef CONFIG_TMPFS
3680 .statfs = shmem_statfs,
3681 .remount_fs = shmem_remount_fs,
680d794b 3682 .show_options = shmem_show_options,
1da177e4 3683#endif
1f895f75 3684 .evict_inode = shmem_evict_inode,
1da177e4
LT		 3685 .drop_inode = generic_delete_inode,
3686 .put_super = shmem_put_super,
3687};
3688
f0f37e2f 3689static const struct vm_operations_struct shmem_vm_ops = {
54cb8821 3690 .fault = shmem_fault,
d7c17551 3691 .map_pages = filemap_map_pages,
1da177e4
LT		 3692#ifdef CONFIG_NUMA
3693 .set_policy = shmem_set_policy,
3694 .get_policy = shmem_get_policy,
3695#endif
3696};
3697
3c26ff6e
AV		 3698static struct dentry *shmem_mount(struct file_system_type *fs_type,
3699 int flags, const char *dev_name, void *data)
1da177e4 3700{
3c26ff6e 3701 return mount_nodev(fs_type, flags, data, shmem_fill_super);
1da177e4
LT		 3702}
3703
41ffe5d5 3704static struct file_system_type shmem_fs_type = {
1da177e4
LT		 3705 .owner = THIS_MODULE,
3706 .name = "tmpfs",
3c26ff6e 3707 .mount = shmem_mount,
1da177e4 3708 .kill_sb = kill_litter_super,
2b8576cb 3709 .fs_flags = FS_USERNS_MOUNT,
1da177e4 3710};
1da177e4 3711
41ffe5d5 3712int __init shmem_init(void)
1da177e4
LT		 3713{
3714 int error;
3715
16203a7a
RL		 3716 /* If rootfs called this, don't re-init */
3717 if (shmem_inode_cachep)
3718 return 0;
3719
41ffe5d5 3720 error = shmem_init_inodecache();
1da177e4
LT		 3721 if (error)
3722 goto out3;
3723
41ffe5d5 3724 error = register_filesystem(&shmem_fs_type);
1da177e4 3725 if (error) {
1170532b 3726 pr_err("Could not register tmpfs\n");
1da177e4
LT		 3727 goto out2;
3728 }
95dc112a 3729
ca4e0519 3730 shm_mnt = kern_mount(&shmem_fs_type);
1da177e4
LT		 3731 if (IS_ERR(shm_mnt)) {
3732 error = PTR_ERR(shm_mnt);
1170532b 3733 pr_err("Could not kern_mount tmpfs\n");
1da177e4
LT		 3734 goto out1;
3735 }
5a6e75f8
KS		 3736
3737#ifdef CONFIG_TRANSPARENT_HUGEPAGE
3738 if (has_transparent_hugepage() && shmem_huge < SHMEM_HUGE_DENY)
3739 SHMEM_SB(shm_mnt->mnt_sb)->huge = shmem_huge;
3740 else
3741 shmem_huge = 0; /* just in case it was patched */
3742#endif
1da177e4
LT		 3743 return 0;
3744
3745out1:
41ffe5d5 3746 unregister_filesystem(&shmem_fs_type);
1da177e4 3747out2:
41ffe5d5 3748 shmem_destroy_inodecache();
1da177e4
LT		 3749out3:
3750 shm_mnt = ERR_PTR(error);
3751 return error;
3752}
853ac43a 3753
5a6e75f8
KS		 3754#if defined(CONFIG_TRANSPARENT_HUGEPAGE) && defined(CONFIG_SYSFS)
3755static ssize_t shmem_enabled_show(struct kobject *kobj,
3756 struct kobj_attribute *attr, char *buf)
3757{
3758 int values[] = {
3759 SHMEM_HUGE_ALWAYS,
3760 SHMEM_HUGE_WITHIN_SIZE,
3761 SHMEM_HUGE_ADVISE,
3762 SHMEM_HUGE_NEVER,
3763 SHMEM_HUGE_DENY,
3764 SHMEM_HUGE_FORCE,
3765 };
3766 int i, count;
3767
3768 for (i = 0, count = 0; i < ARRAY_SIZE(values); i++) {
3769 const char *fmt = shmem_huge == values[i] ? "[%s] " : "%s ";
3770
3771 count += sprintf(buf + count, fmt,
3772 shmem_format_huge(values[i]));
3773 }
3774 buf[count - 1] = '\n';
3775 return count;
3776}
3777
3778static ssize_t shmem_enabled_store(struct kobject *kobj,
3779 struct kobj_attribute *attr, const char *buf, size_t count)
3780{
3781 char tmp[16];
3782 int huge;
3783
3784 if (count + 1 > sizeof(tmp))
3785 return -EINVAL;
3786 memcpy(tmp, buf, count);
3787 tmp[count] = '\0';
3788 if (count && tmp[count - 1] == '\n')
3789 tmp[count - 1] = '\0';
3790
3791 huge = shmem_parse_huge(tmp);
3792 if (huge == -EINVAL)
3793 return -EINVAL;
3794 if (!has_transparent_hugepage() &&
3795 huge != SHMEM_HUGE_NEVER && huge != SHMEM_HUGE_DENY)
3796 return -EINVAL;
3797
3798 shmem_huge = huge;
3799 if (shmem_huge < SHMEM_HUGE_DENY)
3800 SHMEM_SB(shm_mnt->mnt_sb)->huge = shmem_huge;
3801 return count;
3802}
3803
3804struct kobj_attribute shmem_enabled_attr =
3805 __ATTR(shmem_enabled, 0644, shmem_enabled_show, shmem_enabled_store);
3806#endif /* CONFIG_TRANSPARENT_HUGEPAGE && CONFIG_SYSFS */
3807
853ac43a
MM		 3808#else /* !CONFIG_SHMEM */
3809
3810/*
3811 * tiny-shmem: simple shmemfs and tmpfs using ramfs code
3812 *
3813 * This is intended for small system where the benefits of the full
3814 * shmem code (swap-backed and resource-limited) are outweighed by
3815 * their complexity. On systems without swap this code should be
3816 * effectively equivalent, but much lighter weight.
3817 */
3818
41ffe5d5 3819static struct file_system_type shmem_fs_type = {
853ac43a 3820 .name = "tmpfs",
3c26ff6e 3821 .mount = ramfs_mount,
853ac43a 3822 .kill_sb = kill_litter_super,
2b8576cb 3823 .fs_flags = FS_USERNS_MOUNT,
853ac43a
MM		 3824};
3825
41ffe5d5 3826int __init shmem_init(void)
853ac43a 3827{
41ffe5d5 3828 BUG_ON(register_filesystem(&shmem_fs_type) != 0);
853ac43a 3829
41ffe5d5 3830 shm_mnt = kern_mount(&shmem_fs_type);
853ac43a
MM		 3831 BUG_ON(IS_ERR(shm_mnt));
3832
3833 return 0;
3834}
3835
41ffe5d5 3836int shmem_unuse(swp_entry_t swap, struct page *page)
853ac43a
MM		 3837{
3838 return 0;
3839}
3840
3f96b79a
HD		 3841int shmem_lock(struct file *file, int lock, struct user_struct *user)
3842{
3843 return 0;
3844}
3845
24513264
HD		 3846void shmem_unlock_mapping(struct address_space *mapping)
3847{
3848}
3849
c01d5b30
HD		 3850#ifdef CONFIG_MMU
3851unsigned long shmem_get_unmapped_area(struct file *file,
3852 unsigned long addr, unsigned long len,
3853 unsigned long pgoff, unsigned long flags)
3854{
3855 return current->mm->get_unmapped_area(file, addr, len, pgoff, flags);
3856}
3857#endif
3858
41ffe5d5 3859void shmem_truncate_range(struct inode *inode, loff_t lstart, loff_t lend)
94c1e62d 3860{
41ffe5d5 3861 truncate_inode_pages_range(inode->i_mapping, lstart, lend);
94c1e62d
HD		 3862}
3863EXPORT_SYMBOL_GPL(shmem_truncate_range);
3864
0b0a0806
HD		 3865#define shmem_vm_ops generic_file_vm_ops
3866#define shmem_file_operations ramfs_file_operations
454abafe 3867#define shmem_get_inode(sb, dir, mode, dev, flags) ramfs_get_inode(sb, dir, mode, dev)
0b0a0806
HD		 3868#define shmem_acct_size(flags, size) 0
3869#define shmem_unacct_size(flags, size) do {} while (0)
853ac43a
MM		 3870
3871#endif /* CONFIG_SHMEM */
3872
3873/* common code */
1da177e4 3874
3451538a 3875static struct dentry_operations anon_ops = {
118b2302 3876 .d_dname = simple_dname
3451538a
AV		 3877};
3878
c7277090
EP		 3879static struct file *__shmem_file_setup(const char *name, loff_t size,
3880 unsigned long flags, unsigned int i_flags)
1da177e4 3881{
6b4d0b27 3882 struct file *res;
1da177e4 3883 struct inode *inode;
2c48b9c4 3884 struct path path;
3451538a 3885 struct super_block *sb;
1da177e4
LT		 3886 struct qstr this;
3887
3888 if (IS_ERR(shm_mnt))
6b4d0b27 3889 return ERR_CAST(shm_mnt);
1da177e4 3890
285b2c4f 3891 if (size < 0 || size > MAX_LFS_FILESIZE)
1da177e4
LT		 3892 return ERR_PTR(-EINVAL);
3893
3894 if (shmem_acct_size(flags, size))
3895 return ERR_PTR(-ENOMEM);
3896
6b4d0b27 3897 res = ERR_PTR(-ENOMEM);
1da177e4
LT		 3898 this.name = name;
3899 this.len = strlen(name);
3900 this.hash = 0; /* will go */
3451538a 3901 sb = shm_mnt->mnt_sb;
66ee4b88 3902 path.mnt = mntget(shm_mnt);
3451538a 3903 path.dentry = d_alloc_pseudo(sb, &this);
2c48b9c4 3904 if (!path.dentry)
1da177e4 3905 goto put_memory;
3451538a 3906 d_set_d_op(path.dentry, &anon_ops);
1da177e4 3907
6b4d0b27 3908 res = ERR_PTR(-ENOSPC);
3451538a 3909 inode = shmem_get_inode(sb, NULL, S_IFREG | S_IRWXUGO, 0, flags);
1da177e4 3910 if (!inode)
66ee4b88 3911 goto put_memory;
1da177e4 3912
c7277090 3913 inode->i_flags |= i_flags;
2c48b9c4 3914 d_instantiate(path.dentry, inode);
1da177e4 3915 inode->i_size = size;
6d6b77f1 3916 clear_nlink(inode); /* It is unlinked */
26567cdb
AV		 3917 res = ERR_PTR(ramfs_nommu_expand_for_mapping(inode, size));
3918 if (IS_ERR(res))
66ee4b88 3919 goto put_path;
4b42af81 3920
6b4d0b27 3921 res = alloc_file(&path, FMODE_WRITE | FMODE_READ,
4b42af81 3922 &shmem_file_operations);
6b4d0b27 3923 if (IS_ERR(res))
66ee4b88 3924 goto put_path;
4b42af81 3925
6b4d0b27 3926 return res;
1da177e4 3927
1da177e4
LT		 3928put_memory:
3929 shmem_unacct_size(flags, size);
66ee4b88
KK		 3930put_path:
3931 path_put(&path);
6b4d0b27 3932 return res;
1da177e4 3933}
c7277090
EP		 3934
3935/**
3936 * shmem_kernel_file_setup - get an unlinked file living in tmpfs which must be
3937 * kernel internal. There will be NO LSM permission checks against the
3938 * underlying inode. So users of this interface must do LSM checks at a
e1832f29
SS		 3939 * higher layer. The users are the big_key and shm implementations. LSM
3940 * checks are provided at the key or shm level rather than the inode.
c7277090
EP		 3941 * @name: name for dentry (to be seen in /proc/<pid>/maps
3942 * @size: size to be set for the file
3943 * @flags: VM_NORESERVE suppresses pre-accounting of the entire object size
3944 */
3945struct file *shmem_kernel_file_setup(const char *name, loff_t size, unsigned long flags)
3946{
3947 return __shmem_file_setup(name, size, flags, S_PRIVATE);
3948}
3949
3950/**
3951 * shmem_file_setup - get an unlinked file living in tmpfs
3952 * @name: name for dentry (to be seen in /proc/<pid>/maps
3953 * @size: size to be set for the file
3954 * @flags: VM_NORESERVE suppresses pre-accounting of the entire object size
3955 */
3956struct file *shmem_file_setup(const char *name, loff_t size, unsigned long flags)
3957{
3958 return __shmem_file_setup(name, size, flags, 0);
3959}
395e0ddc 3960EXPORT_SYMBOL_GPL(shmem_file_setup);
1da177e4 3961
46711810 3962/**
1da177e4 3963 * shmem_zero_setup - setup a shared anonymous mapping
1da177e4
LT		 3964 * @vma: the vma to be mmapped is prepared by do_mmap_pgoff
3965 */
3966int shmem_zero_setup(struct vm_area_struct *vma)
3967{
3968 struct file *file;
3969 loff_t size = vma->vm_end - vma->vm_start;
3970
66fc1303
HD		 3971 /*
3972 * Cloning a new file under mmap_sem leads to a lock ordering conflict
3973 * between XFS directory reading and selinux: since this file is only
3974 * accessible to the user through its mapping, use S_PRIVATE flag to
3975 * bypass file security, in the same way as shmem_kernel_file_setup().
3976 */
3977 file = __shmem_file_setup("dev/zero", size, vma->vm_flags, S_PRIVATE);
1da177e4
LT		 3978 if (IS_ERR(file))
3979 return PTR_ERR(file);
3980
3981 if (vma->vm_file)
3982 fput(vma->vm_file);
3983 vma->vm_file = file;
3984 vma->vm_ops = &shmem_vm_ops;
3985 return 0;
3986}
d9d90e5e
HD		 3987
3988/**
3989 * shmem_read_mapping_page_gfp - read into page cache, using specified page allocation flags.
3990 * @mapping: the page's address_space
3991 * @index: the page index
3992 * @gfp: the page allocator flags to use if allocating
3993 *
3994 * This behaves as a tmpfs "read_cache_page_gfp(mapping, index, gfp)",
3995 * with any new page allocations done using the specified allocation flags.
3996 * But read_cache_page_gfp() uses the ->readpage() method: which does not
3997 * suit tmpfs, since it may have pages in swapcache, and needs to find those
3998 * for itself; although drivers/gpu/drm i915 and ttm rely upon this support.
3999 *
68da9f05
HD		 4000 * i915_gem_object_get_pages_gtt() mixes __GFP_NORETRY | __GFP_NOWARN in
4001 * with the mapping_gfp_mask(), to avoid OOMing the machine unnecessarily.
d9d90e5e
HD		 4002 */
4003struct page *shmem_read_mapping_page_gfp(struct address_space *mapping,
4004 pgoff_t index, gfp_t gfp)
4005{
68da9f05
HD		 4006#ifdef CONFIG_SHMEM
4007 struct inode *inode = mapping->host;
9276aad6 4008 struct page *page;
68da9f05
HD		 4009 int error;
4010
4011 BUG_ON(mapping->a_ops != &shmem_aops);
9e18eb29
ALC		 4012 error = shmem_getpage_gfp(inode, index, &page, SGP_CACHE,
4013 gfp, NULL, NULL);
68da9f05
HD		 4014 if (error)
4015 page = ERR_PTR(error);
4016 else
4017 unlock_page(page);
4018 return page;
4019#else
4020 /*
4021 * The tiny !SHMEM case uses ramfs without swap
4022 */
d9d90e5e 4023 return read_cache_page_gfp(mapping, index, gfp);
68da9f05 4024#endif
d9d90e5e
HD		 4025}
4026EXPORT_SYMBOL_GPL(shmem_read_mapping_page_gfp);
ubuntu-zesty-kernel mirror